What does the Intel microcode update do?



Continuing the discussion from [Stable Update] 2018-01-12 - Kernels, Microcodes, Nvidia, Firefox, Boost, Cleanup:

The intel microcode has been updated, but,

  1. Aren’t the vulnerabilities not fixable at microcode level? Wasn’t this why the KPTI was released at all?

  2. Quoting from Intel,

    While the regular approach to getting this microcode update is via a BIOS update, Intel realizes that this can be an administrative hassle. The Linux* operating system has a mechanism to update the microcode after booting. For example, this file will be used by the operating system mechanism if the file is placed in the /etc/firmware directory of the Linux system

    I used to think that BIOS update was the only way to update microcodes. Can someone elaborate how this Linux trickery works? How does putting a file in /etc/firmware updates the microcode?


And to answer your title question: since it’s closed source, we don’t know what it does.


KPTI “fixes” Meltdown. This has now been “fixed”.

Microcode updates are needed to “fix” Spectre. This has been “fixed” for some but not all CPUs. More updates will arrive to “fix” the issue for more CPUs over the coming months.

The only way to properly/fully fix Spectre is to buy a CPU that doesn’t have the issue (with speculative execution), and they don’t exist yet.

The way to fully fix Meltdown is to buy a CPU that’s not vulnerable to it, so an AMD CPU or an Intel CPU that doesn’t exist yet.

Also, read the other threads.