• Stars
    star
    466
  • Rank 94,105 (Top 2 %)
  • Language
  • License
    Other
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Intel Processor Microcode Package for Linux

About

The Intel Processor Microcode Update (MCU) Package provides a mechanism to release updates for security advisories and functional issues, including errata. In addition, MCUs are responsible for starting the SGX enclave (on processors that support the SGX feature), implementing complex behaviors (such as assists), and more. The preferred method to apply MCUs is using the system BIOS. For a subset of Intel's processors, the MCU can also be updated at runtime using the operating system. The Intel Microcode Package shared here contains updates for those processors that support OS loading of MCUs.

Why update the microcode?

Updating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues that could, for example, result in unpredictable system behavior such as hangs, crashes, unexpected reboots, data errors, etc. To learn more about applying MCUs to an Intel processor, see Microcode Update Guidance.

Loading microcode updates

This package is provided for Linux distributors for inclusion in their OS releases. Intel recommends obtaining the latest MCUs using the OS vendor update mechanism. A good starting point is OS and Software Vendor. Expert users can update their microcode directly outside the OS vendor mechanism. However, this method is complex and could result in errors if performed incorrectly. Such errors could include but are not limited to system freezes, inability to boot, performance impacts, logical processors loading different updates, and some updates not taking effect. As a result, this method should be attempted by expert users only.

MCUs are best loaded from the BIOS. Certain MCUs must only be applied from the BIOS. Such MCUs are never packaged in this package since they are not appropriate for OS distribution. An OEM may receive microcode update packages that are a superset of what is contained in this package for inclusion in a BIOS.

OS vendors may choose to provide an MCU that the kernel can consume for early loading. For example, Linux can apply an MCU very early in the kernel boot sequence. In situations where a BIOS update isn't available, early loading is the next best alternative to updating processor microcode. Microcode states are reset on a power reset, hence its required that the MCU be loaded every time during boot process.

Recommendation

Using the initrd method to load an MCU is recommended as this method will load the MCU at the earliest time for the most coverage. Systems that cannot tolerate downtime may use the late-load method to update a running system without a reboot.

About Processor Signature, Family, Model, Stepping and Platform ID

The Processor Signature is a number identifying the model and version of an Intel processor. It can be obtained using the CPUID instruction, via the command lscpu, or from the content of /proc/cpuinfo. It's usually presented as 3 fields: Family, Model, and Stepping.

For example, if a processor returns a value of "0x000906eb" from the CPUID instruction:

Reserved Extended Family Extended Model Reserved Processor Type Family Code Model Number Stepping ID
31:28 27:20 19:16 15:14 13:12 11:8 7:4 3:0
xxxx 00000000b 1001b xx 00b 0110b 1110b 1011b

The corresponding Linux formatted file name will be "06-9e-0b", where:

  • Extended Family + Family = 0x06
  • Extended Model + Model Number = 0x9e
  • Stepping ID = 0xb

A processor may be implemented for multiple platform types. Intel processors have a 3bit Platform ID field in MSR(17H) that specifies the platform type for up to 8 types. An MCU file for a specified processor model may support multiple platforms. The Platform ID(s) supported by an MCU is an 8bit mask where each set bit indicates a platform type that the MCU supports. The Platform ID of a processor can be read in Linux using rdmsr from msr-tools.

Microcode update instructions

The intel-ucode directory contains binary MCU files named in the family-model-stepping format. This file format is supported by most modern Linux distributions. It's generally located in the /lib/firmware directory and can be updated through the microcode reload interface following the late-load update instructions below.

Early-load update

To update early loading initrd, consult your Linux distribution on how to package MCU files for early loading. Some distributions use update-initramfs or dracut. Use the OS vendors recommended method to help ensure that the MCU file is updated for early loading before attempting the late-load procedure below.

Late-load update

To update the intel-ucode package to the system:

  1. Ensure the existence of /sys/devices/system/cpu/microcode/reload
  2. Download the latest microcode firmware
    $ git clone https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git or
    $ wget https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip
  3. Copy intel-ucode directory to /lib/firmware, overwriting the files in /lib/firmware/intel-ucode/
  4. Write the reload interface to 1 to reload the microcode files, e.g.
    $ echo 1 > /sys/devices/system/cpu/microcode/reload
    Microcode updates will be applied automatically without rebooting the system.
  5. Update an existing initramfs so that next time it gets loaded via kernel:
    $ sudo update-initramfs -u
    $ sudo reboot
  6. Verify that the microcode was updated on boot or reloaded by echo command:
    $ dmesg | grep microcode or
    $ cat /proc/cpuinfo | grep microcode | sort | uniq

If you are using the OS vendor method to apply an MCU, the above steps may have been done automatically during the update process.

The intel-ucode-with-caveats directory contains MCUs that need special handling. The BDX-ML MCU is provided in this directory because it requires special commits in the Linux kernel otherwise updating it might result in unexpected system behavior. OS vendors must ensure that the late loader patches (provided in linux-kernel-patches) are included in the distribution before packaging the BDX-ML MCU for late-loading.

The linux-kernel-patches directory consists of kernel patches that address various issues related to applying MCUs.

Notes

  • You can only update to a higher MCU version (downgrade is not possible with the provided instructions)
  • To calculate Family-Model-Stepping, use Linux command:
    $ printf "%x\n" <number_to_convert_to_hex>
  • There are multiple ways to check the MCU version number BEFORE update. After cloning this Intel Microcode update repo , run the following:
    • $ iucode_tool -l intel-ucode | grep -wF sig (iucode_tool package is required)
    • $ od -t x4 <Family-Model-Stepping> will read the first 16 bytes of the microcode binary header specified in <Family-Model-Stepping>. The third block is the microcode version. For example: $ od -t x4 06-55-04
      0000000 00000001 *02000065* 09052019 00050654

License

See the license file for details.

Security Policy

See the security.md file for details.

Release Note

See the releasenote.md file for details.

Disclaimers

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com.

No product or component can be absolutely secure.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.

*Other names and brands may be claimed as the property of others.

More Repositories

1

hyperscan

High-performance regular expression matching library
C++
4,478
star
2

acat

Assistive Context-Aware Toolkit (ACAT)
C#
3,191
star
3

haxm

Intel® Hardware Accelerated Execution Manager (Intel® HAXM)
C
3,029
star
4

appframework

The definitive HTML5 mobile javascript framework
CSS
2,435
star
5

neural-compressor

SOTA low-bit LLM quantization (INT8/FP8/INT4/FP4/NF4) & sparsity; leading model compression techniques on TensorFlow, PyTorch, and ONNX Runtime
Python
2,182
star
6

intel-extension-for-transformers

⚡ Build your chatbot within minutes on your favorite device; offer SOTA compression techniques for LLMs; run LLMs efficiently on Intel Platforms⚡
Python
2,122
star
7

pcm

Intel® Performance Counter Monitor (Intel® PCM)
C++
2,083
star
8

intel-extension-for-pytorch

A Python package for extending the official PyTorch that can easily obtain performance on Intel platform
Python
1,203
star
9

linux-sgx

Intel SGX for Linux*
C++
1,180
star
10

scikit-learn-intelex

Intel(R) Extension for Scikit-learn is a seamless way to speed up your Scikit-learn application
Python
954
star
11

llvm

Intel staging area for llvm.org contribution. Home for Intel LLVM-based projects.
918
star
12

nemu

ARCHIVED: Modern Hypervisor for the Cloud. See https://github.com/cloud-hypervisor/cloud-hypervisor instead
C
915
star
13

compute-runtime

Intel® Graphics Compute Runtime for oneAPI Level Zero and OpenCL™ Driver
C++
912
star
14

caffe

This fork of BVLC/Caffe is dedicated to improving performance of this deep learning framework when running on CPU, in particular Intel® Xeon processors.
C++
850
star
15

isa-l

Intelligent Storage Acceleration Library
C
816
star
16

media-driver

C
783
star
17

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Python
721
star
18

intel-cmt-cat

User space software for Intel(R) Resource Director Technology
C
630
star
19

fastuidraw

C++
603
star
20

optimization-manual

Contains the source code examples described in the "Intel® 64 and IA-32 Architectures Optimization Reference Manual"
Assembly
602
star
21

libipt

libipt - an Intel(R) Processor Trace decoder library
C
594
star
22

libxcam

libXCam is a project for extended camera(not limited in camera) features and focus on image quality improvement and video analysis. There are lots features supported in image pre-processing, image post-processing and smart analysis. This library makes GPU/CPU/ISP working together to improve image quality. OpenCL is used to improve performance in different platforms.
C++
590
star
23

clDNN

Compute Library for Deep Neural Networks (clDNN)
C++
573
star
24

libva

Libva is an implementation for VA-API (Video Acceleration API)
C
558
star
25

intel-graphics-compiler

C++
503
star
26

wds

Wireless Display Software For Linux OS (WDS)
C++
496
star
27

thermal_daemon

Thermal daemon for IA
C++
485
star
28

x86-simd-sort

C++ header file library for high performance SIMD based sorting algorithms for primitive datatypes
C++
485
star
29

gvt-linux

C
463
star
30

kernel-fuzzer-for-xen-project

Kernel Fuzzer for Xen Project (KF/x) - Hypervisor-based fuzzing using Xen VM forking, VMI & AFL
C
441
star
31

tinycbor

Concise Binary Object Representation (CBOR) Library
C
432
star
32

openfl

An open framework for Federated Learning.
Python
427
star
33

cc-oci-runtime

OCI (Open Containers Initiative) compatible runtime for Intel® Architecture
C
415
star
34

tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.
C
373
star
35

compile-time-init-build

C++ library for composing modular firmware at compile-time.
C++
372
star
36

ARM_NEON_2_x86_SSE

The platform independent header allowing to compile any C/C++ code containing ARM NEON intrinsic functions for x86 target systems using SIMD up to SSE4 intrinsic functions
C
369
star
37

yarpgen

Yet Another Random Program Generator
C++
357
star
38

intel-device-plugins-for-kubernetes

Collection of Intel device plugins for Kubernetes
Go
356
star
39

QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist
C
356
star
40

linux-sgx-driver

Intel SGX Linux* Driver
C
334
star
41

safestringlib

C
328
star
42

xess

C
313
star
43

idlf

Intel® Deep Learning Framework
C++
311
star
44

ad-rss-lib

Library implementing the Responsibility Sensitive Safety model (RSS) for Autonomous Vehicles
C++
298
star
45

intel-vaapi-driver

VA-API user mode driver for Intel GEN Graphics family
C
289
star
46

ipp-crypto

C
269
star
47

rohd

The Rapid Open Hardware Development (ROHD) framework is a framework for describing and verifying hardware in the Dart programming language. ROHD enables you to build and traverse a graph of connectivity between module objects using unrestricted software.
Dart
256
star
48

opencl-intercept-layer

Intercept Layer for Debugging and Analyzing OpenCL Applications
C++
255
star
49

FSP

Intel(R) Firmware Support Package (FSP)
C
244
star
50

dffml

The easiest way to use Machine Learning. Mix and match underlying ML libraries and data set sources. Generate new datasets or modify existing ones with ease.
Python
244
star
51

userspace-cni-network-plugin

Go
242
star
52

intel-ipsec-mb

Intel(R) Multi-Buffer Crypto for IPSec
C
238
star
53

isa-l_crypto

Assembly
232
star
54

confidential-computing-zoo

Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
CMake
229
star
55

bmap-tools

BMAP Tools
Python
227
star
56

intel-extension-for-tensorflow

Intel® Extension for TensorFlow*
C++
226
star
57

ozone-wayland

Wayland implementation for Chromium Ozone classes
C++
214
star
58

intel-qs

High-performance simulator of quantum circuits
C++
202
star
59

SGXDataCenterAttestationPrimitives

C++
202
star
60

intel-sgx-ssl

Intel® Software Guard Extensions SSL
C
197
star
61

msr-tools

C
195
star
62

depth-camera-web-demo

JavaScript
194
star
63

rmd

Go
189
star
64

CPU-Manager-for-Kubernetes

Kubernetes Core Manager for NFV workloads
Python
187
star
65

asynch_mode_nginx

C
186
star
66

hexl

Intel®️ Homomorphic Encryption Acceleration Library accelerates modular arithmetic operations used in homomorphic encryption
C++
181
star
67

ros_object_analytics

C++
177
star
68

zephyr.js

JavaScript* Runtime for Zephyr* OS
C
176
star
69

generic-sensor-demos

HTML
175
star
70

ipmctl

C
172
star
71

sgx-ra-sample

C++
171
star
72

lmbench

C
171
star
73

cri-resource-manager

Kubernetes Container Runtime Interface proxy service with hardware resource aware workload placement policies
Go
170
star
74

platform-aware-scheduling

Enabling Kubernetes to make pod placement decisions with platform intelligence.
Go
165
star
75

virtual-storage-manager

Python
165
star
76

PerfSpect

System performance characterization tool based on linux perf
Python
164
star
77

he-transformer

nGraph-HE: Deep learning with Homomorphic Encryption (HE) through Intel nGraph
C++
163
star
78

systemc-compiler

This tool translates synthesizable SystemC code to synthesizable SystemVerilog.
C++
155
star
79

webml-polyfill

Deprecated, the Web Neural Network Polyfill project has been moved to https://github.com/webmachinelearning/webnn-polyfill
Python
153
star
80

pmem-csi

Persistent Memory Container Storage Interface Driver
Go
151
star
81

libyami

Yet Another Media Infrastructure. it is core part of media codec with hardware acceleration, it is yummy to your video experience on Linux like platform.
C++
148
star
82

ros_openvino_toolkit

C++
147
star
83

rib

Rapid Interface Builder (RIB) is a browser-based design tool for quickly prototyping and creating the user interface for web applications. Layout your UI by dropping widgets onto a canvas. Run the UI in an interactive "Preview mode". Export the generated HTML and Javascript. It's that simple!
JavaScript
147
star
84

ideep

Intel® Optimization for Chainer*, a Chainer module providing numpy like API and DNN acceleration using MKL-DNN.
C++
145
star
85

libva-utils

Libva-utils is a collection of tests for VA-API (VIdeo Acceleration API)
C
144
star
86

gmmlib

C++
141
star
87

numatop

NumaTOP is an observation tool for runtime memory locality characterization and analysis of processes and threads running on a NUMA system.
C
139
star
88

ros2_grasp_library

C++
138
star
89

XBB

C++
133
star
90

tdx-tools

Cloud Stack and Tools for Intel TDX (Trust Domain Extension)
C
131
star
91

ros2_intel_realsense

This project is deprecated and no more maintained. Please visit https://github.com/IntelRealSense/realsense-ros for ROS2 wrapper.
C++
131
star
92

linux-intel-lts

C
131
star
93

CeTune

Python
130
star
94

cm-compiler

C++
130
star
95

pti-gpu

Profiling Tools Interfaces for GPU (PTI for GPU) is a set of Getting Started Documentation and Tools Library to start performance analysis on Intel(R) Processor Graphics easily
C++
129
star
96

fMBT

Free Model Based tool
Python
129
star
97

zlib

C
128
star
98

ros_intel_movidius_ncs

C++
126
star
99

mpi-benchmarks

C
125
star
100

mOS

C
124
star