Hi,
I use the latest Almalinux 10.1 on x86_64 on a system with Intel(R) Xeon(R) CPU E3-1275 v5 CPU.
Unfortunately, the CPU seems to be vulnerable to GDS/Downfall as dmesg shows: [ 0.094533] GDS: Vulnerable: No microcode
The package “microcode_ctl” is installed. The directory /lib/firmware/intel-ucode exists but is empty.
Nevertheless, it seems to update the microcode to some revision any way:
[ 0.547374] microcode: Current revision: 0x000000f0
[ 0.547469] microcode: Updated early from: 0x000000d6
But this seems to be not new enough to mitigate GDS.
Therefore I downloaded the latest Intel MCU files from Intel’s Github repository Intel-Linux-Processor-Microcode-Data-Files/intel-ucode at main · intel/Intel-Linux-Processor-Microcode-Data-Files · GitHub and installed the xx-xx-xx binary files into the previously empty /lib/firmware/intel-ucode directory. I ran dracut -f and reboot but the system seems to ignore my new microcodes. It seems the initramfs contains a packaged .bin file with microcode. But how do I update that??
My CPU “ID” for the microcode seems to be 06-5e-03.
According to Intel’s docs there seems to be a mitigation through “MCU”: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html#tab-blade-1-1 - Search for the table line 506E3 and look into the column INTEL-SA-00828.
Is there a way to make Almalinux use the newest microcode files downloaded from Intel’s Github repository?
I hope that firmware contains the fixes for my CPU.
Thank you for any advice!
Sebastian