Microcode update. Intel has released microcode updates for multiple generations of CPUs. Complete configuration of my computer
Hello dear friends, Artyom is with you.
Back in January of this year, there were reports of new hardware vulnerabilities in Intel and AMD processors.
Not so long ago there were microcode updates for Intel processors (revision 84), and I decided to check how things are in practice.
Although the information has long been known to everyone, I will still tell you a short background story.
The hardware vulnerabilities of the processors were named Meltdown and Specter, and they were identified by researchers from the Google Project Zero group.
Specter has two attack options, codenamed CVE-2017-5753 and CVE-2017-5715.
Meltdown has one attack variant, codenamed CVE-2017-5754.
P. S. CVE is short for English " Common Vulnerabilities and Exposures»- a database of well-known information security vulnerabilities.
Seeing these designations for patch descriptions, you will immediately understand what's what and why.
Moreover, it is easiest in practice to operate precisely Meltdown, which all modern Intel processors are exposed to.
In order to get rid of Meltdown, you need to update the processor microcode or patch the operating system kernel.
Specter, on the other hand, is more difficult to implement, but fixing a vulnerability requires patching each program you use separately.
Chips from AMD are less susceptible to vulnerabilities like Meltdown (although it was initially stated that they were not affected at all).
This type of malicious code works extremely slowly on them, but it still works.
Both AMD and Intel processors are vulnerable to Specter-type vulnerabilities, there are no options here.
Processors with ARM architecture are also susceptible to the same vulnerabilities, but now we will only talk about computers with processors of the x86-64 family.
P. S. Security research never stops and more could always appear, including in AMD and Intel processors.
Important note! While the video was in the editing and the clock material was being written to the site, new studies appeared in the field of processor security.
New variants of the Specter vulnerability were identified, which were codenamed CVE-2018-3640 (the so-called attack variant 3a) and CVE-2018-3639 (attack variant 4).
Let me remind you that Specter is fixed by updating the software used, such as browsers and so on.
However, the latest attack option CVE-2018-3639 will also need to update the processor microcode on Intel chips, which may slightly reduce performance.
AMD argues that the company's chips will not need new microcode from these attacks, and everything will get by with the usual patches of Windows and other software.
These vulnerabilities are of low priority for common home computers.
Since there are no new updates yet, I will focus on the original theme of my video.
We will talk about the microcode of Intel processors, but the microcode is still different and does not fix the Specter 4 attack variant.
If you are using operating systems of the Windows family, then these links will be useful to you:
Here you can find all the current patches (and their names) that fix the vulnerabilities of this group.
For example, the very first patch for Windows 10 was released on January 3, 2018 under the name KB4056892.
However, there was an issue where the Meltdown software patches were degrading the performance of Intel-based systems.
Somehow I didn't have free time to do my little tests.
However, now with the release of new versions of firmware for motherboards, I wondered how things are in this area.
I am using ASRock Z370 Gaming K6 motherboard and accordingly refer to the official website of the manufacturer to download the latest BIOS.
The updated microcode for Intel processors appeared in BIOS version 1.60, which was released on March 2, 2018.
I will install an even more recent BIOS version 1.80, which was released on March 26, 2018.
To begin with, I'm interested in testing the fixes for the processor microcode without additional software patches.
The operating system is Windows 10 version 16299.371 without additional installed patches for hardware vulnerabilities Meltdown and Specter.
P. S. All conclusions drawn will concern only new Intel processors, because new BIOS versions are unlikely to appear for old motherboards.
If you are interested, you can do tests with software patches on older Intel processors.
Complete configuration of my computer:
CPU: Intel Core i5 8600K.
Cooler processor: Arctic Cooling Liquid Freezer 240.
Maternal pay: ASRock Fatal1ty Z370 Gaming K6.
Operational memory: GoodRam Iridium DDR4 2400 MHz (2 × 8 GB IR-2400D464L15S / 8G).
Video card: Asus Dual GTX 1060 6GB (DUAL-GTX1060-O6G).
Storage devices: Sata-3 SSD Plextor M5S and Sata-3 HDD Seagate 1 TB (ST1000DM003).
Frame: Fractal Design Define R5.
Block nutrition: Fractal Design Edison M 750 Watt.
The first test is the performance of the caches of the central processor and RAM inAida 64 Cache & Memory Benchmark.
As you can see, there are no significant differences in the operation of the RAM subsystem and processor caches.
The next test will concern the operation of the disk subsystem.
Unfortunately, I do not have a high-speed M.2 SSD, so I will be testing my Plextor M5S on a regular SATA-3.
As a result, the ATTO Disk Benchmark gives almost identical results.
The same applies to the results in the CrystalDiskMark 5.2.1 test.
CrystalDiskMark benchmark and new Intel processor microcode. Specter and Meltdown
At least for SATA-3, performance drops during read and write operations are not observed.
The next test is 7zip, which will show the performance when packing and unpacking archives.
The picture is still the same here, there is no difference in performance when installing a new patched BIOS.
Since I create content, I could not leave aside the editing of video clips.
I use Vegas Pro 13 as an editing program and regardless of the BIOS version used, the render time has not changed.
The video sources have a resolution of 1080p, a bit rate of 50 Megabits / s and a frequency of 50 frames per second.
Sony AVC / MVC with a bitrate of 16 Megabits / s was chosen as a profile for rendering, all other profile settings you can see on your screens.
Now let's talk a little about games.
The tests involved those projects that were installed on my computer at a given time (Assassin's Creed Origins, FarCry 4 and Crysis 3).
All frame rates were captured using MSI Afterburner 4.4.2.
In general, the results do not need commentary.
Performance tests in Assassin's Creed Origins games. Specter and Meltdown
If you use the new version of the processor microcode after revision 84, then the difference in performance cannot be noticed - everything works just as fast and smart.
The only interesting thing would be to look at the work of M.2 SSD drives with NVMe interface.
Perhaps in the future I will carry out more tests with software patches for Windows 10 and with the corrected CPU microcode installed at the same time.
I hope you were interested. If so, then share my note on social networks with your friends.
Thus, there will be much more such notes :)
Also, do not forget to join the Vkontakte group and subscribe to the YouTube channel.
If the chipset and the LGA 775 motherboard can theoretically support the XEON 771, but the native BIOS does not support it, and the modified BIOS does not, then you can modify the BIOS yourself.
IMPORTANT
1. All changes in the BIOS firmware (.ROM file usually) you make at your own peril and risk. In case of an error, a guaranteed "brick" is obtained from the motherboard
2. The file size of the original firmware and the modified version must match up to a byte.
3. Firmware of the modified BIOS file back into the microcircuit is performed only using a proprietary utility from the motherboard developer (you must download it from the manufacturer's website).
4. Top motherboards in the BIOS itself have a built-in firmware update module (for example, EZ Flash 2 utility for ASUS P5Q in the Tools section) - the best option.
How to do it better:
1. Still looking for a ready-made version with XEON support on the Internet?
2. Download the latest firmware from the official website and add microcodes?
As you can see, the second option is safer, in any case you download the original firmware from the motherboard manufacturer's website, i.e. the latest version and the absence of errors are guaranteed (more precisely, the correction of all previously found errors). When downloading a ready-made version from third-party resources (for obvious reasons, it will not be on the original site) - you can get a crooked version and kill the BIOS.
Preliminary, you can evaluate the presence of XEON microcodes in the BIOS firmware.
- get the current AMI BIOS image via Universal BIOS Backup ToolKit 2.0
- look at the contents of the received ROM file through AMIBCP V 3.37
BIOS option AMI (American Megatrends Inc).
1. Download the latest version BIOS from the website of your motherboard manufacturer
3. Download microcodes for XEON 771 processors: lga771_microcodes
4. Find out the CPUID of your processor using AIDA64 or a similar program (it looks like cpu0001067Ah). If BIOS will be sewn up before installing the processor, then we skip this item.
5. Unpack the archives MMTool and lga771_microcodes and leave from files with the extension .bin only those files beginning with the same CPUID of your computer (for example, cpu0001067a_plat00000044_ver00000a0b_date20100928.bin)
If we don't know what code, then we sew everything up.
A. Launch MMTool... Press the button (1) Load ROM and load the latest BIOS for your motherboard into the program. If you have the newest BIOS, then you can also merge the BIOS backup utility from the PC and edit it.
B. Go to the tab (2) CPU Patch, then with the button (3) Browse, open the file .bin corresponding to your CPUID.
C. Leave the default in options "Insert a Patch data" and press the button (4) Apply.
After updating with modified bios you need to do a factory reset via the reset button or jumpers, if the motherboard supports such a reset, or by pulling out the BIOS battery for a couple of minutes. Further, the processor is already correctly perceived by the computer and works as it should.
Basic Input Output System - basic input-output system, abbreviated as BIOS. A small microcircuit on the motherboard that gets control first when the PC is turned on. Provided: basic PC settings check PC components at startup ...
It's no secret that the processor is a microprogrammed automaton. And any of its instructions is a set of microinstructions that are flashed into the ROM of the processor during its manufacture. Microcode errors and design errors (errata) can cause the processor to deviate from specifications and cause erratic performance. When a processor is released, its specification and a list of detected erratas are usually published.
All Intel P6 processors, including the Pentium Pro, Pentium II & III, Celeron, Pentium II & III Xeon and Pentium II Overdrive families, have the remarkable feature of "reprogrammable microcode". These processors have the ability to change the microcode, i.e. it is possible to correct errors in the software and circuitry implementation of specific processors of the P6 family and some built-in errors almost at the hardware level. Errors can appear at the design stage of processors, and they are corrected precisely by changing the microcode. Each of the subfamilies (PII, Celeron, PPro, Xeon) has a specification. Each time a new processor stepping is released (within it, all devices are identical within the scope of technological deviations), Intel publishes a specification update for it, which indicates the detected and corrected errata (deviation from the specification).
These errors can, in principle, complicate the life of the software that runs on these "defective" processors (and the user ;-)).
Of course, it all depends on the specific mistakes. To get rid of such horrors, a change in the microcode of the processor is required, as a result of which the error can be completely eliminated or the consequences of its presence can simply be mitigated.
By the way, BIOS support for newly released processors is determined, in particular, by the presence of the corresponding firmware. For example, when the first Celeron appeared, it was the absence of the corresponding microcode version that prevented the system from starting correctly with this processor.
The microcode updates themselves are 2-kilobyte blocks of data that are flashed into the system BIOS. There is such a block for each stepping of a processor from the P6 family. Intel supplies the latest microcode to leading BIOS manufacturers. The database with updates is replenished and changed when new models and microcode versions appear. Intel recommends performing a firmware update using its utility when installing a new processor on the motherboard or flashing flash memory to ensure that the BIOS contains the most recent microcode version. This program detects the processor used (using CPUID) and looks for the corresponding update in its database. If a fresh version of the microcode is found, the utility locally reflashes the code in the BIOS without affecting other areas. That. there is no need to reprogram the entire flash to support the new CPU, as it was before. Intel periodically posts database updates on its website.
The latest database available to us has revision 5.01 and contains the following microcode versions:
| Processor | Processor Stepping | Microcode Update Rev |
|---|---|---|
| Pentium III Processor | 0x672 | 0x04 |
| Pentium III Processor | 0x673 | 0x02 |
| Pentium III Xeon Processor | 0x672 | 0x21 |
| Pentium III Xeon Processor | 0x673 | 0x22 |
| Pentium II Processor | 0x633 | 0x34 |
| Pentium II Processor | 0x634 | 0x35 |
| Pentium II Processor | 0x650 | 0x32 |
| Pentium II Processor | 0x651 | 0x30 |
| Pentium II Processor | 0x652 | 0x14 |
| Pentium II Processor | 0x653 | 0x01 |
| Pentium II Xeon Processor | 0x652 | 0x29 |
| Pentium II Xeon Processor | 0x653 | 0x04 |
| Intel Celeron Processor | 0x650 | 0x32 |
| Intel Celeron Processor | 0x651 | 0x30 |
| Intel Celeron Processor | 0x660 | 0x09 |
| Intel Celeron Processor | 0x665 | 0x02 |
| Pentium II OverDrive Processor | x1632 | 0x02 |
| Pentium Pro Processor | 0x612 | 0xC6 |
| Pentium Pro Processor | 0x616 | 0xC6 |
| Pentium Pro Processor | 0x617 | 0xC6 |
| Pentium Pro Processor | 0x619 | 0xD2 |
You can download the latest version of the microcode fixing utility directly from here: pupdt501.exe (115 Kb)
The old database (PEP15.PDB) can be downloaded from here: pupdt461.exe (111 Kb)
After the utility has finished working, you must turn off the computer power. The update is downloaded to the processor during POST on every system startup. Naturally, for the utility to work, it is necessary to enable overwriting of the flash memory with a jumper or in BIOS Setup. The program must be run from under the "bare" DOS.
However, this ideal option requires the BIOS to support a special processor microcode update API that allows the update utility to load new microcode using the BIOS. If the system BIOS used does not support the API, the user has no choice but to get the new version from the motherboard manufacturer. However, it happens that finding it is not so easy, if not impossible. you want to install a new CPU in your system.
In this case, the utility can nevertheless download the fixes of technical errors directly to the processor. In this case, the utility starts loading the operating system immediately after updating the microcode. However, the microcode update will be lost during a soft or hard reboot of the system.
The question arises, what is the risk of self-updating the firmware? Well, first of all, you first need to make sure that you really need it. If the firmware version is old, and the motherboard manufacturer does not offer new BIOS versions, but, most importantly, you are faced with the unstable operation of some application, and you hope that changing the processor microcode will help you. Only in this case it makes sense to change the firmware yourself. And as for what it is fraught with - in my opinion, nothing dangerous. First, do not forget that loading a microcode update into the processor has been used in all BIOSes on P6 motherboards for a long time (many have seen the mysterious Microcode Update: Enable / Disable option in Setup). And nothing! Everything is working.
This once again emphasizes the need for its use. Who knows how things would have been without this update! The only difference is that earlier the microcode was updated with the installation of a new version of the flash, but now you can reprogram not the entire BIOS content, but only a limited piece.
My personal experience with this program so far was limited to 7 cases, of which I managed to update the microcode on only one motherboard (Abit LX6 with PII 233). In other cases, the BIOS already contained updated microcode versions. Also failed to come across a BIOS that does not support microcode update.
As for the similar possibility of updating the microcode in processors from other manufacturers (AMD, Cyrix), I could not find any information on this issue. But I'm pretty sure these CPUs have a similar microcode change capability.
Purchased at Aliexpress for Intel DG965SS motherboard (with LGA775 socket). You can, of course, remake LGA771 into LGA775 yourself, but at a price of $ 6.5 per processor, it is much easier to take it and the Chinese.
When using Intel Xeon 5320, the Windows 10 operating system worked only when the "Core multiplexing" mode was turned off in the BIOS (in contrast to the perfectly working Ubuntu 17.10). At the same time, the processor worked only in single-threaded mode, so, according to the CPU-Z test, the performance in multi-threaded mode was 2 times lower than that of Intel Core 2 duo E6300, for which the Xeon was bought to replace.
It turned out that the processor microcodes needed to be updated. You can do this in program mode, and in Ubuntu the operation is easier on the head than in Windows 10. And in the latter, you need to make sure that the microcodes are updated with each boot. It is also possible to update microcodes in BIOS, at least in some BIOS from AWARD, AMI, Phoenix, especially in versions up to UEFI.
There are much less instructions for Intel motherboards. And not surprising. The Intel DG965SS had a lot of tinkering with.
Before updating the microcode, you need to install the processor that we want to support. If you need to install another processor, then the procedure will have to be repeated.
Some instructions suggest creating a bootable floppy disk. not all computers allow booting into flash drives. I made a bootable USB stick with FreeDOS using the free open source application Rufus (to do this, check the "Create a bootable disk using" checkbox and select "FreeDOS" from the list).
