Differences between revisions 16 and 17
Revision 16 as of 2017-06-22 13:04:36
Size: 6992
Editor: ?Hmh
Comment: TOC: show levels 3 and 4 as well.
Revision 17 as of 2017-06-22 13:06:54
Size: 7160
Editor: ?Hmh
Comment: minor editions to the update/install instructions for clarity
Deletions are marked like this. Additions are marked like this.
Line 40: Line 40:
Enable ''contrib'' and ''non-free'' in ''/etc/apt/sources.list'' if they're not already enabled, for example: To install the microcode update packages from the latest point-release, enable ''contrib'' and ''non-free'' in ''/etc/apt/sources.list'' if they're not already enabled, for example:
Line 50: Line 50:
To enable and use ''jessie-backports-sloppy'', consult the official [[http://backports.debian.org/Instructions/|backports repository instructions]]. To enable and use ''jessie-backports'' or ''jessie-backports-sloppy'', consult the official [[http://backports.debian.org/Instructions/|backports repository instructions]].
Line 56: Line 56:
Enable ''contrib'' and ''non-free'' in ''/etc/apt/sources.list'' if they're not already enabled, for example: To install the microcode update packages from the latest point-release, enable ''contrib'' and ''non-free'' in ''/etc/apt/sources.list'' if they're not already enabled, for example:

Translation(s): English - Français


CPU Microcode

Processor microcode is akin to processor firmware. The kernel is able to update the processor's firmware without the need to update it via a BIOS update.

Processors from Intel and AMD may need updates to their microcode to operate correctly. These updates fix bugs/errata that can cause anything from incorrect processing, to code and data corruption, and system lockups.

It is very difficult to know for sure whether you need a microcode update or not, but it is not safe at all to just ignore them. You might not notice their effect and have precious data silently corrupted, or an important program silently misbehave. Or you could experience one of those unexplainable and infrequent software issues (such as kernel oops, application segfaults) or hardware issues (including sudden reboots and hangs).

Releases of new microcode updates are more frequent on young processors, but the release of new microcode updates for older processors do happen.

The BIOS (or UEFI) updates the CPU microcode during boot, however most of the time either the motherboard vendor won't issue frequent BIOS/UEFI updates, or the user won't install such updates. For these reasons, the system processor is likely to be running with outdated microcode on a vast number of systems.

Updating CPU microcode within Debian (Intel or AMD)

Before you install the microcode update packages in a computer for the first time, it is recommended that you check your system's vendor support site for BIOS/UEFI updates for your system and apply those. By ensuring the computer's BIOS/UEFI is up-to-date, you will reduce the chances of problems with the microcode update (which are very low, but not zero) and also fix other firmware bugs unrelated to microcode.

Please install the amd64-microcode package (for systems with AMD AMD64 processors), or the intel-microcode package (for systems with Intel processors). You will have to enable both contrib and non-free in /etc/apt/sources.list.

Microcode updates are only applied at boot, so you have to reboot to activate them. You will have to keep the packages installed as explained above: the microcode updates have to be reapplied at every boot.

Microcode update support for current and older Debian releases

Debian 7 "Wheezy" (oldoldstable)

Debian 7, codename "Wheezy", is no longer supported, and will no longer receive newer microcode updates barring exceptional circumstances.

Debian 8 "Jessie" (oldstable)

Debian 8, codename "Jessie", is supported, and will receive updates both through the jessie-backports-sloppy official backports repository (faster than point-releases), and through Debian oldstable point-releases.

  • /!\ Because of the very recent Debian Stable release, jessie-backports-sloppy does not exist yet. Up-to-date versions of the microcode packages are available in jessie-backports at this time, but we will switch to jessie-backports-sloppy in the future to shorten the package update delay. We apologise for the added confusion. /!\

To install the microcode update packages from the latest point-release, enable contrib and non-free in /etc/apt/sources.list if they're not already enabled, for example:

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free
deb  http://deb.debian.org/debian jessie main contrib non-free
deb-src  http://deb.debian.org/debian jessie main contrib non-free

After modifying /etc/apt/sources.list, update the package lists in your package manager, and install package amd64-microcode (AMD processors), or intel-microcode package (Intel processors).

To enable and use jessie-backports or jessie-backports-sloppy, consult the official backports repository instructions.

Debian 9 "Stretch" (stable)

Debian 9, codename "Stretch" is supported, and will receive updates both through the stretch-backports official backports repository (faster than point-releases), and through Debian stable point-releases.

To install the microcode update packages from the latest point-release, enable contrib and non-free in /etc/apt/sources.list if they're not already enabled, for example:

deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free
deb  http://deb.debian.org/debian stretch main contrib non-free
deb-src  http://deb.debian.org/debian stretch main contrib non-free

After modifying /etc/apt/sources.list, update the package lists in your package manager, and install package amd64-microcode (AMD processors), or intel-microcode package (Intel processors).

To enable and use stretch-backports, consult the official backports repository instructions.

Debian testing and Debian unstable

Ensure contrib and non-free are enabled in /etc/apt/sources.list, and install the packages.

Checking the microcode version of your CPU

You can check which version of the microcode your processors are running by looking for "microcode" lines on /proc/cpuinfo. This information is only available on recent kernels (such as the Debian 7 "Wheezy" kernel).

Working around boot problems caused by microcode updates

Very rarely, it is possible for a kernel or a microcode update bug to cause boot issues (hangs or resets at the very beginning of the boot process) on specific processor models.

For this reason, it is possible to pass a kernel command line parameter that skips the microcode update process entirely. The parameter to disable microcode loading is dis_ucode_ldr.

This dis_ucode_ldr parameter must be set in the boot loader, typically Grub2.

The full recovery procedure, including step-by-step instructions for Grub2, is described in the intel-microcode package's README.Debian file.

References