Differences between revisions 25 and 26
Revision 25 as of 2017-07-16 03:28:30
Size: 7775
Editor: ?Hmh
Comment: update jessie information
Revision 26 as of 2017-07-17 18:21:59
Size: 9587
Editor: ?Hmh
Comment: Explain more about backports and microcode updates.
Deletions are marked like this. Additions are marked like this.
Line 60: Line 60:
To enable and use ''jessie-backports-sloppy'', consult the official [[http://backports.debian.org/Instructions/|backports repository instructions]].
Line 86: Line 84:
To enable and use ''stretch-backports'', consult the official [[http://backports.debian.org/Instructions/|backports repository instructions]].
Line 91: Line 87:

Microcode packages are first uploaded to non-free ''unstable'', and after one or two weeks, if no issues are reported, are automatically migrated to non-free ''testing''.

=== Getting microcode updates sooner using Debian backports ===

[[DebianReleases/PointReleases|Stable point-releases]] and [[DebianReleases/PointReleases|oldstable point-releases]] are done every 2-4 months. This can be a long time to wait for a microcode update that would fix an issue that afflicts your particular system.

An alternative is possible: microcode update packages are first uploaded to non-free ''unstable'', and if no issues are reported, will eventually migrate into non-free ''testing''. [[http://backports.debian.org/|Backports]] of the packages in ''testing'' will then be uploaded to ''stable-backports'' (currently ''stretch-backports'') and to ''oldstable-backports-'''sloppy''' '' (currently ''jessie-backports-sloppy)''.

 /!\ Please note that the microcode packages' versioning is set up in such a way that it will automatically switch back to tracking stable/oldstable microcode updates at the next stable/oldstable point release /!\

Full instructions about enabling backported packages are [[http://backports.debian.org/Instructions/|available]]. Note that you need to '''explicitly''' install the package from backports. After the first install from backports, the system should remain updating microcode packages from backports until the next point release that supersedes them.

 /!\ Make sure to enable '''contrib''' and '''non-free''' in the /etc/apt/sources.list line you added to enable backports! /!\

Examples (you must first [[http://backports.debian.org/Instructions/|enable fetching backported packages]], do not forget that you also need '''contrib''' and '''non-free'''):
{{{
  apt-get install -t stable-backports amd64-microcode
  apt-get install -t stable-backports intel-microcode
}}}

or for oldstable-backports-sloppy:

{{{
  apt-get install -t oldstable-backports-sloppy amd64-microcode
  apt-get install -t oldstable-backports-sloppy intel-microcode
}}}

Translation(s): English - Français


CPU Microcode

Processor microcode is akin to processor firmware. The kernel is able to update the processor's firmware without the need to update it via a BIOS update. A microcode update is kept in volatile memory, thus the BIOS/UEFI or kernel updates the microcode during every boot.

Processors from Intel and AMD may need updates to their microcode to operate correctly. These updates fix bugs/errata that can cause anything from incorrect processing, to code and data corruption, and system lockups.

It is very difficult to know for sure whether you need a microcode update or not, but it is not safe at all to just ignore them. You might not notice their effect and have precious data silently corrupted, or an important program silently misbehave. Or you could experience one of those unexplainable and infrequent software issues (such as kernel oops, application segfaults) or hardware issues (including sudden reboots and hangs).

Releases of new microcode updates are more frequent on young processors, but the release of new microcode updates for older processors do happen.

The BIOS (or UEFI) updates the CPU microcode during boot, however most of the time either the motherboard vendor won't issue frequent BIOS/UEFI updates, or the user won't install such updates. For these reasons, the system processor is likely to be running with outdated microcode on a vast number of systems.

Updating CPU microcode within Debian (Intel or AMD)

Note: before you install the microcode update packages in a computer for the first time, it is recommended that you check your system's vendor support site for BIOS/UEFI updates for your system and apply those. By ensuring the computer's BIOS/UEFI is up-to-date, you will reduce the chances of problems with the microcode update (which are very low, but not zero) and also fix other firmware bugs unrelated to microcode.

Please install the amd64-microcode package (for systems with AMD AMD64 processors), or the intel-microcode package (for systems with Intel processors). You will have to enable both contrib and non-free in /etc/apt/sources.list.

Microcode updates are only applied at boot, so you have to reboot to activate them. You will have to keep the packages installed as explained above: the microcode updates have to be reapplied at every boot.

Microcode update support for current and older Debian releases

Debian 7 "Wheezy" (oldoldstable)

Debian 7, codename "Wheezy", is no longer officially supported for microcode updates, and will no longer receive newer microcode updates.

Debian 8 "Jessie" (oldstable)

Debian 8, codename "Jessie", is supported, and will receive updates both through the jessie-backports-sloppy official backports repository (faster than point-releases), and through Debian oldstable point-releases.

  • /!\ Please be aware that older microcode packages might be available at jessie-backports at this time. If you want the newer ones, ensure you are also using jessie-backports-sloppy /!\

To install the microcode update packages from the latest point-release, enable contrib and non-free in /etc/apt/sources.list if they're not already enabled, for example:

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free
deb  http://deb.debian.org/debian jessie main contrib non-free
deb-src  http://deb.debian.org/debian jessie main contrib non-free

After modifying /etc/apt/sources.list, update the package lists in your package manager, and install package amd64-microcode (AMD processors), or intel-microcode package (Intel processors). For example:

apt-get update
apt-get install amd64-microcode

or

apt-get update
apt-get install intel-microcode

Debian 9 "Stretch" (stable)

Debian 9, codename "Stretch" is supported, and will receive updates both through the stretch-backports official backports repository (faster than point-releases), and through Debian stable point-releases.

To install the microcode update packages from the latest point-release, enable contrib and non-free in /etc/apt/sources.list if they're not already enabled, for example:

deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free
deb  http://deb.debian.org/debian stretch main contrib non-free
deb-src  http://deb.debian.org/debian stretch main contrib non-free

After modifying /etc/apt/sources.list, update the package lists in your package manager, and install package amd64-microcode (AMD processors), or intel-microcode package (Intel processors). For example:

apt-get update
apt-get install amd64-microcode

or

apt-get update
apt-get install intel-microcode

Debian testing and Debian unstable

Ensure contrib and non-free are enabled in /etc/apt/sources.list, and install the packages.

Microcode packages are first uploaded to non-free unstable, and after one or two weeks, if no issues are reported, are automatically migrated to non-free testing.

Getting microcode updates sooner using Debian backports

Stable point-releases and oldstable point-releases are done every 2-4 months. This can be a long time to wait for a microcode update that would fix an issue that afflicts your particular system.

An alternative is possible: microcode update packages are first uploaded to non-free unstable, and if no issues are reported, will eventually migrate into non-free testing. Backports of the packages in testing will then be uploaded to stable-backports (currently stretch-backports) and to oldstable-backports-sloppy (currently jessie-backports-sloppy).

  • /!\ Please note that the microcode packages' versioning is set up in such a way that it will automatically switch back to tracking stable/oldstable microcode updates at the next stable/oldstable point release /!\

Full instructions about enabling backported packages are available. Note that you need to explicitly install the package from backports. After the first install from backports, the system should remain updating microcode packages from backports until the next point release that supersedes them.

  • /!\ Make sure to enable contrib and non-free in the /etc/apt/sources.list line you added to enable backports! /!\

Examples (you must first enable fetching backported packages, do not forget that you also need contrib and non-free):

  apt-get install -t stable-backports amd64-microcode
  apt-get install -t stable-backports intel-microcode

or for oldstable-backports-sloppy:

  apt-get install -t oldstable-backports-sloppy amd64-microcode
  apt-get install -t oldstable-backports-sloppy intel-microcode

Checking the microcode version of your CPU

You can check which version of the microcode your processors are running by looking for "microcode" lines on /proc/cpuinfo.

You can check if the kernel updated the microcode on boot by looking for "microcode updated early to" lines in the kernel log:

dmesg | grep "microcode updated early to"
journalctl -b -k | grep "microcode updated early to"
zgrep "microcode updated early to" /var/log/kern.log*

Working around boot problems caused by microcode updates

Very rarely, it is possible for a kernel or a microcode update bug to cause boot issues (hangs or resets at the very beginning of the boot process) on specific processor models.

For this reason, it is possible to pass a kernel command line parameter that skips the microcode update process entirely. The parameter to disable microcode loading is dis_ucode_ldr.

This dis_ucode_ldr parameter must be set in the boot loader, typically Grub2.

The full recovery procedure, including step-by-step instructions for Grub2, is described in the intel-microcode package's README.Debian file. This same procedure also works for amd64-microcode, just replace intel-microcode with amd64-microcode in the README.Debian instructions.

References