On Sunday, July 8, 2018 1:40:34 PM PDT Henrique de Moraes Holschuh wrote: > On Fri, 06 Jul 2018, Matt Stamp wrote: > > After applying an update to my UEFI/BIOS my microcode is rev 0x8e. A > > package seperate for your, needrestart said that the available > > microcode did not match my currently applied version 0x84. Though > > even after the recent update from Intel I am still getting that > > message. > > That's a limitation in the needsrestart logic, which isn't easy to fix > at all. The kernel doesn't help (it doesn't tell you the BIOS microcode > revision on Intel, only the current revision), and Intel doesn't help > (they sometimes downgrade or recall microcode updates so you can't > assume it will just go up on intel-microcode updates), so it can't do a > perfect job. > > Maybe it can be improved, but that would be something to explore in a > bug report against needrestart, not intel-microcode. > > > Is this correct? Is the revision in intel-microcode-3.20180703.2 for > > Kabby Lake really 0x84? According to some of my reading Intel > > Yes, it is really 0x84, unfortunately(?) > > This information can be found in /usr/share/doc/intel-microcode/ > changelog.gz, although it can be a bit cryptic unless you've read the > README or tried running "iucode_tool -Sv" to know your processor's > signature. > > > released the 0x8e version and so I thought it would be included in > > their recent release. > > We wish. No, it isn't. From the Debian changelog of intel-microcode: > > --8<-- > + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 > + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge > server, Ivy Bridge server, Haswell server, Skylake server, Broadwell > server, a few HEDT Core i7/i9 models that are actually gimped server dies. > --8<-- > > As you can see, the vast majority of the processors affected, Kaby lake > included, are still missing in the public update release of 2018-07-03. > > > If this is some issue with the needrestart package or perl within than > > no big deal and please feel free to close this ticket. > > I will close the bug report when we get a Kabi Lake update with revision > 0x8e or higher. > > If you want to ask the needrestart package to improve their detection, > please open a bug against that package. I am not sure much can be done > on that regard without kernel changes, though.
Thank you kindly for explaining that in detail. It is much appreciated.
