Hi,
I have some comments that I thing are related to #1076703
"amd64-microcode: Please clarify how to check if I'm running the latest
microcode" but if it makes more sense for me to open a separate bug or
something else, that's fine too...
Make it make sense!
===================
I am also trying to determine if my system is running the latest
microcode and it's proving difficult. Part of the problem is that there
are several ways these versions are listed, making it hard to compare.
Here are some examples (and some of the data is specific to my cpu):
dmesg:
"smpboot: CPU0: AMD Ryzen 7 8700G w/ Radeon 780M Graphics
(family: 0x19, model: 0x75, stepping: 0x2)"
"microcode: CPU0: patch_level=0x0a705205"
debian/changelog:
Some entries say: "Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f"
Some entries say: "Family 17h models 30h-3fh: version 0.24 build 20"
(SEV?)
older entries say: "sig 0x00830f10, patch id 0x08301055, 2022-02-15"
AMD PR:
code names and versions with no guidance, example:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
linux-firmware git amd-ucode/README:
"Family=0x10 Model=0x02 Stepping=0x02: Patch=0x01000083"
linux-firmware git amd/: (SEV?)
files named "amd_sev_fam17h_model0xh.sbin"
/proc/cpuinfo:
processor : 0
vendor_id : AuthenticAMD
cpu family : 25
model : 117
model name : AMD Ryzen 7 8700G w/ Radeon 780M Graphics
stepping : 2
microcode : 0xa705205
cpuid -1 --l 0x00000001|head -10: (to just get the needed eax for the
first cpu)
CPU:
version information (1/eax):
processor type = primary processor (0)
family = 0xf (15)
model = 0x5 (5)
stepping id = 0x2 (2)
extended family = 0xa (10)
extended model = 0x7 (7)
(family synth) = 0x19 (25)
(model synth) = 0x75 (117)
lscpu:
Vendor ID: AuthenticAMD
Model name: AMD Ryzen 7 8700G w/ Radeon 780M
Graphics
CPU family: 25
Model: 117
As you can see this is sort of confusing with decimal vs hex, family vs
extended family vs family synth, etc...
Also I guess SEV firmware is different from microcode?
What I would like to be able to do
===================================
1) easily determine what CPU is in my system, in an output format that
is usable when reading these other documents
2a) determine which version(s) my system is running
2b) determine if my system is using the latest
3) be able to scan the debian changelog and see when updates have
occurred for my particular CPU, or if there are newer versions that I
might benefit from (used when debugging system issues, etc)
4) be able to scan the upstream changelog for same (mostly out of
debian's control, but debian's docs might be able to help).
What I think would help
=======================
1) use a consistent format in debian/changelog that makes it easier to
determine which cpus are getting updates by searching for particular
strings. I think this is already mostly the case recently, but maybe
microcode and SEV could be made more consistent? I don't think it's
necessary to maintain a separate document that lists the latest
version(s) for a given cpu since that sounds like a lot of work (but I
guess if such a thing existed then one could programmatically determine
if they had the latest?). I suspect this format should be:
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f
I'm not sure how you'd want to handle things with ranges like the SEV
lines. Probably we don't even know how many CPUs exist in those ranges?
I'm trying to think of formats that would allow one to grep for their
cpu and get the right lines. The upstream files use "x" as a wildcard,
so that's one option.
2) explain in README.Debian how to determine what CPU you have, in the
same format as the changelog. Also explain how to look for these
versions in the changelog, but also how the versions might be expressed
differently.
3) explain in README.Debian how to determine the current running version
and how to look that up in the changelog to determine if it's the latest
and if there is something newer (which means looking at testing/sid
changelog instead of the one on the system)
Other related info
==================
1) I recently discovered that the gentoo wiki page on AMD microcode has
some good stuff
https://wiki.gentoo.org/wiki/AMD_microcode
It tells the user to run `grep -F -m 1 "cpu family" /proc/cpuinfo` and
then look up the decimal version in a table there. But that doesn't give
model/stepping/patch levels, etc. and might give the user the impression
an update should be available for their system when there isn't one
(since AMD only updates selectively within families)
The decoder table they maintain there is helpful, as are some of the
tables on wikipedia. Rather than put anything like that in the debian
package, maybe just link to those as long as they are being maintained.
2) that prompted me to look at the arch wiki and found this general
microcode page
https://wiki.archlinux.org/title/Microcode
which suggests looking for "CPU0" in the boot messages to get the
smpboot line (with family/model/stepping) and microcode (with
patch_level). That might be the easiest way for the user to do it, no
converting dec->hex, and doesn't depend on extra packages like cpuid
3) bonus points if this stuff could be made more consistent between
amd64-microcode and intel-microcode, lots of people have to deal with
both and it sucks to have to figure out two systems. Intel's format is
even worse than AMDs....
Sorry for the giant brain dump, this has been collecting in my brain for
a while. Let me know what you think and if you want any help crafting or
reviewing documentation to add.
Thanks,
--
Matt Taggart
m...@lackof.org
