Hi Paul, I did actually test also on an R815 running Opteron 6234 as well, and got the same result. Microcode version is different (0x600063d) but also did not change with the update. Systems running Opteron 6100 series processors wouldn't be included in the fixes AMD said they released to OEMs (like Dell), since those are pre-"Bulldozer" processors. Also, from what I can tell, they don't need microcode updates to mitigate Spectre, since the vulnerable features can be disabled with simple OS updates. For those processors, the ibp_disable CPU flag will show up after installing latest OS updates (see https://www.realworldtech.com/forum/?threadid=176206&curpostid=176206 and second option under AMD defaults at https://access.redhat.com/articles/3311301#architectural-defaults-11).
It would be nice if AMD would release microcode updates to the public through linux-firmware or on their own site like Intel does ( https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File?product=873) that users can then apply manually. Sure, BIOS updates are always preferred, but having the microcode updates would mean we wouldn't have to worry about vendors like Dell releasing BIOS updates that work... @Dell: Any update/thoughts on this?? Thanks. -- Matt Vander Werf HPC System Administrator University of Notre Dame Center for Research Computing - Union Station 506 W. South Street South Bend, IN 46601 Phone: (574) 631-0692 On Fri, Apr 27, 2018 at 9:29 AM, Paul Menzel <[email protected]> wrote: > Dear Matt, > > > > On 04/26/18 22:55, Matt Vander Werf wrote: > > I noticed that Dell released BIOS updates for R815 systems to address the >> Spectre vulnerability (variant #2, CVE-2017-5715) at [1]. The new version >> is 3.4.0 and the previous latest version is 3.2.2. We have quite a few >> R815 >> systems running AMD Opteron processors, mostly Opteron 6378, but some 6200 >> series too. AMD says it released updates to OEMs going as far back as the >> first "Bulldozer" Opteron processors released in 2011 [2], so I'd expect >> this BIOS update to address Spectre for all our R815 systems... >> >> However, when I apply the new BIOS update to one of these R815 systems >> running Operton 6378 processors and reboot the system, the machine still >> shows up as being vulnerable [3]. >> >> Checking the CPU flags, I don't see any flags that indicate protection >> against Spectre, like ibpb, ibrs, or spec_ctl [4]. The only new CPU flag >> that shows up with the BIOS update is the vmmcall flag, which is unrelated >> to the Spectre vulnerability. The CPU microcode didn't change either from >> 0x600084f. The machine shows it is running the new BIOS version [5] but it >> doesn't appear to be doing anything to address Spectre, even though the >> R815 BIOS firmware page says it does... Here's [6] some more info about >> the >> Opteron 6378 processor in one of our R815 systems. They are all running >> RHEL 7. >> >> >> Are others seeing the same thing? >> >> @Dell: Did this BIOS update only address Spectre for certain Opteron >> processors and not all possible R815 Opteron processors?? If so, could it >> be indicated on the firmware page what processors it fixes? Can we get >> updates for Opteron 6378 please? >> > > Thank you for telling the list, so people do not have to run through the > upgrade nightmare in vain. > > Just to be sure, you did not test on 6200 yet, right? > > We can only test with Opteron 6174 next week, but I suggest to open a call > with Dell. > > > Kind regards, > > Paul > > > PS: AMD should really get these updates into linux-firmware, so that they > can at least be applied from within Linux, until the vendors get finally > their act together and, like in this case, do not publish the update later > than announced and not screw up the updates. Also one more point for free > firmware like coreboot, so people could do the update themselves. When will > Dell learn? > >
_______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge
