Borja Marcos
2019-May-15 14:27 UTC
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds
> On 15 May 2019, at 15:32, mike tancsa <mike at sentex.net> wrote: > > Actually, just tried this on RELENG_11 (r347613) and I get > > don't know how to load module '/boot/firmware/intel-ucode.bin' > > In boot/loader.conf I have > > cpu_microcode_load="YES" > cpu_microcode_name="/boot/firmware/intel-ucode.bin?I used this: microcode_update_enable=?YES" on /etc/rc.conf with the devcpu-data port installed and as far as I know it updated the microcode. The script in /usr/local/etc/rc.d used cpucontrol(8) to load it. Or am I holding it wrong? Borja.
mike tancsa
2019-May-15 14:33 UTC
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds
On 5/15/2019 10:27 AM, Borja Marcos wrote:> >> On 15 May 2019, at 15:32, mike tancsa <mike at sentex.net> wrote: >> >> Actually, just tried this on RELENG_11 (r347613) and I get >> >> don't know how to load module '/boot/firmware/intel-ucode.bin' >> >> In boot/loader.conf I have >> >> cpu_microcode_load="YES" >> cpu_microcode_name="/boot/firmware/intel-ucode.bin? > I used this: > microcode_update_enable=?YES" > > > on /etc/rc.conf with the devcpu-data port installed and as far as I know it updated the microcode. > > The script in /usr/local/etc/rc.d used cpucontrol(8) to load it. > > Or am I holding it wrong?Supposedly 2 ways to do it. When you install the port, it writes .... and I missed the part where it says running FreeBSD 12.0.... --------------------- Installing this port will allow host startup to update the CPU microcode on a FreeBSD system automatically.? There are two methods for updating CPU microcode: the first methods loads and applies the update before the kernel begins booting, and the second method loads and applies updates using an rc script.? The first method is preferred, but is currently only supported on Intel i386 and amd64 processors running FreeBSD 12.0.? It is safe to enable both methods. The first method ensures that any CPU features introduced by a microcode update are visible to the kernel.? In other words, the update is loaded before the kernel performs CPU feature detection. To enable updates using the first method, add the following lines to the system's /boot/loader.conf: cpu_microcode_load="YES" cpu_microcode_name="/boot/firmware/intel-ucode.bin" ??? ---Mike> > > Borja. > >