Date: Wed, 15 May 2019 10:33:28 -0400 From: mike tancsa <mike@sentex.net> To: Borja Marcos <borjam@sarenet.es> Cc: "Wall, Stephen" <stephen.wall@redcom.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds Message-ID: <40f27bee-caa2-75a7-459d-3491ff22ebfb@sentex.net> In-Reply-To: <F3480FF5-D166-4A56-A793-1914B52F10EE@sarenet.es> References: <20190515000302.44CBB1AB79@freefall.freebsd.org> <cdf6982694db447985b15e9170256fe5@exch-02.redcom.com> <31b178d5-9998-d2a3-cc4c-d3f7d574743a@sentex.net> <F3480FF5-D166-4A56-A793-1914B52F10EE@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/2019 10:27 AM, Borja Marcos wrote: > >> On 15 May 2019, at 15:32, mike tancsa <mike@sentex.net> wrote: >> >> Actually, just tried this on RELENG_11 (r347613) and I get >> >> don't know how to load module '/boot/firmware/intel-ucode.bin' >> >> In boot/loader.conf I have >> >> cpu_microcode_load=3D"YES" >> cpu_microcode_name=3D"/boot/firmware/intel-ucode.bin=E2=80=9D > I used this: > microcode_update_enable=3D=E2=80=9CYES" > > > on /etc/rc.conf with the devcpu-data port installed and as far as I kno= w it updated the microcode. > > The script in /usr/local/etc/rc.d used cpucontrol(8) to load it. > > Or am I holding it wrong?=20 Supposedly 2 ways to do it. When you install the port, it writes .... and I missed the part where it says running FreeBSD 12.0.... --------------------- Installing this port will allow host startup to update the CPU microcode = on a FreeBSD system automatically.=C2=A0 There are two methods for updating = CPU microcode: the first methods loads and applies the update before the kern= el begins booting, and the second method loads and applies updates using an rc script.=C2=A0 The first method is preferred, but is currently only sup= ported on Intel i386 and amd64 processors running FreeBSD 12.0.=C2=A0 It is safe= to enable both methods. The first method ensures that any CPU features introduced by a microcode update are visible to the kernel.=C2=A0 In other words, the update is loa= ded before the kernel performs CPU feature detection. To enable updates using the first method, add the following lines to the system's /boot/loader.conf: cpu_microcode_load=3D"YES" cpu_microcode_name=3D"/boot/firmware/intel-ucode.bin" =C2=A0=C2=A0=C2=A0 ---Mike > > > Borja. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40f27bee-caa2-75a7-459d-3491ff22ebfb>