Date: Thu, 10 Aug 2023 01:13:00 +0100 From: void <void@f-m.fm> To: freebsd-security@freebsd.org Subject: Re: Downfall microcode update Message-ID: <ZNQrjNUuimrHTT8W@int21h> In-Reply-To: <867cq4tuot.fsf@ltc.des.no> References: <E2A96C20-6F5D-42B0-A16D-BF70CBB6B99B@lassitu.de> <66285345-7ab9-931a-fbb4-fd988f629e74@grosbein.net> <867cq4tuot.fsf@ltc.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 09, 2023 at 11:46:10AM +0200, Dag-Erling Smørgrav wrote:
>Eugene Grosbein <eugen@grosbein.net> writes:
>> cpupdate_enable="YES" # in /etc/rc.conf should be enough
>
>You mean
>
>microcode_update_enable="yes"
>
>DES
What's the proper way then, for intel?
1. install sysutils/cpupdate and enable it in rc.conf ?
2. microcode_update_enable="yes" in rc.conf ?
3. in /boot/loader.conf:
cpu_microcode_load="YES"
cpu_microcode_name="/boot/firmware/intel-ucode.bin"
?
All 3 ? Just 1 & 2? Is just #3 sufficient?
Make cron attempt to download updates daily, via service cpupdate download ?
Is CPM needed?
The manpage for cpupdate has this:
CPUPDATE(8) FreeBSD System Manager's Manual CPUPDATE(8)
NAME
cpupdate TO BE DONE: MANPAGE
FreeBSD 13.2-STABLE January 15, 2018 FreeBSD 13.2-STABLE
--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZNQrjNUuimrHTT8W>