Personal computing discussed

Moderators: renee, Flying Fox, morphine

 
JosiahBradley
Gerbil
Topic Author
Posts: 12
Joined: Tue Sep 18, 2012 11:18 pm

Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 12:22 pm

Warning: This should be relatively safe but I make no guarantees that it will not brick your machine, especially if you do not have dual BIOS. Also note this make actually make haswell systems unstable according to Intel so perhaps a v24h microcode will be released later that fixes this.

Starting this thread as a request/delivery place for injecting Intel's current version 23h microcode/uCode into BIOS for motherboards being left behind by manufacturers. Post your motherboard's model number and CPUID (can be found using hwinfo) and I will attempt to create a custom BIOS for you to install to be protected against Meltdown/Spectre.

General instruction were gathered from this article: https://www.delidded.com/how-to-update-cpu-microcode-in-ami-bios/

Intel Microcode can be obtained from https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File

Tools used: MMTool from AMI for Version 4/V UEFI/BIOS.

If anyone is interested let me know.
 
Wirko
Gerbil Team Leader
Posts: 296
Joined: Fri Jun 15, 2007 4:38 am
Location: Central Europe

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 12:52 pm

Well, the domain name itself is enough of a warning.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 12:59 pm

If you are running linux, just use whatever intel microcode package your distro provides.

Ubtuntu updated theirs just 3 days after Intel released the microcode.

That's way safer than messing with firmware like that, and it accomplishes the same thing.

---

I believe there is a way to do something similar with Windows, but someone more knowledgeable will have to chime in.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 3:11 pm

Glorious wrote:
I believe there is a way to do something similar with Windows, but someone more knowledgeable will have to chime in.


Windows does have the ability, but end users can't manage it.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 3:28 pm

As an aside, there is a better resource for this type of work here:

https://www.win-raid.com/t785f16-Discus ... s-226.html

The latest posts have successes from Z97 and X79 boards in updating their microcode to include the Spectre fixes.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 4:14 pm

Glorious wrote:
If you are running linux, just use whatever intel microcode package your distro provides.

Ubtuntu updated theirs just 3 days after Intel released the microcode.

That's way safer than messing with firmware like that, and it accomplishes the same thing.

---

I believe there is a way to do something similar with Windows, but someone more knowledgeable will have to chime in.


Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell. I suppose they had to draw a line somewhere, but especially in the data center 5 years seems fairly short.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 4:30 pm

captaintrav wrote:
Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell. I suppose they had to draw a line somewhere, but especially in the data center 5 years seems fairly short.

Not necessarily. In the datacenter, gains in performance/watt over the past 5 years may make it worthwhile to upgrade even if the old hardware's performance is adequate for the workload in absolute terms. Electricity is a significant chunk of TCO for systems that are powered up 24x7.

***

A digression...

This thread kind of reminds me of the waning days of K6-x, when there were hacked BIOSes floating around for a number of the Super 7 motherboards to accommodate the K6-2+ and K6-III+ variants. AMD intended the "+" chips to be sold only to OEMs for mobile and embedded applications, but since they still had a Super 7 compatible pinout it was inevitable that they would show up on the grey market, and people would figure out how to make them work in desktop boards. They ran much cooler and were more overclockable than the standard K6-x chips, and the K6-2+ outperformed the K6-2 clock-for-clock due to the presence of on-die L2 cache. IIRC an OCed K6-III+ was capable of performing on par with the lower-clocked Durons.
Nostalgia isn't what it used to be.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 4:38 pm

captaintrav wrote:
Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell.


Well, sure, but if it isn't available, it simply isn't available whether you are hacking it into the firmware or using your distro's package.

But, yes, there isn't anything available for ivy-bridge or older.

JBI wrote:
Not necessarily. In the datacenter, gains in performance/watt over the past 5 years may make it worthwhile to upgrade even if the old hardware's performance is adequate for the workload in absolute terms.


Also my company seems to lease regular servers on a 4 year basis, I'm not an expert on datacenter purchasing or anything, but you can regularly see 4-5 year old enterprise hardware showing up on refurb/resale sites like it's on a schedule.
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 4:53 pm

Glorious wrote:
captaintrav wrote:
Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell.


Well, sure, but if it isn't available, it simply isn't available whether you are hacking it into the firmware or using your distro's package.

But, yes, there isn't anything available for ivy-bridge or older.

JBI wrote:
Not necessarily. In the datacenter, gains in performance/watt over the past 5 years may make it worthwhile to upgrade even if the old hardware's performance is adequate for the workload in absolute terms.


Also my company seems to lease regular servers on a 4 year basis, I'm not an expert on datacenter purchasing or anything, but you can regularly see 4-5 year old enterprise hardware showing up on refurb/resale sites like it's on a schedule.


We don't lease stuff, we run it into the ground. We definitely have stuff older than Haswell in the lab, and I know some of our AIX stuff is really old.
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 4:55 pm

just brew it! wrote:
captaintrav wrote:
Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell. I suppose they had to draw a line somewhere, but especially in the data center 5 years seems fairly short.

Not necessarily. In the datacenter, gains in performance/watt over the past 5 years may make it worthwhile to upgrade even if the old hardware's performance is adequate for the workload in absolute terms. Electricity is a significant chunk of TCO for systems that are powered up 24x7.


I was thinking this would come up, but no long ago we were still using Core2-era Xeons in production, and I believe some of those may still be in our lab environment. I can't find a definitive answer, but I believe our rates here are less than 12c/kwh which is on the cheap side AFAIK, so that may factor in.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:07 pm

captaintrav wrote:
We don't lease stuff, we run it into the ground. We definitely have stuff older than Haswell in the lab, and I know some of our AIX stuff is really old.


Well, so do we, hence my use of "regular" when referring to servers.

When I started (and I am not even in my late 30s) we still had physical VAXen. :wink:
 
captaintrav
Gerbil First Class
Posts: 178
Joined: Thu Dec 12, 2013 12:51 pm
Location: Saskatchewan, Canada

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:08 pm

Glorious wrote:
captaintrav wrote:
Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell.


Well, sure, but if it isn't available, it simply isn't available whether you are hacking it into the firmware or using your distro's package.

But, yes, there isn't anything available for ivy-bridge or older.

JBI wrote:
Not necessarily. In the datacenter, gains in performance/watt over the past 5 years may make it worthwhile to upgrade even if the old hardware's performance is adequate for the workload in absolute terms.


Also my company seems to lease regular servers on a 4 year basis, I'm not an expert on datacenter purchasing or anything, but you can regularly see 4-5 year old enterprise hardware showing up on refurb/resale sites like it's on a schedule.


I'm not exactly an expert, but my father was an accountant, and this is how understand it, at least in Canada. Kind of like leasing an automobile, leasing is great for maintaining a fixed cost over a long period of time, but ends up costing you more in the long run generally speaking. But.... tax laws make it advantageous if not at least simpler to lease equipment. If you lease, it doesn't become a captial asset that needs to have depreciation calculated on, and in many cases becomes a bigger tax write off than if you bought it outright. Whereas you can write off the cost of the lease or at least a percentage that stays the same over time, you can only write off a decreasing percentage of the assets each year. For technology this is quite an issue since a lot of the time the real world value of tech depreciates faster than the tax code thinks it ought to. So the off-lease equipment coming up for refurb/resale has as much to do with accounting practices as it does obsolescence.

We've crunched the numbers on the desktop side of things and will soon cease leasing those as well, it just creates budgeting challenges. Easier to budget 500k for new laptops spread over 3 years every three years than one 500k at a shot every 3.5, but with leasing penalties and interest it is worth it to get off the leasing train.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:11 pm

captaintrav wrote:
I'm not exactly an expert, but my father was an accountant. Kind of like leasing an automobile, leasing is great for maintaining a fixed cost over a long period of time, but ends up costing you more in the long run generally speaking. But.... tax laws make it advantageous if not at least simpler to lease equipment. If you lease, it doesn't become a captial asset that needs to have depreciation calculated on, and in many cases becomes a bigger tax write off than if you bought it outright. Whereas you can write off the cost of the lease or at least a percentage that stays the same over time, you can only write off a decreasing percentage of the assets each year. For technology this is quite an issue since a lot of the time the real world value of tech depreciates faster than the tax code thinks it ought to. So the old equipment coming up for refurb/resale has as much to do with accounting practices as it does obsolescence.

We've crunched the numbers on the desktop side of things and will soon cease leasing those as well, it just creates budgeting challenges. Easier to budget 500k for new laptops spread over 3 years every three years than one 500k at a shot every 3.5, but with leasing penalties and interest it is worth it to get off the leasing train.


They've actually gone back and forth on leasing desktops, at least twice, since I've been here.

The accountants here are constantly crunching the numbers and working it out every year, it would seem.

EDIT: right now i think the desktops aren't leased but the servers are.

And there are off-budget considerations: if you don't actually pull/replace/migrate a server before the lease is up, that screws with the math obviously. Which, for personnel reasons, has not been happening timely lately. :lol: :lol:
 
Concupiscence
Gerbil Elite
Posts: 709
Joined: Tue Sep 25, 2012 7:58 am
Location: Dallas area, Texas, USA
Contact:

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:25 pm

just brew it! wrote:
IIRC an OCed K6-III+ was capable of performing on par with the lower-clocked Durons.


That may have been true for some integer-heavy workloads, or situations that were pathologically cache-sensitive. It was hard to rival K7's FPU for a lot of jobs, and as i686 feature compatibility became more important, they were progressively left in the dust - CMOV turned out to be pretty heavily leveraged. Still, they were spry and capable little chips; a friend of mine used one as his main desktop for years, and overclocked it to the gills.

As for modifying a legacy BIOS: that's pretty much "abandon all hope, ye who enter here" territory if it goes south. Linux users can load microcode updates and not faff around with it, but I understand how people stuck with older kit on Windows may find the idea appealing. Good luck, if nobody upstream bothers to take care of you and you feel compelled to go that route.
Science: Core i9 7940x, 64 gigs RAM, Vega FE, Xubuntu 20.04
Work: Ryzen 5 3600, 32 gigs RAM, Radeon RX 580, Win10 Pro
Tinker: Core i5 2400, 8 gigs RAM, Radeon R9 280x, Xubuntu 20.04 + MS-DOS 7.10

Read me at https://www.wallabyjones.com/
 
JosiahBradley
Gerbil
Topic Author
Posts: 12
Joined: Tue Sep 18, 2012 11:18 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:28 pm

Ryu Connor wrote:
Glorious wrote:
I believe there is a way to do something similar with Windows, but someone more knowledgeable will have to chime in.


Windows does have the ability, but end users can't manage it.


Sadly I tried the Window's microcode patching using the VMWare tool and it does *NOT* patch it because Windows loads it's own microcode driver AFTER the part of the kernel that is running the patch, so it does not enable the protection.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:29 pm

I wonder if you could run Linux from a USB drive and update the microcode from that. It might require a chroot or some other trickery with the environment, but I'd personally try that before I tried hacking the BIOS directly.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:35 pm

You lose it on a reboot then, though.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:37 pm

Yeah, that would be the reason for the extra trickery. I have no idea if that would work, just speculating(heh) on alternatives that are less scary.

Assuming that the whole reason for using a USB drive is that there isn't a Linux install on disk, then yeah, it probably wouldn't. So just ignore me. :P
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:54 pm

captaintrav wrote:
Just as a note, there is microcode updates for all kinds of processors in the package, but Intel hasn't released any *new* microcode updates for anything older than Haswell. I suppose they had to draw a line somewhere, but especially in the data center 5 years seems fairly short.


IvyBridge-E, EN, EP, and EX apparently have received a microcode update, but not standard Ivy Bridge or any variant of Sandy Bridge.

https://github.com/hannob/meltdownspect ... -microcode

So X79 users and C60X series server chipsets could get a firmware update for Spectre.

I seriously doubt X79 will unless the user mods their own firmware. Ivy Bridge-E servers still under a support contract might.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
Ryu Connor
Global Moderator
Posts: 4369
Joined: Thu Dec 27, 2001 7:00 pm
Location: Marietta, GA
Contact:

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 5:58 pm

JosiahBradley wrote:
Sadly I tried the Window's microcode patching using the VMWare tool and it does *NOT* patch it because Windows loads it's own microcode driver AFTER the part of the kernel that is running the patch, so it does not enable the protection.


Unfortunate that a third party tool also fails.

According to this [support.microsoft.com] Microsoft last updated the microcode patches in Windows back in 2015. So, yeah, not something Microsoft likes to do. Of course with the latest Haswell and Broadwell microcode updates causing havoc, I get why.
All of my written content here on TR does not represent or reflect the views of my employer or any reasonable human being. All content and actions are my own.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 6:45 pm

Redocbew wrote:
Yeah, that would be the reason for the extra trickery. I have no idea if that would work, just speculating(heh) on alternatives that are less scary.

Assuming that the whole reason for using a USB drive is that there isn't a Linux install on disk, then yeah, it probably wouldn't. So just ignore me. :P

If you have room for a small Linux partition on the system disk you could probably have it boot up (causing the microcode patches to be installed), then automatically reboot into Windows. IIRC GRUB has a mechanism that allows Linux to tell it "boot partition X instead of the default OS on next boot only". This, of course, assumes that microcode patches survive a warm boot; the BIOS may overwrite with whatever microcode the BIOS has, negating the effect of the patch.

Using a modified GRUB as the initial bootloader might be the cleanest from an overall system perspective since it could simply patch the microcode and boot Windows directly (no need to load another OS first). This would be a pretty major undertaking though, as it would require extensive modifications to GRUB itself. And the GRUB code is a scary place indeed; I've been there. (A couple of jobs back we had a product that used a custom modified version of GRUB... I was the unlucky guy who got to figure out how to modify it.)
Nostalgia isn't what it used to be.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 7:49 pm

JBI wrote:
This, of course, assumes that microcode patches survive a warm boot; the BIOS may overwrite with whatever microcode the BIOS has, negating the effect of the patch.


My understanding is that the update mechanism (EDIT: the one on the intel chip) won't let you "update" to an older version.

So if it's there, it's there.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 7:59 pm

Glorious wrote:
JBI wrote:
This, of course, assumes that microcode patches survive a warm boot; the BIOS may overwrite with whatever microcode the BIOS has, negating the effect of the patch.

My understanding is that the update mechanism (EDIT: the one on the intel chip) won't let you "update" to an older version.

So if it's there, it's there.

Which leads me to wonder what kinds of security mechanisms are used to ensure that malicious patches don't get installed... hopefully they are cryptographically signed, and the chip rejects microcode patches with invalid signatures.
Nostalgia isn't what it used to be.
 
Glorious
Gerbilus Supremus
Posts: 12343
Joined: Tue Aug 27, 2002 6:35 pm

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 8:01 pm

It's signed.

I read something in which some guys were fiddling with it to try to understand how it all worked, let me see...

EDIT: there we go:

http://inertiawar.com/microcode/
Last edited by Glorious on Tue Jan 16, 2018 8:03 pm, edited 1 time in total.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Modded legacy BIOS for Meltdown/Spectre

Tue Jan 16, 2018 8:02 pm

You would hope so. It's not like they need to make concessions to users who may be put off by a little added security.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On