• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Intel Microcode Boot Loader

Regeneration

Regeneration

NGOHQ.COM
Joined
Oct 26, 2005
Messages
3,152 (0.44/day)

In early 2018, security researchers discovered several security vulnerabilities affecting all processors: Meltdown and Spectre. These vulnerabilities allow speculative execution side-channel attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754). While Meltdown was resolved with an OS patch, Spectre required a microcode update.

Since the microcode is stored and automatically loaded by the BIOS/UEFI, motherboard manufacturers required to issue an update. However, manufacturers normally release firmware updates only for their newest products. Plenty of motherboards still remain vulnerable until this very day.

Intel Microcode Boot Loader is a workaround by ngohq.com for the microcode problem on Intel-based motherboards. It updates the microcode every time the system is booted. Based on Intel BIOS Implementation Test Suite (BITS), users no longer need to modify BIOS/UEFI ROMs to stay protected from security vulnerabilities, bugs and erratas.

This solution requires permanently plugged USB flash drive with at least 25MB (or similar device) and BIOS/UEFI supporting boot from USB devices. Alternatively, advanced users can install it to a local drive on top of the System Reserved partition (see localdrive.txt for instructions).

Instructions:
1. Format a USB flash drive with FAT32 filesystem.
2. Extract the archive to the USB flash drive and run install.exe to make it bootable.
3. Enter the BIOS/UEFI, assign the USB flash drive as the 1st boot device and enable legacy boot mode.
4. The boot loader will regularly update the microcode and load the OS.

Notes:
* This release includes the latest ucodes for 404 Intel CPUs produced from 1996 to 2019.
* The ucodes are stored in the \boot\mcudb folder if you wish to update in the future.
* If you get 'Ucode not found' warning during installation, or plan to deploy on another PC, look for the correct ucode (by CPUID) in \boot\mcudb and copy it to \boot\mcu.

Changes (v0.5.4):
* Updated microcode database.

Downloads:
Intel Microcode Boot Loader | Mirror #1 | Mirror #2
 
Last edited:
Wicked. I've got a 2700K on a now unsupported Asus UEFI mobo so this will come in handy.
 
Good idea for the few boards that require a different solution / don't have an updated bios (Intel comes to mind).

I assume this could be adapted to load itself into the windows bootloader, actually, as I see it's using a full UEFI boot stack and Windows 10 at least makes a seperate boot partition. Is there any reason you aren't taking that approach as an alternative release?
 
Does this tool require permament pendrive, because it loads code from it on every boot ?
Can it be exchanged for small FAT16/FAT32 partition, on IDE/MBR configured UEFI/BIOS ?
 
R-T-B said:
I assume this could be adapted to load itself into the windows bootloader, actually, as I see it's using a full UEFI boot stack and Windows 10 at least makes a seperate boot partition. Is there any reason you aren't taking that approach as an alternative release?
Click to expand...

agent_x007 said:
Does this tool require permament pendrive, because it loads code from it on every boot ?
Can it be exchanged for small FAT16/FAT32 partition, on IDE/MBR configured UEFI/BIOS ?
Click to expand...

Yes. It requires permanent pendrive. It can be exchanged for small FAT boot partition, but that's requires too time to setup.

Altering the boot partition can a make mess in the drive numbering order and render the system unbootable. Especially with Microsoft pushing major updates every few months.

USB flash drives are extremely cheap now, boot time remains almost the same, and you don't have to worry about Windows overwriting the boot loader.
 
Last edited:
@Regeneration I meant it in case when PC has two drives : A hard drive without OS (no bootable parttions), and an SSD with OS. Can a bootable partition on HDD, be used to serve as replacement for USB Flash drive.

@Knoxx29 "They" said Clover EFI software "required pendrive" to work as well.
Guess what can you do with BDU ;)
 
Regeneration said:
Yes, but it must be on FAT32 partition.
Click to expand...
Awesome !
Since this method basicly bypasses a USB boot limitation, can Pentium Pro supports it using CompactFlash card and IDE adapter (I'm asking, because you mentioned this pack supports latest ucodes for CPUs from 1996) ?
 
agent_x007 said:
Awesome !
Since this method basicly bypasses a USB boot limitation, can Pentium Pro supports it using CompactFlash card and IDE adapter ?
Click to expand...

Yes. There's another workaround to boot USBs on unsupported BIOSes: Plop Boot Manager.

Pentium Pro from which year? CPUID 061x? there are 392 ucodes packed in this release. CPUs from 1996 to 2018.
 
Last edited:
Yes. I'm interested in later releases, specifically CPUID : 0617/0619.
FYI : I'm gathering info for now, I don't own a PPro... yet.
 
In the \boot\mcudb folder, you'll find all ucodes by cpuid and version. If you plan on preparing the device for another PC, make sure to manually copy the ucode to \boot\mcu.
 
Any chance this can work with linux? Or is it simply not needed?
 
So in theory, if you had a Z170/Z270 board with a CFL CPU, with this loaded on a small thumb drive, no modded BIOS would be needed?\
Same with Q65-Q67 and Z68?
 
king of swag187 said:
So in theory, if you had a Z170/Z270 board with a CFL CPU, with this loaded on a small thumb drive, no modded BIOS would be needed?\
Same with Q65-Q67 and Z68?
Click to expand...

You must reach to the boot process to load the microcode. It means, the system must POST.

And by the way, thanks to @W1zzard for letting me share my creations with the TPU community.

Other tech sites ban me for some reason :laugh: and its not like i'm posting shareware, adware, or malware. It's complete freeware and portable.

Just useful stuff that I work on to waste time. If I spend time on something, why not share it?
 
Last edited:
Regeneration said:
Other tech sites ban me for some reason
Click to expand...

Wow. Pretty lame of them. Guess they can't be bothered to take 10 seconds to test something for malware / google who you are?
 
I'm trying to make this work on a second ESP partition on my secondary drive, but I'm running into a problem. I've copied the contents of the archive to the partition, ran the install .exe successfully and marked the partition as bootable. I had to manually add an EFI boot entry because it wasn't detected automatically, but it seems to boot fine. The problem occurs when grub tries to load the microcode. For only a few frames 2 errors show on screen, after which I get a grub command line. The errors are:

Code: 
error: can't find command `mcu_load`.
error: can't find command `drivemap`.

I had to record a slow-motion video in order to even read the errors. I don't think I installed wrongly, and I've tried again multiple times from scratch. Do you have any idea what the problem could be?
 
GalaxyMaster_P said:
I'm trying to make this work on a second ESP partition on my secondary drive, but I'm running into a problem. I've copied the contents of the archive to the partition, ran the install .exe successfully and marked the partition as bootable. I had to manually add an EFI boot entry because it wasn't detected automatically, but it seems to boot fine. The problem occurs when grub tries to load the microcode. For only a few frames 2 errors show on screen, after which I get a grub command line. The errors are:

Code: 
error: can't find command `mcu_load`.
error: can't find command `drivemap`.

I had to record a slow-motion video in order to even read the errors. I don't think I installed wrongly, and I've tried again multiple times from scratch. Do you have any idea what the problem could be?
Click to expand...

GRUB fails to recognize the location of the modules. Are you using FAT partition?

Try to adjust grub.cfg (set the correct root drive) according to the GRUB2 manual.

That's why I suggested using $5 USB flash drive, GRUB can be difficult to configure.
 
Regeneration said:
GRUB fails to recognize the location of the modules. Are you using FAT partition?

Try to adjust grub.cfg (set the correct root drive) according to the GRUB2 manual.

That's why I suggested using $5 USB flash drive, GRUB can be difficult to configure.
Click to expand...
The partition is definitely formatted FAT32. I don't think editing the grub.cfg will help, since the mcu_load command happens before the root drive is set. Regardless I went and checked the available drives in the grub terminal, they were hd1 and hd2. I changed the grub.cfg to all possible combinations of those and none of them worked. I'm trying a USB flash drive now, will report back if it works or not.
 
GalaxyMaster_P said:
The partition is definitely formatted FAT32. I don't think editing the grub.cfg will help, since the mcu_load command happens before the root drive is set. Regardless I went and checked the available drives in the grub terminal, they were hd1 and hd2. I changed the grub.cfg to all possible combinations of those and none of them worked. I'm trying a USB flash drive now, will report back if it works or not.
Click to expand...

First try booting without EFI, in legacy mode.
 
The USB flash drive did not work either, but that may be because of my stupid motherboard or user error. I created the drive according to the instructions in the OP, and once again my motherboard did not recognize it as a boot option. I manually created a boot entry once again and this time it simply refuses to boot from the USB at all. No error messages, nothing. Just reverts back to the second boot option. This suggests to me that it can't find the .efi file for some reason (I did double check the path I put in the boot entry).
Regeneration said:
First try booting without EFI, in legacy mode.
Click to expand...
I don't know how I would do that to be honest. If I select either the secondary drive or the USB flash drive to boot from in the bios (instead of the manually created EFI entries) it simply tells me there's no operating system detected.
 
You must log in or register to reply here.
Back
Top