Phoronix has recently uncovered an intriguing Linux update, with kernel improvements being prepared to handle greater microcode payloads—they believe that "future AMD CPUs will be getting larger microcode patches." The timing could suggest that upcoming Zen 5 processors will be likely candidates to meet new requirements: "Right now the Linux kernel has a maximum microcode patch size for AMD CPUs that is three times the kernel's page size (typically 4K). But with a patch (published on July 20) that will "increase substantially" to eight times the page size. The increase is intentionally quite a magnitude larger in order to avoid future patches further having to bump the patch size limit in later generations." Earlier this month, some GitHub entries demonstrated that AMD engineers had patched Linux 6.5 with updates for "Family 26" (1Ah) CPU enablement," which Phoronix believes to be for next-gen platforms (Zen 5): "It's also not elaborated on why the CPU microcode size will be increasing. In any event the simple patch to bump the AMD CPU microcode limit is now out for review. It's also marked for back-porting to existing stable kernel versions."

GIGABYTE TECHNOLOGY Co. Ltd, a leading manufacturer of motherboards, graphics cards, and hardware solutions, announced today the latest BIOS update just recently for AMD platform motherboards. It not only supports 3rd Gen. AMD Ryzen XT desktop processors, but also provides effective solutions for some of the hidden SMM Callout related security issues on the AMD APU.

GIGABYTE has been working closely with AMD to provide the best performance, enhanced user experience, and the recovery of security issues. After the previous release of new BIOS for Ryzen XT processors, GIGABYTE is also aware of the possibility of SMM Callout related security issues on AMD APU processors released from 2016 to 2019. The issue enables attackers to execute any coding and control the whole system through the system manage mode of AMD AGESA microcode.

AMD formally announced its AGESA ComboAM4 1.0.0.5 microcode. The new microcode is intended to be encapsulated into motherboard UEFI firmware updates and distributed by motherboard- and OEM desktop manufacturers, at their discretion. AGESA 1.0.0.5 improves POST (time) with select Micron Technology DDR4-3200 memory chips. An intermittent virtual memory error with certain Realtek onboard Ethernet PHY chips has been fixed. The microcode also improves PCI-Express bus stability and interoperability, in general. A PCIe lane configuration issue with Ryzen 3 Pro 2100GE has been fixed. Besides these, all other performance- and stability-improvements part of older 1.0.0.4 a/ab/abb/abba microcodes are incorporated into 1.0.0.5. Keep an eye on the BIOS updates section of your socket AM4 motherboard's product page on its company website.

Microsoft today has released several microcode updates for Intel CPUs. The updates are meant to be applied in a case-by-case basis under their Windows 10 operating system, and these updates target several releases of that OS (ranging from version 1507 through version 1903/1909). These address several vulnerability exploits related to side-channel and speculative execution attacks on Intel CPUs.

The updates need to be installed specifically for the Windows OS version you're rocking, and on systems with CPUs affected by the vulnerabilities and covered by this microcode update release. These include Intel's Denverton (Atom C3000 series); Sandy Bridge, Sandy Bridge E and EP (2000 and 3000 series), Valleyview (Atom Z3000 series) and Whiskey Lake U CPUs (8000U series, 5000U series, and 4200U series). These updates must be installed manually by users.

Intel is readying a microcode update specially for its X299 Express chipset, to enhance the overclocking capabilities of its 10th generation Core i9 XE "Cascade Lake-X" processors. News of the update was put out in an MSI press release that speaks of the company encapsulating the new microcode in BIOS updates for its entire socket LGA2066 motherboard lineup.

"To enhance the overclocking capability for the newly launched Intel Core X-series Processors (Intel Core i9-10980XE, 10940X, 10920X, 10900X), Intel will provide a new microcode update," the statement from MSI reads. Besides "overclocking capability," the new microcode also helps to "maximize the overall performance" of "Cascade Lake-X" processors," says MSI. The company does not describe what specifically these changes are. The microcode update will be released to end-users as BIOS updates by motherboard manufacturers, so be on the lookout for one, if you're using "Cascade Lake-X."

Microsoft started deploying microcode updates to some of Intel's older Core, Pentium, and Celeron processor generations through Windows Update. The latest Cumulative Update packages chronicled under "KB4497165" apply to machines running Intel's 4th generation Core "Haswell" processors, and low-power Pentium and Celeron chips based on "Apollo Lake," "Gemini Lake," "Valley View," and "Cherry View" microarchitectures.

The microcode update provides firmware-level hardening against four major variants of the MDS class of security vulnerabilities, namely CVE-2019-11091 (MDS Uncacheable Memory), CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling), CVE-2018-12127 (Microarchitectural Load Port Data Sampling), and CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling).

MSI mid-March began quietly rolling out BIOS updates for its socket AM4 motherboards based on AMD 400-series chipset, with a very ominous BIOS change-log entry: "Support new upcoming AMD CPU." At first, we dismissed this for being the company's follow-up to its 6th March announcement of support for some of the newer Athlon processor models, namely the 220GE and 240GE. After updating our MSI B450 Gaming Pro Carbon AC with one of these BIOSes, however, we discovered a very interesting microcode string - AGESA COMBO-AM4 0.0.7.2.

Such a major change in AGESA shouldn't be warranted to add support for two new chips based on existing "Raven Ridge" architecture that both AGESA "Summit Ridge" and AGESA PiR (Pinnacle Ridge) series microcodes should be able to comfortably run. We spoke with sources familiar with AMD microcode, who revealed that this AGESA COMBO-AM4 0.0.7.2 is designed for the upcoming "Zen 2" microarchitecture, and its first socket AM4 implementation, codenamed "Matisse." AMD internal versions of AGESA with Matisse support begin with the version sequence 0.0.7.x., and as we head closer to formal launch of these chips, AMD could release a 1.0.0.0 version of "AGESA COMBO-AM4." For our B450 Gaming Pro Carbon AC, the BIOS version packing this new AGESA is v1.60, and we wager this board should now be able to run Ryzen "Matisse" engineering samples. Now, if we can only get our hands on one.

Much of the secret sauce that made Intel processors faster than AMD is going sour, as the cybersecurity community is finding gaping security vulnerabilities by exploiting features such as speculative execution. Intel's microcode updates that mitigate these vulnerabilities impact performance. Intel isn't too happy about public performance numbers put out by its customers, which it fears could blunt the competitive edge of its products. The company has hence updated the license terms governing the microcode update distribution to explicitly forbid its users from publishing comparative "before/after" performance numbers of patched processors.

The updated license for the microcode update has this controversial sentence (pay attention to "v"):

"You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results."

A new variant of the "Spectre" CPU vulnerability was discovered affecting Intel processors, by security researchers Vladimir Kiriansky and Carl Waldspurger, who are eligible to bag a USD $100,000 bounty by Intel, inviting researchers to sniff out vulnerabilities from its processors. This discovery, chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. The company is also expected to announce quarterly CPU microcode updates to allay fears of its enterprise customers.

The new vulnerability, like most other "Spectre" variants, targets the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information, according to "The Register." Intel chronicled this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. You can also catch a more detailed whitepaper from the researchers themselves.

Following all of the unofficial, tentative tidbits of information following Intel's on-again, off-again 9000 series CPU lineup (which still belongs to the 8th Generation), we now have official confirmation - as is usual, through Intel's documentation. In this instance, the "culprit" is Intel's Microcode Revision Guidance. The Coffee Lake S series featuring 6+2 configurations are now listed with Core i5-9600(K), Core i5-9500(T) and the Core i5-9400, while the Core i3-9100 and Core i3-9000 SKUs are listed with a 4+2 configuration.

Update: Intel's 8th Gen Specification Update now lists clocks and core count for the aforementioned CPUs. Overall, there's an increased 100 or 200 MHz Max Turbo frequency across the board within the same TDP package, and some instances of 100 MHz base frequency increases over Intel's 8000 series CPUs (can't just call them 8th gen anymore now can we?). The 9600K, for example, increases base clocks from the 8600K by 100 MHz (up to 3.7 GHz base), but pole-vaults its predecessor in maximum Turbo (up to 4.5 GHz).

Intel today released the latest round of CPU micro-code updates for its processors, which expand support for Intel processor microarchitectures ranging all the way back to 1st generation Core "Westmere," and "Lynnfield," and including "Sandy Bridge" and "Ivy Bridge" along the way, at various stages of roll-out (beta, pre-production, and production). This update probably features hardening against "Spectre" variant 4, and perhaps even RSRR (rogue system register read) variant 3A, chronicled in CVE-2018-3640.

Intel on their latest Microcode Revision Guidance Guide has apparently stopped development of mitigations for some of its processor families that still haven't been updated to combat the threat of Spectre. The odyssey for the return to form of security on Intel products has been a steep, and a slow one, as the company has struggled to deploy mitigations for speculative code execution on its processor families that run it. Updates for some families of products, however - such as Penryn, Wolfdale, Bloomfield and Yorkfield, among others - are apparently not going to get an update at all.

Via updated documents on its Microcode Revision guide, Intel has revealed that they have finally developed and started deploying microcode security updates for their Broadwell and Haswell-based microprocessors. The microcode update comes after a flurry of nearly platform-specific updates that aimed to mitigate known vulnerabilities in Intel's CPUs to the exploits known as Spectre and Meltdown.

While that's good news, Intel's patching odyssey still isn't over, by any means. According to Intel's documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners, so that's two other architectures that still remain vulnerable. Of course, this discussion of who's vulnerable and isn't really can't be reduced to which architectures Intel has released its updates to. Users have to remember that the trickle-down process from Intel's patch validation and distribution through manufacturers to end users' systems is a morose one, and is also partially in the hands of sometimes not too tech-savy users. Time will tell if these flaws will have any major impact in some users or businesses.

In another step of our Spectre/Meltdown odyssey, Intel has started deployment of a fixed update for its Skylake processors, which aims to neuter chances of a malicious attacker exploiting the (now) known vulnerabilities. This update, which comes after a botched first update attempt that was causing widespread system reboots and prompted Intel to change its update guidelines, is only for the Skylake platform; other Intel CPUs' updates remain in Beta state, and there's no word on when they might see a final deployment.

The new microcode is being distributed to industry partners, so that they can include it in a new range of firmware updates that will, hopefully, end the instability and vulnerabilities present in current mobile and desktop Skylake implementations. Users of other Intel architectures will still have to wait a while longer before updates for their systems are certified by Intel, distributed to industry partners, and then trickle to end users via firmware updates.

A critical flaw was discovered in the way Intel implemented its simultaneous multi-threading technology, HyperThreading, on "Skylake" and "Kaby Lake" processors. Being a micro-architecture specific flaw, this could affect all implementations, from low-power mobile chips, to mainstream desktop, high-end desktop, and perhaps even enterprise-segment Xeon processors. At this time, there are no security implications of this flaw.

Intel chronicled this flaw in its micro-architecture errata "SKZ7/SKW144/SKL150/SKX150/SKZ7/KBL095/KBW095," and described it as follows: "Under complex micro-architectural conditions, short loops of less than 64 instructions that use AH, BH, CH or DH registers as well as their corresponding wider register (e.g. RAX, EAX or AX for AH) may cause unpredictable system behavior. This can only happen when both logical processors on the same physical processor are active." As an implication, Intel goes on to note that Due to this erratum, the system may experience unpredictable system behavior."