newer intel microcode
|Reported by:||Owned by:|
The latest version at intel is 20180425.
As well as intel-ucode/ the tarball contains a linux-patches/ directory, with a note that these patches are to quiesce all logical CPUs during a live update after the system is booted, and that they are all upstream in latest supported 4.14 or later kernels (but not 4.9 or 4.4 at that date).
My haswell got a new update, to 0x24, which I assumed was to fix spec_store_bypass. But after booting with early update my machine is still marked as 'vulnerable'. I found the documentation on how to set the kernel parameter ambiguous (too many negatives), so I have tried booting both with forcing 'on' and with forcing 'off', as well as the default of not specifying. But in each case, 'vulnerable'.
I assume that if the vulnerability is fixed, the machine will be slower (hence the other values for the boot param). So I wanted to test that, but apparently I can't.
Perhaps I should mention that my machine's newer firmware is dated in January.
Maybe I'm doing something wrong, but I'm not willing to touch this issue until I understand it.