According to https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf Intel have, in the last few days, released production microcode to address Spectre and Meltdown on the Haswell CPUs. The CPU in my laptop is Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz (family: 0x6, model: 0x3c, stepping: 0x3). I built my own Gnu/Linux system using Linux From Scratch, so I need to update the microcode myself - i.e. there won't be an automatic update from a distro vendor. Where do I find the microcode data file for this update, please? The latest version available from downloadcenter.intel.com is 20171117.
Let's be clear: The Meltdown and SpectreA vulnerabilities cannot be fixed in microcode. The updated microcodes being released only contains a fix for the SpectreB vulnerability. It is thus important to be running a kernel that includes the workarounds for Meltdown and SpectreA. You can get the updated microcode from the same repository from which you get the updated kernel source.
Sorry, imprecise wording on my part. I already have a 4.15.7 kernel with all of it's Meltdown and Spectre mitigations. As I understand it, however, there are a few cases where IBRS/IBPB wiil be required to provide the mitigation. Consequently, I'm looking for the announced production microcode. Are you saying that I can get it from kernel.org, which is where I get the kernel source from?
Yes, you should be able to (once it gets there). I am no expert on how this stuff is distributed in the Linux world. They have to have a repository somewhere.
Intel is tracking, by product, when they will release BIOS updates that contain updated microcode. If you watch these schedules, you should be able to infer when the separate microcode files will be made available. Here are the schedule sites; watch them for updates:
https://www.intel.com/content/www/us/en/support/articles/000026620/mini-pcs.html INTEL-SA-00088 Schedule for Intel NUC, Compute Stick and Compute Card
https://www.intel.com/content/www/us/en/support/articles/000026630/boards-and-kits/desktop-boards.ht... INTEL-SA-00088 Schedule for Intel Desktop Boards
https://www.intel.com/content/www/us/en/support/articles/000026622/server-products.html INTEL-SA-00088 Schedule for Intel Server Boards, Systems and Accessories
Hope this helps,