[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-19:07.mds
mike tancsa
mike at sentex.net
Wed May 15 13:32:25 UTC 2019
On 5/15/2019 8:18 AM, Wall, Stephen wrote:
>> New CPU microcode may be available in a BIOS update from your system vendor,
>> or by installing the devcpu-data package or sysutils/devcpu-data port.
>> Ensure that the BIOS update or devcpu-data package is dated after 2014-05-14.
>>
>> If using the package or port the microcode update can be applied at boot time
>> by adding the following lines to the system's /boot/loader.conf:
>>
>> cpu_microcode_load="YES"
>> cpu_microcode_name="/boot/firmware/intel-ucode.bin"
> Is this applicable in a virtualized environment, or only on bare metal?
> If not applicable in a VM, is it at least harmless?
Actually, just tried this on RELENG_11 (r347613) and I get
don't know how to load module '/boot/firmware/intel-ucode.bin'
In boot/loader.conf I have
cpu_microcode_load="YES"
cpu_microcode_name="/boot/firmware/intel-ucode.bin"
# ls -l /boot/firmware/intel-ucode.bin
-rw-r--r-- 1 root wheel uarch 2571264 May 15 08:47
/boot/firmware/intel-ucode.bin
# sha256 /boot/firmware/intel-ucode.bin
SHA256 (/boot/firmware/intel-ucode.bin) =
1fdb3a25467d285394eded8039ee8ab488f074903654981d35a4cdfe6ebf12fc
More information about the freebsd-security
mailing list