We all know about Spectre and Meltdown, at this point. The take away is the while Meltdown can be solved/worked around with a (complex and invasive) kernel patch (namely KAISER/PTI), Spectre requires an updated microcode with advanced branch control.
Until some days ago, Red Hat shipped an updated microcode_ctl package which, in some (but not all) cases, had the appropriate microcode to patch/update (early in the boot process) the base processor microcode.
However, it seems the updated microcode causes system instability, unexpected reboot and even unbootable systems. So Red Hat reverted the microcode_ctl package to not load the microcode update needed to fix Spectre. Now their official suggestion is "to contact their silicon vendor to get the latest microcode for their particular processor".
While understandable, this stance only move the "instability provider" down from the OS to the BIOS/firmware itself.
So, my question is: how to you feel about the microcode update? Have you applied the new BIOS/firmware to production systems? Any instability to report/comment? Finally, should I wait for a new "patch round" or you advise to immediately apply the BIOS/firmware fix?
No comments:
Post a Comment