Skip to content

Conflict with microcode-updates via lvfs? / issues with ucode-updates on not-affected CPU? #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
VeldoraTheDragon opened this issue Oct 17, 2024 · 1 comment
Open

Conflict with microcode-updates via lvfs? / issues with ucode-updates on not-affected CPU? #86

VeldoraTheDragon opened this issue Oct 17, 2024 · 1 comment

Comments

@VeldoraTheDragon
Copy link

I am currently utilizing the microcode updates provided by Lenovo on the LVFS for my T16 Gen1.

However, recent CVE's (CVE-2023-39368, CVE-2023-38575, CVE-2023-28746) were ignored by Lenovo until 2024-05-09 with the release of CVE-2023-45733, even though the other three CVe's all had a higher CVSS scores than CVE-2023-45733.

Since I don't want to give up the option for firmware-updates via lvfs, microcode-updates are still getting installed on my device via lvfs, when I update the firmware of it.

  1. Now my question is, if I switch to the Arch intel-ucode package for the microcode updates, will they conflict with the microcode updates published by lenovo on the lvfs or will everything be fine?

  2. Will there be any problems, if I install every microcode-update, even though it doesn't affect my CPU?

I'd appreciate every answer I can get, so I can decide which way I want to go.
@teoberi
Copy link

teoberi commented Oct 18, 2024
edited
Loading

If the device is in the life cycle, you can use the microcode updates provided by Lenovo through the BIOS updates on the product page (recommended because some microcode updates are effective only if loaded through the BIOS).
If Lenovo provides the microcode update included in the BIOS via LVFS you can use that as well.
If the device is no longer in the life cycle, you can use intel-ucode to load the microcode that will replace the existing version in the BIOS, but as I wrote above, it is not always effective.
There should be no conflicts, the last microcode version loaded will be used even if it is not useful.
You can install every microcode update version. If the processor does not benefit from a new microcode update, nothing happens.
For critical systems (servers or workstations) it is recommended to use the version of microcode delivered by the manufacturer through the BIOS update even if it is not the newest because it is tested and is functional for that system.
https://pve.proxmox.com/wiki/Firmware_Updates
https://wiki.archlinux.org/title/Microcode

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@teoberi @VeldoraTheDragon