cancel
Showing results for 
Search instead for 
Did you mean: 

SPECTRE and MELTDOWN: Bug rocks Intel / ARM CPUs

segfaulted
Level 7
Kinda glad I bought AMD this round. For those who don't know there is a new bug affecting just about every SKU from Intel made in the last .. ohh.. _DECADE_ or so. It's actually worse then F00F or FDIV. Only mitigation appears to castrate the CPU upward of 30%! (depending on processes).

Can Asus confirm AMD and more importantly for me, this or any AMD motherboard are not affected? If so, will there be RMAs?

Fun fact, Intel's CEO dumped stock back in November before they started issuing gags on people from even talking about it.

*****ASUS advisory page(may get updated): https://www.asus.com/News/V5urzYAT6myCC1o2 ******
571 Views
701 REPLIES 701

sblantipodi
Level 9
why there are only two boards on the X99 side at this "official statement"?
https://www.asus.com/News/V5urzYAT6myCC1o2?_ga=2.120172680.1011819593.1515331862-602409523.150419870...

Okay, so this is what Intel said on my thread on Intel community forum. https://communities.intel.com/thread/121316

" Hello 12InchesSoft,

Thank you for contacting Intel Support,

I understand that you want information about a BIOS update for 4th Generation processors in regards the "Spectre" situation.

In regards this, Along with other companies whose platforms are impacted, Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop software and firmware updates that can protect computers from these methods. It is important to apply mentioned updates as soon as they are available.

For details on how to protect your system please refer to this site for more information

This is all the information he handle at the moment, I apologize for any inconvenience."

So to my understanding, Intel will not release the Spectre patch microcode to the public yet.

RamGuy
Level 7
I tried to load the 20170707 Intel Microcode on my fiancee's machine running Rampage IV Extreme and Intel Core i7-3960X using the VMWare Driver and it claims "No CPUs needed an update. Your system might not need this driver." but the microcode is still reported as 710 like it was before and the SpeculationControlSettings still says;

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

RamGuy wrote:
I tried to load the 20170707 Intel Microcode on my fiancee's machine running Rampage IV Extreme and Intel Core i7-3960X using the VMWare Driver and it claims "No CPUs needed an update. Your system might not need this driver." but the microcode is still reported as 710 like it was before and the SpeculationControlSettings still says;

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True


I had to download (dated 2018-1-4) microcode from a debian source file. https://packages.debian.org/buster/i386/intel-microcode/download
Then you have to have something like 7-zip to detar the .deb file and find the microcode directory. You have to find the binary for your processor family_revision_stepping.bin etc.

Then I found this python tool to convert the binary to .dat file. https://github.com/bgw/bdw-ucode-update-tool/blob/master/scripts/bin2dat.py

Then I re-installed the Vmdriver with that dat file.. Now I see that the CPU microcode updates and I have the hardware support showing up now. However windows isn't enabling it because of the microcode is not updated before the boot up. That is why in order for the driver way to work we need some way to get windows to enable the fix support on the fly or some manual way of enabling it. If not then this way is pretty much a dead horse. Which is a shame cause this would at least let people with older systems keep running without a BIOS fix.

firefox2026 wrote:
I had to download (dated 2018-1-4) microcode from a debian source file. https://packages.debian.org/buster/i386/intel-microcode/download
Then you have to have something like 7-zip to detar the .deb file and find the microcode directory. You have to find the binary for your processor family_revision_stepping.bin etc.

Then I found this python tool to convert the binary to .dat file. https://github.com/bgw/bdw-ucode-update-tool/blob/master/scripts/bin2dat.py

Then I re-installed the Vmdriver with that dat file.. Now I see that the CPU microcode updates and I have the hardware support showing up now. However windows isn't enabling it because of the microcode is not updated before the boot up. That is why in order for the driver way to work we need some way to get windows to enable the fix support on the fly or some manual way of enabling it. If not then this way is pretty much a dead horse. Which is a shame cause this would at least let people with older systems keep running without a BIOS fix.



I tried with these as well on both of my systems that will most likely never get a BIOS/UEFI update. These are dated 20171215 aka 2017-12-15 and not 2018-1-4. I still get the same "No CPUs needed an update. Your system might not need this driver." in the Event Viewer.

This was on a Asus Rampage IV Extreme with a Intel Core i7-3960X and on a Asus P8B-E/4L with a Intel Xeon E3-1275v2. The latest one hasn't seen a BIOS update for a very long time so I'm pretty sure both the 20171215 and the 20170707 release should contain something unless the microcode for that model hasn't been changed in ages. But the disclaimer on Intel's Support Site lists both the i7-3960X and the E3-1275v2 as a part of the 20170707 release so I guess I have to be doing something wrong?


EDIT:

Intel just officially release a new 20180108 package on their website;
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File

I will give that a go. Both CPU's are listed in this release as well and as this one certainly contains the fix I will just go ahead and mod my Rampage IV Extreme BIOS. On the P8B-E/4L I'm out of luck as there is no way to flash modified BIOS onto it as it has no BIOS Flashback feature which is the only way I know of in order to bypass the UEFI Firmware verification.

firefox2026 wrote:

Then I found this python tool to convert the binary to .dat file. https://github.com/bgw/bdw-ucode-update-tool/blob/master/scripts/bin2dat.py

Then I re-installed the Vmdriver with that dat file.. Now I see that the CPU microcode updates and I have the hardware support showing up now. However windows isn't enabling it because of the microcode is not updated before the boot up. That is why in order for the driver way to work we need some way to get windows to enable the fix support on the fly or some manual way of enabling it. If not then this way is pretty much a dead horse. Which is a shame cause this would at least let people with older systems keep running without a BIOS fix.


At first, thank you for the URL to the binary2ascii microcode converter!

Two questions:

1) Did you try to restart computer? MIcrocode could survive during this process.
2) Do you have registry keys (https://support.microsoft.com/en-ca/help/4072698/windows-server-guidance-to-protect-against-the-spec...), which explicitly enable MS update?
3) Could you please show the output of Get-SpeculativeControlSettings?

I not expect any update and did it myself. I havE z97 maximus hero VII i paid lot but asus told its 5 years old and no updates planned anymore witch is bad thinking for sutch issue.

70375

Here is bios for M7H i made its highly optmized for my needs so your own risks but if it work for me whay not to othes use flashback from usb stick while pc is off. Tested only devils rest cpus idk. Might its haswell devils canyon only for broadw i not updated microcode.

https://drive.google.com/open?id=1d6HASLGvwkVE0PnSEYwkk02QYnqe3O9e

Why are the BIOS updates for ROG STRIX X299-E GAMING late? I heard that ASUS were releasing BIOS updates for X299 boards yesterday, but the ASUS support/download page for ROG STRIX X299-E GAMING boards has not been updated with BIOS 1102 yet as advertised here https://www.asus.com/News/V5urzYAT6myCC1o2

So, where can I obtain BIOS version 1102?

donavanbadboy wrote:
Why are the BIOS updates for ROG STRIX X299-E GAMING late? I heard that ASUS were releasing BIOS updates for X299 boards yesterday, but the ASUS support/download page for ROG STRIX X299-E GAMING boards has not been updated with BIOS 1102 yet as advertised here https://www.asus.com/News/V5urzYAT6myCC1o2

So, where can I obtain BIOS version 1102?


SAME HERE for the X99 STRIX, Still BIOS 1801 on the driver Asus download page, where is the bios 1901 ?!!

ELIESEH wrote:
SAME HERE for the X99 STRIX, Still BIOS 1801 on the driver Asus download page, where is the bios 1901 ?!!


Intel vows to stop Meltdown and Spectre by end of January, so let's see if they keep their vows to us consumers. http://www.techradar.com/news/intel-vows-to-stop-meltdown-and-spectre-by-the-end-of-january

In the article news, Intel CEO said " The company's CEO Brian Krzanich used the opening moments of the keynote to promise that the company would patch 90% of affected processors made in the past five years by the end of this week. From there, the following 10% of vulnerable processors will see fixes by the end of the month."

So I suggest everyone to wait and be patient ( at least I am patient right now) for the official BIOS push out from the motherboard vendor. As Intel said, in order to exploit Meltdown and Spectre, you need to visit a malicious site then download, install, and run the malicious application. Usually, your antivirus will stop it in the first place.