On 01/18/18 09:01, Johnny Hughes wrote:
On 01/18/2018 07:51 AM, Phelps, Matthew wrote:
On Thu, Jan 18, 2018 at 5:03 AM, Johnny Hughes johnny@centos.org wrote:
So, if we applied the previous microcode update, and all our machines rebooted OK, then we don't need to fallback?
Also, do we know if the updated CentOS microcode RPM reverted the microcode for *all* Intel CPUs, or just the ones that had issues? In other words, if I apply the latest microcode update to our 100+ machines (which all have the previous update, and are OK) will they revert to a vulnerable state?
It reverted for all .. but, your machines may or may not be protected as only a subset of machines were updated with the original microcode from Intel.
It is your call as to what you install .. but the correct method is to install the current microcode_ctl .. and then research your specific machine, its CPU, chipset, firmware .. go to the vendor and make sure you get all the things necessary to mitigate the issues. It will be different for each CPU vendor (Intel or AMD), each CPU / Chipset combo, and even each vendor (Dell may have new firmware for x and y but not z models, etc.)
There is no one size fits all update for this issue.
OK, so color me confused about the timing in all this.
Do we update the microcode now or do we wait until the latest microcode_ctl rpm is available and then tackle this issue?