On Thu, 18 Jan 2018 04:03:48 -0600 Johnny Hughes johnny@centos.org wrote:
On 01/18/2018 03:41 AM, Pete Biggs wrote:
Look at:
Get the latest microcode.dat file from here:
See how to update the microcode from the links at the bottom of this page:
An before anyone asks .. I have no idea why Red Hat chose this path, they did. It doesn't matter if I (or anyone else) agrees with the decision. It is what it is.
**I'm not blaming you.**
But can I just clarify. We have to *manually* install the microcode update an EL7 in order to be protected against Spectre? EL6 as well?
Presumably this is to remove RH from the loop and to stop people blaming them - i.e. this is between Intel and the customer, it's nothing to do with them.
No, this is because at least one major CPU (Intel type 79) is completely broken by the Intel Microcode Update. Those machines can't boot after the microcode rpm is installed. It impacts at least these processors:
Intel(R) Xeon(R) CPU E5-2637 v4 @ 3.50GHz Intel(R) Xeon(R) CPU E5-2643 v4 @ 3.40GHz Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.20GHz Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.50GHz
There may be others.
As a data point, we have the updated microcode running on 600+ Haswell servers and so far no indication of problems.
We'll keep the ibrs/spectre mitigation this gives us and not revert (unless it turns out it does cause problems).
/Peter