On 9/19/18 1:27 PM, Christoph wrote: > it is working thx a lot... > > but it has included the GenuineIntel.bin only in actually used kernel... > do I need to reinstall microcode_ctl every time I update the kernel? > And second question, I quess I still need the ucode = scan as xen > parameter right? You won't need to reinstall microcode_ctl. Once you create the file at /etc/microcode_ctl/ucode_with_caveats/force any time you update the kernel or microcode_ctl it will put the microcode into the initramfs automatically. You do need to keep ucode=scan on the Xen command line because that is how it knows to scan the initramfs for the microcode. > > Am 2018-09-19 20:08, schrieb Kevin Stange: >> On 9/19/18 1:55 AM, Christoph wrote: >>> >>> Hi >>> >>> can someone say me how to update the µcode of the cpu with xen? >>> >>> I have added the ucode=scan parameter to xen but it does not seem to >>> work... >>> >>> the µcode version of my xeon is really old :/ >>> >>> model name : Intel(R) Xeon(R) CPU E3-1271 v3 @ 3.60GHz >>> microcode : 0x10 >>> >> >> There is a "caveat" in the current version of microcode_ctl which means >> it doesn't automatically install the microcode into the initramfs if the >> kernel isn't "known good" because of various issues with Linux kernel >> patches being needed for certain microcode features. There is a quick >> way to get it to force the microcode into the initramfs of any kernel: >> >> mkdir -p /etc/microcode_ctl/ucode_with_caveats/ >> touch /etc/microcode_ctl/ucode_with_caveats/force >> >> This only works with the most recent version of microcode_ctl >> (2.1-29.16.el7_5.x86_64). If you do this, you can then run 'yum >> reinstall microcode_ctl' and you should get the microcode in the >> initramfs after it finishes. Note that this will cause it to trust ALL >> kernels and all microcode versions which might not always be a good >> thing. See this file for info: >> >> /usr/share/doc/microcode_ctl/README.caveats >> >> You can test that the initramfs has the microcode by running cpio: >> >> cpio -t < /boot/initramfs-4.9.112-32.el7.x86_64.img >> >> If there is a GenuineIntel.bin you should be good. If you get spammed >> with errors, then it isn't included. > -- Kevin Stange Chief Technology Officer Steadfast | Managed Infrastructure, Datacenter and Cloud Services 800 S Wells, Suite 190 | Chicago, IL 60607 312.602.2689 X203 | Fax: 312.602.2688 kevin at steadfast.net | www.steadfast.net