On 01/18/18 09:01, Johnny Hughes wrote: > On 01/18/2018 07:51 AM, Phelps, Matthew wrote: >> On Thu, Jan 18, 2018 at 5:03 AM, Johnny Hughes <johnny at centos.org> wrote: >> >> So, if we applied the previous microcode update, and all our machines >> rebooted OK, then we don't need to fallback? >> >> Also, do we know if the updated CentOS microcode RPM reverted the microcode >> for *all* Intel CPUs, or just the ones that had issues? In other words, if >> I apply the latest microcode update to our 100+ machines (which all have >> the previous update, and are OK) will they revert to a vulnerable state? >> >> > It reverted for all .. but, your machines may or may not be protected as > only a subset of machines were updated with the original microcode from > Intel. > > It is your call as to what you install .. but the correct method is to > install the current microcode_ctl .. and then research your specific > machine, its CPU, chipset, firmware .. go to the vendor and make sure > you get all the things necessary to mitigate the issues. It will be > different for each CPU vendor (Intel or AMD), each CPU / Chipset combo, > and even each vendor (Dell may have new firmware for x and y but not z > models, etc.) > > There is no one size fits all update for this issue. > OK, so color me confused about the timing in all this. Do we update the microcode now or do we wait until the latest microcode_ctl rpm is available and then tackle this issue? -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.