Since I have hardware.cpu.amd.updateMicrocode set, I figured this would long have been fixed, so I guessed I needed a BIOS update or such, but after applying it that hasn’t fixed the problem.
I checked my cpuinfo:
tlater ~ $ grep 'model\|microcode' /proc/cpuinfo
model : 33
model name : AMD Ryzen 5 5600X 6-Core Processor
microcode : 0xa201025
The latest appears to be 0xaa00212.
This is a bit concerning, lots of NixOS systems will be vulnerable to that speculative execution bug, despite users believing they are mitigating it. Does anyone have any idea what’s going wrong?
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 5 5600 6-Core Processor
microcode : 0xa20120a
That’s not it, I went trawling through nixpkgs, latest linux-firmware is backported since ~March this year. We’re currently on August 9 as the version number states, but at least my microcode version is 2 years (!) old.
I’ve since learned that linux-firmware contains different microcodes for a variety of amd processor families. The nixpkgs package appears to bundle them all, but maybe one is missing? My next attempt was going to be grabbing a debian/arch/gentoo package and forcing it into initrd manually to see if it’s a packaging error.
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
model : 33
model name : AMD Ryzen 9 5950X 16-Core Processor
microcode : 0xa20120a
BIOS is version 4802 (2023-07-14) for Asus Prime X570-PRO with change notes:
Update AGESA version to ComboV2PI 1.2.0.A
Mitigate the AMD potential security vulnerabilities for AMD Athlon™ processors and Ryzen™ processors
Improve system stability
NixOS version is NixOS 23.11.20230728.2a9d660 (tapir). I believe this is before the microcode updates were added? My interpretation of the command output is that perhaps the BIOS update applied the mitigations to my system?
That’s two years old, your microcode is just as outdated as mine.
Don’t know why the warning doesn’t show. Your kernel might be different from linuxPackages_latest? I switched to xanmod recently which doesn’t apparently.
However, my microcode has not been updated since 2021, and I’ve kept up with BIOS updatea. Has there simply been no consumer-facing microcode update since? There clearly are other microcode numbers floating around, so I doubt it…
That would be why I don’t get the warning then. I am using the ZFS latestcompatiblelinux kernel, which is on an older version of Linux. And my NixOS revision would be before that warning would have been backported I believe.
If that’s true, well damn. Sucks to have an AMD processor. According to the documentation of the third party collection repo the motherboard vendors have some discretion as to whether to push the updates, in theory to ensure stability, but I’d not be surprised if Gigabyte just don’t bother.
I’ll wait until September and then see if I can contact support of either company to confirm this, and find out how AMD actually intends for users to upgrade their microcode. If it’s by BIOS update, and Gigabyte refuses to actually do so, guess I’ll add that unofficial workaround to nixos-hardware or something?
I checked the BIOS of my mainboard and found that the latest version from 2023-08-04 states “Update AGESA to ComboAM5 1.0.0.7b” which is of course older than the version AMD plans to push to OEMs (ComboAM5 1.0.8.0 (Target August 2023)). I wonder if AMD already published such a version. Personally I guess not