AMD Microcode updates not working?

romatthe · June 22, 2021, 1:12am

On my latest NixOS install I suddenly noticed that during the boot process I received the now-famous message:

RDRAND gives funky smelling output, might consider not using it by booting with nordrand

And a just a few hours later, when trying to start the Nheko Matrix client, I got this:

𝝺 nheko
WARNING: CPU random generator seem to be failing, disabling hardware random number generation
WARNING: RDRND generated: 0xffffffff 0xffffffff 0xffffffff 0xffffffff

Now, I have Ryzen 7 3700x CPU, which I know did have some issues regarding RdRand a while back. My motherboard’s (an MSI B450 Tomahawk) BIOS is not up to date with the latest firmware version, so I assume that flashing the latest firmware version will fix this issue. Alternatively, I could probably boot with the nordrand kernel option.

However, I do find this a little strange, because I have hardware.cpu.amd.updateMicrocode = true; set in my configuration. Should this issue not have been fixed by newer CPU microcode updates? Weren’t these updates included in the Linux kernel a long time ago?

I’m on NixOS 21.05 with Linux kernel 5.12.10:

𝝺 uname -a
Linux yokohama 5.12.10 #1-NixOS SMP Thu Jun 10 11:41:49 UTC 2021 x86_64 GNU/Linux

Have a look through /proc/sysinfo reveals that I am what looks like microcode version 0x8701013, which I think might indeed be quite old, but I’m unsure because it’s so hard to get any decent info on microcode versions out there.

𝝺 grep 'model\|microcode' /proc/cpuinfo
model		: 113
model name	: AMD Ryzen 7 3700X 8-Core Processor
microcode	: 0x8701013

I’m a little confused on this, can anyone provide me with some hints on how to take care of this? I’d rather first figure out why this is happening before fixing it with a BIOS firmware update or using nordrand.

romatthe · June 23, 2021, 12:50pm

I’ve been looking around for more information on this, and it seems that the latest microcode version for my CPU is 0x8701021 dated 2020/01/25. In other words, I am most certainly not running the latest microcode patch.

romatthe · June 23, 2021, 4:54pm

Additionally, the AuthenticAMD.bin extracted from the initrd from a build of my configuration with hardware.cpu.amd.updateMicrocode = true; and with hardware.cpu.amd.updateMicrocode = false; both have the exact same checksum. I’m not sure if this is at all signifcant.

jonringer · June 23, 2021, 5:12pm

the microcode comes from the linux unfree firmware:

# release-21.05
nix-repl> builtins.parseDrvName microcodeAmd.name
{ name = "amd-ucode"; version = "2021-05-11"; }

did you set hardware.enableRedistributableFirmware = true;?

romatthe · June 23, 2021, 5:25pm

Hah, I had just managed to figure out where the microcode was coming from myself .

I have not explicitly set that option, have never seen it before. I’ll give that a shot when I can, though I thought allowUnfree = true; should have been enough?

romatthe · June 23, 2021, 5:43pm

I’ve quickly tried it out, rebuilt my system with that flag set to true, but it did not seem to make a difference. I can’t figure this one out. Am I looking at something buggy or am I just doing something incredibly stupid?

jonringer · June 23, 2021, 6:32pm

Hmm, I actually have the same issue. But everything seems to be built fine…

One thing to remember is that the microcode is added to the initrd, so you have to reboot for the change to take effect.

romatthe · June 23, 2021, 8:28pm

Yes, I’ve rebooted about a billion times by now

Like you said, I think everything builds just fine, the initrd that results from the build even includes an AuthenticAMD.bin, as it should, but I doubt there is a proper way to inspect what is actually makes up that image…

Artturin · June 24, 2021, 3:44am

Send the output of
dmesg | grep microcode
which bootloader are you 2 using?

romatthe · June 24, 2021, 12:26pm

As you can see, no output of any microcode being loaded:

𝝺 dmesg | grep microcode
[    0.231199] microcode: CPU0: patch_level=0x08701013
[    0.231202] microcode: CPU1: patch_level=0x08701013
[    0.231206] microcode: CPU2: patch_level=0x08701013
[    0.231209] microcode: CPU3: patch_level=0x08701013
[    0.231214] microcode: CPU4: patch_level=0x08701013
[    0.231219] microcode: CPU5: patch_level=0x08701013
[    0.231223] microcode: CPU6: patch_level=0x08701013
[    0.231228] microcode: CPU7: patch_level=0x08701013
[    0.231231] microcode: CPU8: patch_level=0x08701013
[    0.231233] microcode: CPU9: patch_level=0x08701013
[    0.231236] microcode: CPU10: patch_level=0x08701013
[    0.231239] microcode: CPU11: patch_level=0x08701013
[    0.231242] microcode: CPU12: patch_level=0x08701013
[    0.231246] microcode: CPU13: patch_level=0x08701013
[    0.231250] microcode: CPU14: patch_level=0x08701013
[    0.231254] microcode: CPU15: patch_level=0x08701013
[    0.231257] microcode: Microcode Update Driver: v2.2.

I’m currently on systemd-boot.

romatthe · June 26, 2021, 5:18pm

I tried to make some time to switch over to booting with GRUB today, but because I dual boot Windows (to play games), I ran into some trouble, so I haven’t been able to pull it off just yet.

Atemu · June 26, 2021, 8:36pm

Make sure to enable os-prober.

maniacal_snail · August 26, 2022, 4:12pm

Sorry to necro this, but any of you guys ever managed to solve this? Thanks in advance!