Linux 6.16 will warn users about outdated Intel microcode
Intel is routinely releasing new microcode for their processors to improve the processor’s performance and to fix critical issues, especially when dealing with security vulnerabilities that may be found in old microcode versions. This is to ensure that your system becomes more secure than before by eliminating security vulnerabilities.
A patch has been queued to the Linux kernel tip repository that will make its way to the Linux 6.16 kernel. It warns the user on boot that the microcode version for the processor is old and that it needs to be updated to ensure security. Userspace applications can determine whether your computer is using the old microcode via the /sys/devices/system/cpu/vulnerabilities/old_microcode file.
The kernel, if running in the old microcode, will be tainted with the TAINT_CPU_OUT_OF_SPEC flag, making it more difficult for kernel bugs that have to do with the old microcode to be reported directly to the bug tracker. The implementation relies on a manually-maintained list of processors found in the intel-ucode-defs.h file. It contains a list of structures that contain the following variables:
X86_CPU_ID_FLAG_ENTRY_VALID
)X86_VENDOR_INTEL
)0x6
or 0xf
)Not only that, but all processors that are running on a debug microcode (that is, microcode ID with the 31st bit set to 1) are considered to be old.
We advise you to update your processor’s microcode to the latest version to ensure that there are no security vulnerabilities present.