Search Results for 'microcode.dat'

Hi all,

In another post, I mentioned that I have been testing Intel’s latest Ghost microcodes on my production Win7 x64 machine. I was doing so for the past five days by using the VMware utility which allowed me to use Intel’s latest August uCode for my I5 Haswell CPU. The VMware Fling allowed me to do this, instead of having to create and flash a custom modded BIOS flash file for my out of warranty MSI motherboard’s BIOS in order to implement Intel’s latest August Ghost microcode.

I both coin and in the future will refer to all Intel Meltdown and Spectre mitigating CPU microcode as “Ghost” microcode, since if you read about all of these vulnerabilities which are related to the flawed CPU speculative execution and about how POC code works, you will realize that my Ghost acronym is quite appropriate. Moreover, “Ghost” also indicates all Intel CPU microcode which Intel released after December 2017 in order to mitigate Meltdown and Spectre, and all related CPU flaws.

After five days of stable testing, I finally got fed up with the extremely poor performance of the August Intel Ghostbusting microcode when running older non-multithreading capable programs on my Win7 test computer. You all have no idea how bad the slowdown becomes when running such older programs. It is bad — really bad on older CPUs. Serialized I/O, such as when running backups, is quite good when using the Ghost microcode. Yet random I/O, depending on file sizes, can take a very strong hit in terms of performance on older CPUs. And of course, I already mentioned the issue of older programs.

Nobody should go down the road of creating a custom modded BIOS file for flashing which includes Intel’s latest Ghostbusting microcode. Just don’t do it at the present time, regardless of whatever online programs which you have found to do this. Why? There are many reasons which I will not delve into at the present time. Yet the most important reasons are twofold. First, Microsoft is on track to do the same thing, at OS boot, in Win7 and in Win8x. Second, if I can can get any AV vendor to listen to me (so far, unsuccessful), I have a way to detect any Meltdown/Spectre and related exploit attempts. Any of you all work for an AV company?

I warn against (at least at the present time) installing any BIOS updates from motherboard OEMs or computer OEMs. Why? First is that you might not be able to revert to a pre-Ghost BIOS. Second is that Microsoft is working on doing the same thing by loading Intel’s Ghostbusting CPU microcode during OS boot-up. Presently Microsoft is only doing this in Windows 10, yet Microsoft will soon do so for both Win7 and Win8x. Third is that the same thing can be accomplished for Win7 and Win8x users via the VMware Fling, using the microcode.dat files which I have created and which do not include any microcodes with caveats which presently are causing severe issues for Win10 users with certain CPUs. The upshot is that everyone should “hold tight” at the present time.

Okay, so how about those who DO want to mitigate the Ghosts without having to flash their motherboard’s BIOS?

The VMware Fling works great for testing and/or implementation purposes on Win7 and Win8x for Meltdown and Spectre mitigation. Do NOT use the VMware Fling on Win10. Please do not try the VMware Fling in Win7 or Win8x. Instead, soon I will post a Dropbox for the VMware Fling which includes instructions and microcode.dat files for both December 2017 and August 2018, and which do not include any “caveat” CPU microcode which is presently causing severe issues. The December 2017 microcode.dat file will allow everyone to perform performance tests of their systems, especially if they have held off on updating at December 2017. The August 2018 microcode.dat file will then allow everyone to then perform performance tests while running Intel’s latest August Ghostbusting microcode on their CPU. Hopefully you all get the idea. The upshot is to allow you all Win7 and Win8x users to not only implement either Intel’s Ghostbusting CPU microcode or Intel’s December 2017 non-Ghostbusting CPU microcode, but also to allow you to perform comparison tests in terms of overall performance of your computer when using either of these microcodes, and to also avoid having to actually flash your motherboard’s BIOS with Intel’s latest Ghostbusting CPU microcode. Note that once you flash your BIOS with a newer BIOS version, it may be either extremely difficult or impossible to flash back to a previous BIOS version. Yet note that there usually are ways to accomplish the latter (flashing an older BIOS file, using methods which I can not disclose online.

I should have a Dropbox of the VMware Fling along with instructions and other info, available via Dropbox sometime this weekend for all of you Win7 and Win8x users to try. Note that if you encounter any issues on bootup, all that you have to do is to use either your install DVD or a recovery DVD to boot to DOS, and then to delete “microcode.dat” in your Windows\System32 folder.

Best regards,

–GTP

3 users thanked author for this post.

jburk07, Bill C., Cybertooth

WildBill wrote:

I have an ASUS X55A laptop. According to the Bleeping Computer list, “ASUS says it will release BIOS updates for affected products by the end of January.” As of ASUS’s announcement on 01/05/18, the X55A wasn’t listed. The Windows Hotfix for Win8.1 (Build 6.3.9600) is KB4056898 & the Hotfix for IE11 is KB 4056868. Not bothering with the KB’s until I also have the BIOS update from ASUS. The Saga Continues…

Hello Wild Bill,

The quote from ASUS comes with a caveat. They, like other OEMs, are not updating BIOSes for any hardware which is three years past the product’s initial release date. Yet ASUS does provide lifetime support for their products. If you push, then they probably will create an updated BIOS file for you. Yet I would not go that route.

I downloaded that last BIOS revision for your ASUS X55A. Your X55A supports four different types of CPU platforms. Two of the four types of CPU platforms which your laptop might contain do have Intel BIOS updates for Meltdown and Spectre. Unfortunately, the other two CPU platforms have no Intel BIOS updates for Meltdown and Spectre.

The two CPU platforms for which there are no Meltdown and Spectre mitigating microcode are 306A6 and 306A8.

The two CPU platforms with available Meltdown and Spectre mitigating microcode are 206A7 and 306A9.

Use GRC’s InSpectre utility to see which CPU platform you have. Hopefully InSpectre will show that you have either 206A7 or 306A9. If so, then the VMware Fling in conjunction with my tuned microcode.dat files will provide Meltdown and Spectre mitigations, without you having to flash your laptop’s BIOS. I am still a few days away from posting a Dropbox link for a ZIP of the Fling which includes the required DAT files and full instructions. I also have to tweak the Fling’s batch file installer.

A note for all Win10 users: The VMware Fling can have issues in Win10 since Microsoft already is basically doing the same thing in Win10 — having Win10 load Intel’s latest microcode for Meltdown and Spectre when Win10 boots up. Thus the VMware Fling should not be used in Win10.

Best regards,

–GTP

 

Hi all,

The VMware fling method is one method which I am working on in order to provide a viable solution for all Win7 and Win8x users (and equivalent 2008 and 2012 servers) who wish to do one of two things:

1. Use the latest Intel Meltdown and Spectre microcode, or

2. Use the latest Intel microcode which was released just prior to when Intel started releasing their Meltdown and Spectre microcode.

I haven’t tested the VMware fling in WinXP, yet I think that it may work for XP as well. Wouldn’t that be dandy!

The other method is using the UEFI BIOS Updater tool to allow users to patch downloaded BIOS flash files with the latest Intel microcode, as in #1 or #2, above. Note that this utility only works with AMI Aptio4 and Aptio5 BIOSes. Also note that this utility is only for desktop motherboards. UEFI BIOS Updater version 1.70 is out of beta and is in further pre-release testing. Please don’t flash any modified BIOS file which you create with this utility unless you absolutely know what you are doing — as in you are a really, really, REALLY experienced computer user, and as in you really, really, REALLY understand BIOS files, and that you also really, really, REALLY understand the following notes:

— Some motherboard BIOSes have a setting which will allow you to boot, using a BIOS file which resides on a USB flash drive. Don’t boot further than to a command prompt, as system instability can occur if you boot further into Windows or Linux. The point of this USB boot feature is to simply test if the BIOS file on the USB drive actually works, before you commit to actually flashing your motherboard BIOS.

— Generally, one should first reset the present BIOS to its default settings before flashing the BIOS.

— Some things must be disabled in BIOS prior to flashing. An example is Fast Boot. If you don’t know what you must disable in BIOS prior to flashing, then NEVER flash your computer’s BIOS!

— Some motherboards feature a second “recovery” BIOS chip. It is used in case you somehow royally mess up when flashing the main BIOS.

— Some motherboard OEMs will not, under normal circumstances, allow you to flash an older BIOS version. Yet some OEMs do have “special ways” to allow you to flash an older BIOS file. ASUS is an example. I am not allowed to publicly disclose how to do this, yet it is very simple to do, given the caveats which I mentioned, above.

The UEFI BIOS Updater tool requires AMI’s MMTool. This is a proprietary AMI utility which is needed by UEFI BIOS Updater. AMI no longer allows this tool to be publicly available, or to be incorporated within UEFI BIOS Updater. There either are infected versions of AMI’s MMTool out there, or true versions which are hosted on malicious web sites. Do yourself a favor and don’t go a hunting online for MMTool. I have the non-hacked versions which have been verified by both MD5 and CRC. Yeah, MD5 is depreciated as a stand-alone file verification method since it is possible to somewhat alter a file yet produce the same MD5 signature. Yet it is impossible to do the same and also produce the same CRC signature. In other words, passing both MD5 and CRC is as good as it gets. Yet the security world would prefer just one method instead of this simple combination of two methods. That is an entirely separate topic.

Presently I prefer the VMware fling method since there is no way that you can possible mess up your computer’s BIOS, and since if somehow your Windows computer won’t boot, all you have to do is to delete the microcode.dat file which the VMware method placed in your Windows\System32 folder. After doing so and successfully booting up, you can then either uninstall the VMware fling utility, or put a new microcode.dat file into the Windows\System32 folder.

Recently there was a pull request for the VMware fling. The fling itself wasn’t responsible. Instead the issue appears to be that some users had CPUs which, via the fling, loaded Intel’s Meltdown Spectre microcode which had caveats for using said microcode. Oh, of course the users were running Windows 10.

That’s all for now.

Best regards,

–GTP

1 user thanked author for this post.

AlexEiffel

GoneToPlaid wrote:

I recall that someone here posted where Microsoft stores the microcode.dat file in Windows 10?

Two possible candidates, at present…

1 user thanked author for this post.

GoneToPlaid

I recall that someone here posted where Microsoft stores the microcode.dat file in Windows 10? I think that it is saved under a different file name. For those who Xeon E5/E7 v4 or Core i7-69xx/68xx CPUs and who can’t boot Win10, deleting this file might do the trick, since this file is not removed if you try a System Restore.

@Ascaris …
There’s a windows driver developed by some VMware engineers called VMware CPU Microcode Update Driver (a VMware Fling) that will load the Intel released Linux microcode updates or AMD microcode updates during windows boot similar to what Linux does during boot.

It doesn’t replace the normal windows boot CPU microcode update sequence/functions which uses the “mcupdate_GenuineIntel.dll” and “mcupdate_AuthenticAMD.dll” files located in c:\windows\system32 folder but instead augments the boot sequence with a driver that checks against what CPU microcode has already been loaded by either the BIOS/UEFI and/or Windows and/or Linux.

If the VMware Fling driver detects that is has access to an updated microcode, it will update the CPU with its pre-stored updated microcode and will so report whether it did or not in the windows\system event log.

Problem is, the driver may or may not run in time and load it’s updated microcode prior to windows’ checking for Spectre mitigation.

If the driver runs in time, all good, if it doesn’t, windows won’t detect that CPU has latest mitigation microcode so windows won’t use any of the CPUs mitigation capability so even though the CPU will be eventually be loaded with the updated mitigation microcode when the driver eventually runs.

However, if you’re running a VM, the OS running in the VM will use the mitigated CPU functions as, when the VM boots, the updated mitigated CPU microcode will already be there, detected and used accordingly.

VWware Fling website hosting the VMware CPU Microcode Update Driver & Instructions …
https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#summary

Another minor issue is that this VMware Fling relies on Intel’s “microcode.dat” file format to read the Linux CPU microcode data. The Release Notes for Intel’s Linux CPU Microcode released 04/25/2018 state that they no longer support the “microcode.dat” file format.

However, a VMware website commenter asking for help, developed a simple windows program written in C# to convert the “intel-ucode” file format that Intel released to the previously supported “microcode.dat” format.

If you read the comments section, you’ll see that he posted download locations for both the executable & source.

Comment section showing “Intel Microcode.dat Converter” locations …
https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#comments

If you need it to run in XP (x64 or x86) you can find it here at bottom of page …
http://wp.xin.at/archives/tag/microdecode

Group B / Win 7 (Ultimate & Pro) [x64 & x86]
RDRguy