I am getting the following error on boot:
[ 0.033460] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode to version: 0x52 (or later)
[ 0.117431] SRBDS: Vulnerable: No microcode
Searching for the error indicates that I should install intel-microcode.
It would probably also make sense to include the AMD equivalent: amd64-microcode
My proposal would be to add these package to the image.
Hello @cnrd,
Can you describe your HW?
show hardware cpu
show hardware dmi
show hardware pci
And the second question, which VyOS version running?
Not to necrobump, but after all these years VyOS still doesn’t include intel-microcode package.
I fix this by building my own iso on my arch machine via the following commands
git clone -b current --single-branch https://github.com/vyos/vyos-build
cd vyos-build
docker run --rm -it --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash
sudo ./build-vyos-image --architecture amd64 --custom-apt-entry "deb http://deb.debian.org/debian bookworm main non-free non-free-firmware" --custom-package 'intel-microcode micro ripgrep fd-find' iso
(micro, ripgrep, fd-find can obviously be removed, I just also want those).
I confirmed doing this loads the latest microcode for my cpu. Hope this helps someone else looking!
Task created: ⚓ T6322 Include microcode update packages for both intel and amd64 cpus
The linux kernel includes mitigations (which can be disabled) so you are not completely vulnerable without a microcode update.
You can run lscpu to verify this.
Also the motherboard manufacturer should release updated BIOS to be flashed (but that can lack 6-12 months behind if evere updated) which would update the microcode aswell on the cpu.