Boot Firmware and CPU Microcode — GNUcode.me

Boot Firmware and CPU Microcode

by Joshua Branson — January 11, 2021

My current laptop was a libreboot-ed Lenovo T400. It worked fairly well, except under huge load. For instance just using kdenlive for 5+ minutes is enough to stress the CPU, which causes some issues: namely Linux forcibly restarting my machine. My laptop also forcibly restarts randomly once a week or so, usually when watching lots of youtube videos. This has been the case for a few months.

I finally posted in the #libreboot irc channel about the issue, and libreboot founder Leah Rowe mentioned that the reason my computer was unstable was because it lacked the updated CPU microcode. Leah also mentioned that libreboot.org used the CPU microcode, because you don't want your server randomly crashing on your website under huge load.

Let's back up for a second and explain libreboot and CPU microcode. Libreboot, is a free boot firmware (BIOS replacement), which is the first thing that starts when you press the power button. Free software users do NOT like proprietary BIOSs, so we prefer libreboot (which works on old laptops circa 2008) [^1].

CPU microcode is software that runs at a very low level on your processor. It turns out that processors are complex beasts, and its easy to mess them up. To help fix this situation, CPU developers use CPU microcode. If the processor has a tiny bug or faulty issue, then Intel or AMD can ship updated microcode to fix the solution. For example, a fair amount of the CPU microcode updates attempt to address recent CPU vulnerabilities like heartbleed and meltdown and spectre. At least that's what Intel and AMD says they do, but the issue for libre software developers is that CPU microcode source code is not released. Therefore it is proprietary. So we cannot verify what the updated source code does.

So the free software user can choose to live with unstable machines without updated microcode, or update the microcode and potentially avoid CPU vulnerabilities and potentially run malware. I'm deciding that I prefer machines that won't crash on me randomly, which is why my T400 is now using retroboot, which is a fork of libreboot that optionally provides the updated CPU microcode.

Anyway, as I was chatting to libreboot developer Leah Rowe, Leah pointed me toward retroboot, which is a fork of libreboot that optionally provides CPU microcode updates. Leah mentioned that retroboot is Leah's new project. As I was chatting to Leah, Leah on the fly added T400 support to retroboot project and provided me with a new rom to flash mine that included the updated CPU microcode.

First I needed to boot linux with iomem=relaxed, then I flashed my rom and rebooted. Now my laptop can actually use kdenlive and not crash!

Leah talked some more about retroboot, which is attempting to do some crazy boot things. Like minimize grub (actually removing modules and code), use a different build system, use linuxboot, including seabios and tianobios in the flash rom, multi-lingual grub, etc. Leah also plans on submitting updates to libreboot where appropriate. Fun times ahead.

[^1]: Libreboot powers old laptops. A modern alternative and powerful free BIOS powered machines include the Talos II system.