Microcode Update - only temporarily ?

[SvenTej]

Hey there,
I currently build up a testsystem with my "old" Intel XEON E3-1241 v3.

At startup the console states, that

L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.

I digged in a bit and checked the microcode version with

grep -E 'family|model|stepping|microcode' /proc/cpuinfo | head -

The output states it is 0x28

But if I boot wit PartedMagic and check the Haardware, the microcode is shown as 0x24

Where is my fault in thinking?
Is the update within PVE temporarily?
Any hints how I can update the MC to 0x28 permanently?

Regards
S.

 

[leesteken]

The microcode can indeed be updated temporarily during boot of the Linux kernel if the intel-microcode package is installed. If you want the latest version without depending on the installed kernel/firmware-package, you'll need a motherboard BIOS update (which loads the firmware before the operating system starts).

 

[Maximiliano]

Hello, please take a look at our documentation [1] for information on how to get microcode updates in Proxmox VE.

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_firmware_cpu