Enable the contrib and non-free repos, update repository index and then install it:
https://wiki.debian.org/Microcode#Debian_10_.22Buster.22_.28stable.29
In general, it is recommended, as often they patch security issues or the like - was somewhat the case with meltdown/spectre two years ago.
But, it can also make problems when getting fresh updates. Debian normally catches most of them and avoid releasing it to the repositories. Very old CPU models won't get any updates in the code itself.
If it does not make problems, I'd keep it installed.
deb-src http://security.debian.org/ buster/updates main contrib non-free
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian buster-backports main
root@pve:~# apt-get install -t stable-backports intel-microcode
Reading package lists... Done
E: The value 'stable-backports' is invalid for APT::Default-Release as such a release is not available in the sources
Code:deb-src http://security.debian.org/ buster/updates main contrib non-free deb http://deb.debian.org/debian buster main contrib non-free deb-src http://deb.debian.org/debian buster main contrib non-free deb http://deb.debian.org/debian buster-backports main
root@pve:~# apt-get install -t stable-backports intel-microcode --dry-run
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Packages (contrib/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Packages (contrib/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Translations (contrib/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Translations (contrib/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:6 and /etc/apt/sources.list:10
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Packages (contrib/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Packages (contrib/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Translations (contrib/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Translations (contrib/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Packages (non-free/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Packages (non-free/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Translations (non-free/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
W: Target Translations (non-free/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:11 and /etc/apt/sources.list:12
E: The value 'stable-backports' is invalid for APT::Default-Release as such a release is not available in the sources
deb http://deb.debian.org/debian buster-backports main
deb http://deb.debian.org/debian buster-backports main contrib non-free
apt-get install -t buster-backports intel-microcode
cat /etc/os-release
cd /
cd /etc/apt/
ls
nano sources.list
#Debian 11 - Official Sources List
deb http://security.debian.org/debian-security bullseye-security main contrib
#Debian 11 - Contrib & Non-Free
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
#Debian 11 - PVE no-subscription NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
#Add Backports
deb http://deb.debian.org/debian bullseye-backports main contrib non-free
apt-get update
apt-get install -t bullseye-backports intel-microcode
apt-get upgrade -t bullseye-backports intel-microcode
grep 'stepping\|model\|microcode' /proc/cpuinfo
cat /proc/cpuinfo | grep microcode | sort | uniq
dmesg | grep microcode
lscpu
dmesg | grep "microcode updated early to"
journalctl -b -k | grep "microcode updated early to"
zgrep "microcode updated early to" /var/log/kern.log*
dmesg | grep microcode
cd /tmp
wget https://meltdown.ovh -O spectre-meltdown-checker.sh
nano spectre-meltdown-checker.sh
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh
Updating CPU microcode within Debian (Intel or AMD)
Note: before you install the microcode update packages in a computer for the first time, it is recommended that you check your system's vendor support site for BIOS/UEFI updates for your system and apply those. By ensuring the computer's BIOS/UEFI is up-to-date, you will reduce the chances of problems with the microcode update (which are very low, but not zero) and also fix other firmware bugs unrelated to microcode.
Please install the amd64-microcode package (for systems with AMD AMD64 processors), or the intel-microcode package (for systems with Intel processors). You will have to enable both contrib and non-free in /etc/apt/sources.list.
Microcode updates are only applied at boot, so you have to reboot to activate them. You will have to keep the packages installed as explained above: the microcode updates have to be reapplied at every boot.
Updated Microcode for Debian 11.0 version
# check your version at your HOST use Shell with Proxmox on each separate node to update. This method will work only if you have Debian 9 or newer:
Code:cat /etc/os-release
For Debian 11.0 version
Code:cd / cd /etc/apt/ ls nano sources.list
# copy and paste this code block for Debian 11 only (no more Buster) it's Bullseye
Source packages (#deb-src) are needed only if you want to compile some package yourself, or inspect the source code for a bug.
Code:#Debian 11 - Official Sources List deb http://security.debian.org/debian-security bullseye-security main contrib #Debian 11 - Contrib & Non-Free deb http://deb.debian.org/debian bullseye main contrib non-free deb http://deb.debian.org/debian bullseye-updates main contrib non-free #Debian 11 - PVE no-subscription NOT recommended for production use deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription #Add Backports deb http://deb.debian.org/debian bullseye-backports main contrib non-free
CTRL
X
Y
Enter
# For INTEL CPU(s)
Note that you need to explicitly install the package from backports. After the first install from backports, the system should remain updating microcode packages from backports until the next point release that supersedes them.
Code:apt-get update
Code:apt-get install -t bullseye-backports intel-microcode
Code:apt-get upgrade -t bullseye-backports intel-microcode
#Do you want to continue?
[Y/n] y
#Verify that the microcode was updated on boot or reloaded:
ORCode:grep 'stepping\|model\|microcode' /proc/cpuinfo
orCode:cat /proc/cpuinfo | grep microcode | sort | uniq
Code:dmesg | grep microcode
#Check link below for latest microcode that Debian has up
Debian Package intel-microcode
View attachment 29991
#Upgrade again to see if Matches what Debian has listed Currently intel-microcode (3.20210608.2)
apt-get upgrade -t bullseye intel-microcode
#Check link below for latest microcode TRACKER that Debian has up
https://tracker.debian.org/pkg/intel-microcode
https://salsa.debian.org/hmh/intel-microcode
# check CPU Details
#To check Log filesCode:lscpu
Code:dmesg | grep "microcode updated early to" journalctl -b -k | grep "microcode updated early to" zgrep "microcode updated early to" /var/log/kern.log*
#After Booting check
----------------------------------------------------------------------------------------------------------------------Code:dmesg | grep microcode
After updating Microcode Run Spectre-Meltdown Checker
https://github.com/speed47/spectre-meltdown-checker
---------------------------------------------------------------------------------------------------------------------
#We are using a temp directory "tmp" meaning install it all over again and again. Plus we are going to read the open source code!
Code:cd /tmp
Code:wget https://meltdown.ovh -O spectre-meltdown-checker.sh
Code:nano spectre-meltdown-checker.sh
---------------------------------------------------------------------------------------------------------------------Code:chmod +x spectre-meltdown-checker.sh sudo ./spectre-meltdown-checker.sh
Hope this helped you
View attachment 30078
Debian does not update packages to newer versions (unless they are security or important bug fixes) for their releases. The firmware updates are seen totally new versions (because it is unclear what changes in each version) and are therefore destined for the backports repository.Why does it need to be upgraded via backports? I have upgraded it without having them. I am not questioning your knowledge, just trying to understand why. Thanks!
No, please do NOT enable the unstable repo!If you want to install the latest microcode from the Debian unstable repo, check out this tutorial.
No, please do NOT enable the unstable repo!
#/etc/apt/preferences.d/unstable-repo
# lower the priority
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 10
# allow upgrading microcode
Package: intel-microcode
Pin: release o=Debian,a=unstable
Pin-Priority: 500
Package: amd64-microcode
Pin: release o=Debian,a=unstable
Pin-Priority: 500
There is a reason why they call the repo unstable. This is only for experts and not a general recommendation.I think it's okay to enable the unstable repo.