{"id":23739346,"url":"https://github.com/e-tho/ucodenix","last_synced_at":"2026-02-19T23:15:13.686Z","repository":{"id":251765487,"uuid":"838115887","full_name":"e-tho/ucodenix","owner":"e-tho","description":"Microcode updates for AMD CPUs on NixOS","archived":false,"fork":false,"pushed_at":"2026-02-16T15:44:51.000Z","size":115,"stargazers_count":110,"open_issues_count":4,"forks_count":7,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-16T23:17:45.861Z","etag":null,"topics":["amd-cpu","linux","microcode-updates","nix-flake","nixos","x86-microcode"],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/e-tho.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-05T01:17:23.000Z","updated_at":"2026-02-16T15:44:55.000Z","dependencies_parsed_at":"2024-11-16T16:25:25.261Z","dependency_job_id":"dafbd98c-da35-4759-842b-799dd0a9952c","html_url":"https://github.com/e-tho/ucodenix","commit_stats":null,"previous_names":["e-tho/ucodenix"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/e-tho/ucodenix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/e-tho%2Fucodenix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/e-tho%2Fucodenix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/e-tho%2Fucodenix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/e-tho%2Fucodenix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/e-tho","download_url":"https://codeload.github.com/e-tho/ucodenix/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/e-tho%2Fucodenix/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29636165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T22:32:43.237Z","status":"ssl_error","status_checked_at":"2026-02-19T22:32:38.330Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amd-cpu","linux","microcode-updates","nix-flake","nixos","x86-microcode"],"created_at":"2024-12-31T09:36:48.845Z","updated_at":"2026-02-19T23:15:13.681Z","avatar_url":"https://github.com/e-tho.png","language":"Nix","funding_links":[],"categories":["Nix"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003ch1\u003eucodenix\u003c/h1\u003e\n\u003c/div\u003e\n\n## About\n\n`ucodenix` delivers microcode updates for AMD CPUs on NixOS.\n\nEnjoy support for consumer and server-grade platforms, without relying on BIOS updates or manufacturer delays.\n\n\u003e [!NOTE]\n\u003e Microcodes are fetched from [this repository](https://github.com/platomav/CPUMicrocodes), which aggregates them from official sources provided and made public by various manufacturers.\n\n## Features\n\n- Fetches AMD microcode binaries from a repository aggregating updates from official sources.\n- Processes the microcode binaries to generate a container compatible with the Linux kernel.\n- Integrates the generated microcode seamlessly into the NixOS configuration.\n- Supports automatic processing or custom selection based on your CPU model.\n\n## Installation\n\nAdd the flake as an input:\n\n```nix\ninputs.ucodenix.url = \"github:e-tho/ucodenix\";\n```\n\n## Usage\n\n### 1. Enable the Module\n\nEnable the `ucodenix` NixOS module:\n\n```nix\n{ inputs, ... }:\n{\n  imports = [ inputs.ucodenix.nixosModules.default ];\n\n  services.ucodenix.enable = true;\n}\n```\n\n### 2. (Optional) Specify Your Processor's Model ID\n\nBy default, `ucodenix` processes all available microcode binaries, each intended for a specific CPUID identifying a family of CPUs. This behavior is controlled by setting `cpuModelId` to `\"auto\"`. The Linux kernel automatically detects and loads the appropriate microcode at boot time.\n\nIf you prefer, you can manually specify your processor's model ID to process only the binary needed for your CPU. This reduces the output size and simplifies the build artifacts, making them more focused for targeted deployments.\n\n#### Retrieve Your Processor's Model ID\n\nThere are two ways to specify your processor's model ID:\n\n1. **Directly Provide the Model ID**\n\nYou can retrieve the model ID using the `cpuid` tool. Install it and run the following command:\n\n```shell\ncpuid -1 -l 1 -r | sed -n 's/.*eax=0x\\([0-9a-f]*\\).*/\\U\\1/p'\n```\n\nUpdate your configuration with the retrieved model ID:\n\n```nix\nservices.ucodenix = {\n  enable = true;\n  cpuModelId = \"00A20F12\"; # Replace with your processor's model ID\n};\n```\n\n2. **Use a NixOS Facter Report File**\n\nIf you use [NixOS Facter](https://github.com/numtide/nixos-facter), you can specify the path to its generated `facter.json` report file for `ucodenix` to compute the model ID. Run the following command to generate your report file:\n\n```shell\nsudo nix run nixpkgs#nixos-facter -- -o facter.json\n```\n\nUpdate your configuration with the file path:\n\n```nix\nservices.ucodenix = {\n  enable = true;\n  cpuModelId = ./path/to/facter.json; # Or config.facter.reportPath if specified\n};\n```\n\n### 3. Apply Changes\n\nRebuild your configuration and reboot to apply the microcode update.\n\n```shell\nnixos-rebuild boot --sudo --flake path/to/flake/directory\n```\n\n\u003e [!TIP]\n\u003e\n\u003e To confirm that the microcode has been updated, run:\n\u003e\n\u003e ```shell\n\u003e sudo dmesg | grep microcode\n\u003e ```\n\u003e\n\u003e If the update was successful, you should see output like this:\n\u003e\n\u003e ```shell\n\u003e # For kernel versions \u003e= v6.6:\n\u003e [    0.509186] microcode: Current revision: 0x0a201210\n\u003e [    0.509188] microcode: Updated early from: 0x0a201205\n\u003e\n\u003e # For kernel versions \u003c v6.6:\n\u003e [    0.509188] microcode: microcode updated early to new patch_level=0x0a201210\n\u003e ```\n\u003e\n\u003e Keep in mind that the provided microcode might not be newer than the one from your BIOS.\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e The microcodes introduced in early 2025 cannot be loaded without a BIOS version that explicitly addresses the signature verification vulnerability (CVE-2024-56161). If your BIOS does not include the necessary patches, the system will fail to apply the microcode update, resulting in boot-time warnings such as:\n\u003e\n\u003e ```console\n\u003e [    0.001271] microcode: CPU1: update failed for patch_level=0x0a201213\n\u003e ```\n\u003e\n\u003e You must either update your BIOS to the latest version, ensuring it is dated after early 2025 and that its release notes mention the fix for the signature verification vulnerability, or freeze the last supported microcode version by explicitly pinning the repository in your Nix flake inputs, as shown below:\n\u003e\n\u003e ```nix\n\u003e inputs = {\n\u003e   cpu-microcodes = {\n\u003e     url = \"github:platomav/CPUMicrocodes/ec5200961ecdf78cf00e55d73902683e835edefd\";\n\u003e     flake = false;\n\u003e   };\n\u003e   ucodenix = {\n\u003e     url = \"github:e-tho/ucodenix\";\n\u003e     inputs.cpu-microcodes.follows = \"cpu-microcodes\";\n\u003e   };\n\u003e };\n\u003e ```\n\n\u003e [!IMPORTANT]\n\u003e\n\u003e The Linux kernel now verifies microcode against a list of approved SHA256 checksums. Since `ucodenix` fetches microcode binaries aggregated from various sources by [CPUMicrocodes](https://github.com/platomav/CPUMicrocodes), they may differ from the officially approved checksums even though their content is functionally identical.\n\u003e If you encounter this error:\n\u003e\n\u003e ```console\n\u003e [    0.001272] microcode: No sha256 digest for patch ID: 0x8701035 found\n\u003e ```\n\u003e\n\u003e You will need to disable this feature for the microcode to load:\n\u003e\n\u003e ```nix\n\u003e boot.kernelParams = [ \"microcode.amd_sha_check=off\" ];\n\u003e ```\n\n## FAQ\n\n### Why would I need this if AMD already provides microcodes for Linux?\n\nAMD distributes microcode updates primarily through BIOS releases, which can be inconsistent, delayed, or discontinued. While AMD does provide some microcode updates directly through `linux-firmware`, coverage is limited to a subset of CPU models, with many being outdated. `ucodenix` uses microcodes aggregated from official sources to provide broader support and more current updates. This ensures your system receives the latest microcode patches, including critical security fixes, without relying on BIOS updates from your manufacturer or the limited `linux-firmware` coverage from AMD.\n\n### Is there any risk in using this flake?\n\nThe microcodes are obtained from official sources and are checked for integrity and size. The Linux kernel has built-in safeguards and will only load microcode that is compatible with your CPU, otherwise defaulting to the BIOS-provided version. As a result, using this flake can be considered safe and should carry no significant risks.\n\n## Disclaimer\n\nThis software is provided \"as is\" without any guarantees.\n\n## License\n\nGPLv3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fe-tho%2Fucodenix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fe-tho%2Fucodenix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fe-tho%2Fucodenix/lists"}