{"id":32151943,"url":"https://github.com/intel/intel-linux-processor-microcode-data-files","last_synced_at":"2026-02-27T19:24:53.761Z","repository":{"id":36116266,"uuid":"174040030","full_name":"intel/Intel-Linux-Processor-Microcode-Data-Files","owner":"intel","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-12T16:59:35.000Z","size":77479,"stargazers_count":747,"open_issues_count":43,"forks_count":82,"subscribers_count":97,"default_branch":"main","last_synced_at":"2025-10-21T10:57:03.310Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/intel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"license","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-03-06T00:09:04.000Z","updated_at":"2025-10-10T07:24:57.000Z","dependencies_parsed_at":"2024-03-12T18:28:51.899Z","dependency_job_id":"2ed3eed9-b830-45cc-b9e0-86a960bf58ab","html_url":"https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files","commit_stats":{"total_commits":36,"total_committers":4,"mean_commits":9.0,"dds":0.08333333333333337,"last_synced_commit":"5278dfcf98e89098326b3eb8a85d07120a8730f8"},"previous_names":[],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/intel/Intel-Linux-Processor-Microcode-Data-Files","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2FIntel-Linux-Processor-Microcode-Data-Files","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2FIntel-Linux-Processor-Microcode-Data-Files/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2FIntel-Linux-Processor-Microcode-Data-Files/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2FIntel-Linux-Processor-Microcode-Data-Files/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/intel","download_url":"https://codeload.github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2FIntel-Linux-Processor-Microcode-Data-Files/sbom","scorecard":{"id":490416,"data":{"date":"2025-08-11","repo":{"name":"github.com/intel/Intel-Linux-Processor-Microcode-Data-Files","commit":"4ded52b4b0e1d60e83259cc88d1f5ad22f71a63e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: security.md:1","Info: Found linked content: security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: security.md:1","Info: Found text in security policy: security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: license:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: could not determine whether codeowners review is allowed","Warn: no status checks found to merge onto branch 'main'","Warn: PRs are not required to make changes on branch 'main'; or we don't have data to detect it.If you think it might be the latter, make sure to run Scorecard with a PAT or use Repo Rules (that are always public) instead of Branch Protection settings"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-19T18:59:14.179Z","repository_id":36116266,"created_at":"2025-08-19T18:59:14.179Z","updated_at":"2025-08-19T18:59:14.179Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280248571,"owners_count":26297925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-21T10:57:12.734Z","updated_at":"2026-02-27T19:24:53.749Z","avatar_url":"https://github.com/intel.png","language":null,"readme":"# Intel Processor Microcode Package for Linux\r\n\r\n## About\r\n\r\nThe Intel Processor Microcode Update (MCU) Package provides a mechanism to release updates for security advisories and functional issues, including errata. In addition, MCUs are responsible for starting the SGX enclave (on processors that support the SGX feature), implementing complex behaviors (such as assists), and more. The preferred method to apply MCUs is using the system BIOS. For a subset of Intel's processors, the MCU can also be updated at runtime using the operating system. The Intel Microcode Package shared here contains updates for those processors that support OS loading of MCUs.\r\n\r\n## Why update the microcode?\r\nUpdating your microcode can help to mitigate certain potential security vulnerabilities in CPUs as well as address certain functional issues that could, for example, result in unpredictable system behavior such as hangs, crashes, unexpected reboots, data errors, etc. To learn more about applying MCUs to an Intel processor, see [Microcode Update Guidance](https://software.intel.com/security-software-guidance/insights/microcode-update-guidance).\r\n\r\n## Loading microcode updates\r\n\r\nThis package is provided for Linux distributors for inclusion in their OS releases. Intel recommends obtaining the latest MCUs using the OS vendor update mechanism. A good starting point is [OS and Software Vendor](https://software.intel.com/security-software-guidance/insights/guidance-system-administrators-mitigate-transient-execution-side-channel-issues). Expert users can update their microcode directly outside the OS vendor mechanism. However, this method is complex and could result in errors if performed incorrectly. Such errors could include but are not limited to system freezes, inability to boot, performance impacts, logical processors loading different updates, and some updates not taking effect. As a result, this method should be attempted by expert users only.\r\n\r\nMCUs are best loaded from the BIOS. Certain MCUs must only be applied from the BIOS. Such MCUs are never packaged in this package since they are not appropriate for OS distribution. An OEM may receive microcode update packages that are a superset of what is contained in this package for inclusion in a BIOS.\r\n\r\nOS vendors may choose to provide an MCU that the kernel can consume for early loading. For example, Linux can apply an MCU very early in the kernel boot sequence. In situations where a BIOS update isn't available, early loading is the next best alternative to updating processor microcode. **Microcode states are reset on a power reset, hence its required that the MCU be loaded every time during boot process.**\r\n\r\n## Recommendation\r\n\r\nUsing the initrd method to load an MCU is recommended as this method will load the MCU at the earliest time for the most coverage. Systems that cannot tolerate downtime may use the late-load method to update a running system without a reboot.\r\n\r\n## About Processor Signature, Family, Model, Stepping and Platform ID\r\n\r\nThe Processor Signature is a number identifying the model and version of an Intel processor. It can be obtained using the *CPUID instruction*, via the command *lscpu*, or from the content of */proc/cpuinfo*. It's usually presented as 3 fields: Family, Model, and Stepping.\r\n\r\nFor example, if a processor returns a value of \"0x000906eb\" from the *CPUID instruction*:\r\n\r\n| Reserved | Extended Family | Extended Model | Reserved | Processor Type | Family Code | Model Number | Stepping ID |\r\n|:---------|:----------------|:---------------|:---------|:---------------|:------------|:-------------|:------------|\r\n| 31:28    | 27:20           | 19:16          | 15:14    | 13:12          | 11:8        | 7:4          | 3:0         |\r\n| xxxx     | 00000000b       | 1001b          | xx       | 00b            | 0110b       | 1110b        | 1011b       |\r\n\r\n\r\nThe corresponding Linux formatted file name will be \"06-9e-0b\", where:  \r\n- Extended Family + Family  = 0x06  \r\n- Extended Model + Model Number = 0x9e  \r\n- Stepping ID  = 0xb\r\n\r\nA processor may be implemented for multiple platform types. Intel processors have a 3bit Platform ID field in MSR(17H) that specifies the platform type for up to 8 types. An MCU file for a specified processor model may support multiple platforms. The Platform ID(s) supported by an MCU is an 8bit mask where each set bit indicates a platform type that the MCU supports. The Platform ID of a processor can be read in Linux using rdmsr from [msr-tools](https://github.com/intel/msr-tools).\r\n\r\n## Microcode update instructions\r\n\r\nThe [intel-ucode](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/intel-ucode) directory contains binary MCU files named in the `family-model-stepping` format. This file format is supported by most modern Linux distributions. It's generally located in the /lib/firmware directory and can be updated through the microcode reload interface following the late-load update instructions below.\r\n\r\n### Early-load update\r\nTo update early loading initrd, consult your Linux distribution on how to package MCU files for early loading. Some distributions use `update-initramfs` or `dracut`. Use the OS vendors recommended method to help ensure that the MCU file is updated for early loading before attempting the late-load procedure below.\r\n\r\n### Late-load update\r\nTo update the intel-ucode package to the system:\r\n1. Ensure the existence of `/sys/devices/system/cpu/microcode/reload`\r\n2. Download the latest microcode firmware\u003c/br\u003e `$ git clone https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git` or\u003c/br\u003e `$ wget https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip`\r\n3. Copy `intel-ucode` directory to `/lib/firmware`, overwriting the files in /lib/firmware/intel-ucode/\r\n4. Write the reload interface to 1 to reload the microcode files, e.g.\u003c/br\u003e\r\n  `$ echo 1 \u003e /sys/devices/system/cpu/microcode/reload`\u003c/br\u003e\r\n  Microcode updates will be applied automatically without rebooting the system.\r\n5. Update an existing initramfs so that next time it gets loaded via kernel:\u003c/br\u003e\r\n`$ sudo update-initramfs -u`\u003c/br\u003e\r\n`$ sudo reboot`\r\n6. Verify that the microcode was updated on boot or reloaded by echo command:\u003c/br\u003e\r\n`$ dmesg | grep microcode` or\u003c/br\u003e\r\n`$ cat /proc/cpuinfo | grep microcode | sort | uniq`\r\n\r\nIf you are using the OS vendor method to apply an MCU, the above steps may have been done automatically during the update process.\r\n\r\nThe [intel-ucode-with-caveats](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/intel-ucode-with-caveats) directory contains MCUs that need special handling. The BDX-ML MCU is provided in this directory because it requires special commits in the Linux kernel otherwise updating it might result in unexpected system behavior. OS vendors must ensure that the late loader patches (provided in [linux-kernel-patches](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/linux-kernel-patches)) are included in the distribution before packaging the BDX-ML MCU for late-loading.\r\n\r\nThe [linux-kernel-patches](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/linux-kernel-patches) directory consists of kernel patches that address various issues related to applying MCUs.\r\n\r\n## Notes\r\n\r\n* You can only update to a higher MCU version (downgrade is not possible with the provided instructions)\r\n* To calculate Family-Model-Stepping, use Linux command:\u003c/br\u003e\r\n`$ printf \"%x\\n\" \u003cnumber_to_convert_to_hex\u003e`\r\n* There are multiple ways to check the MCU version number BEFORE update. After cloning this Intel Microcode update repo , run the following:\r\n  - `$ iucode_tool -l intel-ucode | grep -wF sig` ([iucode_tool](https://gitlab.com/iucode-tool/iucode-tool/-/wikis/home) package is required)\r\n  - `$ od -t x4 \u003cFamily-Model-Stepping\u003e` will read the first 16 bytes of the microcode binary header specified in \\\u003cFamily\\-Model\\-Stepping\\\u003e. The third block is the microcode version. For example:\r\n`$ od -t x4 06-55-04`\u003c/br\u003e\r\n`0000000 00000001 *02000065* 09052019 00050654`\r\n\r\n## License\r\n\r\nSee the [license](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/license) file for details.\r\n\r\n## Security Policy\r\n\r\nSee the [security.md](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/security.md) file for details.\r\n\r\n## Release Note\r\n\r\nSee the [releasenote.md](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md) file for details.\r\n\r\n## Disclaimers \r\n\r\nIntel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at [www.intel.com](https://www.intel.com).\r\n\r\nNo product or component can be absolutely secure.\r\n\r\nAll information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.\r\n\r\nThe products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.\r\n\r\nIntel provides these materials as-is, with no express or implied warranties.\r\n\r\n© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.\r\n\r\n*Other names and brands may be claimed as the property of others.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintel%2Fintel-linux-processor-microcode-data-files","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fintel%2Fintel-linux-processor-microcode-data-files","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintel%2Fintel-linux-processor-microcode-data-files/lists"}