Windows: How to get latest CPU microcode without modding the BIOS

Discussion in 'Operating Systems' started by mbk1969, Jan 5, 2018.

  1. Chastity

    Chastity Ancient Guru

    Messages:
    3,738
    Likes Received:
    1,662
    GPU:
    Nitro 5700XT/6800M
    Do these have any performance fixes?
     
  2. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,696
    Likes Received:
    9,574
    GPU:
    4090@H2O
    What do you mean specifically? Getting faster again, or was it sarcasm I just didn't get? I guess they will be slowing down performance in some way, but only a guess.
     
  3. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,128
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    He probably means the newer windows 19H1 builds have a newer code to migrate these attacks that don't hit performance.
     
  4. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
    Fixed.
     

  5. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,128
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
  6. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    15,696
    Likes Received:
    9,574
    GPU:
    4090@H2O
    Oh I wasn't aware that those fixes that don't hit performance actually exist. Thanks for mentioning it (I'm still angry about how they treat this whole matter in general though)
     
  7. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,128
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    I am not running that newer builds so I don't know if that is true. Have not seen any reports of it yet.
    If my memory is good, it was Google who enabled these fixes and then it getting ported into windows new upgrade.
     
  8. Chastity

    Chastity Ancient Guru

    Messages:
    3,738
    Likes Received:
    1,662
    GPU:
    Nitro 5700XT/6800M
    Yes, this is what I was referring to, and I'll assume that mbk1969 is confirming this.
     
  9. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,128
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    That fixed comment from mbk1969 is directed at my great spelling ability :)
     
  10. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
    Microsoft updated KB4100347 page for 1803 (Dec 11, 2018)
    https://support.microsoft.com/en-us...or-windows-10-version-1803-and-windows-server

     
    fantaskarsef likes this.

  11. -Tj-

    -Tj- Ancient Guru

    Messages:
    18,097
    Likes Received:
    2,603
    GPU:
    3080TI iChill Black
    Yeah it's based on linus/google retopoline or something like that. No perf. Impact at all.
     
    fantaskarsef likes this.
  12. Chrysalis

    Chrysalis Master Guru

    Messages:
    373
    Likes Received:
    90
    GPU:
    RTX 3080 FE
    thought I would chime in here regarding affect on performance (in windows, not done proper analysis yet on bsd/linux)

    Host machine is old generation intel i5 750, so does not have accelerated PTI (no PCID).

    Guest machine is windows 10 build 1803

    I first ran various benchmarks such as passmark, pc mark etc. as well as observed responsiveness on general usage with vmware esxi up to date, and windows all on default settings. Start menu had noticeable lag appearing, UAC prompt had a delay appearing, some apps just felt laggy such as vivaldi web browser. Remember this is older gen host hardware and VM's feel the brunt of the mitigation's much more than barebone systems.

    I then ran inspectre tool and disabled spectre + meltdown mitigations, used the system some more and reran bench's.

    Then using microsoft's instructions also disabled SSB which inspectre is not aware off
    https://blogs.technet.microsoft.com...on-of-speculative-store-bypass-cve-2018-3639/
    https://community.qualys.com/docs/D...ng-speculative-store-bypass-ssb-cve-2018-3639

    At this point the result was a noticeable improvement of things like UAC prompts, start menu appearance time and vivaldi web browser. But it still didnt feel the same as before I patched esxi.
    On the benchmarks raw cpu performance was barely impacted, easily within 1-2%. However i/o performance was heavily impacted. This left me kind of surprised given things like UAC prompts were clearly slower and they had no measurable i/o load, so concluded that the i/o impact somehow also can affect ram i/o. Simple things like opening the vivaldi settings window were much slower with full mitigation's enabled.
    So one thing I learnt is benchmarking does not necessarily paint an accurate picture. It showed big impact on i/o practically nothing on raw cpu performance, but yet I could clearly notice a slower experience.

    Next I tested vmware's instructions for disabling features from updated cpu microcode in the guest OS, you can do this by disabling certain feature flags been presented to the guest OS, given I had already disabled mitigation's in the guest OS I expected no impact, but surprisingly it pretty much doubled the benefit on i/o benchmarks and responsiveness noticeably further improved.

    Finally i downgraded esxi to a 2017 build so it had no mitigation's host side whatsoever and of course no cpu microcode updates, this was no different to having the new version whilst using the feature flags override above.

    For bare metal I still have a personal opinion that for a typical end user, the risk of spectre/meltdown compromise is fairly low, extremely low if their system has good security layers already in place. But if the performance hit is almost non existant then there is no harm in enabling it, the issue comes if it is measurable. In 2019 microsoft plan to rollout reptoline in a newer build of windows 10, that and PTI on PCID cpu's is probably reasonable. Otherwise I would keep the mitigations off.

    There is also the issue with cloud environments, the security risk is notably higher, hence the rush of AWS etc. to patch their systems, however if you like me and the host ESXi/proxmox is managed by yourself and you trust all your guest systems (in my case all the guest systems are for my personal use), then the security mitigation's are probably moot.

    As a final note whilst I have yet to do a proper analysis of performance inside gues linux/bsd OS I have observed host cpu utilisation on proxmox.

    On a idle opnsense with full mitigations enabled on proxmox host cpu usage is around double vs all mitigations disabled on host. So even if best case scenario the guest OS is same speed, it is using double the cpu utilisation to achieve that.
     
    zerixx likes this.
  13. zerixx

    zerixx Guest

    Messages:
    7
    Likes Received:
    1
    GPU:
    RX570
    I just checked those 2 registry values on my system and they're both already set to 3. I'm using an old version of mcupdate_GenuineIntel.dll so maybe that's why? I also have both Spectre and Meltdown disabled in Inspectre
     
  14. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
    I have not toyed with enabling/disabling all those Spectre and Meltdown mitigations on my Win10 1803 (all is updated and on default settings), and performance is good enough for me - no noticeable impacts. Of course I am gamer, not professional benchmarker...
     
  15. EdKiefer

    EdKiefer Ancient Guru

    Messages:
    3,128
    Likes Received:
    394
    GPU:
    ASUS TUF 3060ti
    Yes, I get the same thing, Inspectre tool is disabling all, at least one's Chrysalis posted links to.
     

  16. Chrysalis

    Chrysalis Master Guru

    Messages:
    373
    Likes Received:
    90
    GPU:
    RTX 3080 FE
    Bear in mind my benchmarks showed no difference within 1-2% only, what made me do the tests in the first place is that the guest OS slowed down massively, I simply noticed it from general usage after I patched esxi.

    Its a different story on my barebones coffeelake.
     
  17. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    I got some new microcode update from MS updates 1/9/2019, again I cant say I see any difference in normal usages or my games which all that maters to me.
     
  18. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
    @Chrysalis
    Your avatar reminded me that I have a crush on Aerith... * sigh *
     
  19. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
  20. tsunami231

    tsunami231 Ancient Guru

    Messages:
    14,725
    Likes Received:
    1,854
    GPU:
    EVGA 1070Ti Black
    who didnt back in the day when we were kids?
    Her death to this day in FF7 was most saddening thing in any game i played to date
     

Share This Page