wikiUpdate of AMD microcode via plugin under OPNsense
OPNsense offers the possibility to update the microcode of a processor via plugin. In this article, we show you how to install this plugin to update the AMD microcode based on a RA1208-AIEPN server with Supermicro H12SSL-NT mainboard with OPNsense 25.1. These instructions apply analogously for Intel systems. There are also instructions on how to update the Intel Microcode via plugin under OPNsense.
Example setup
In this example, we use the following setup:
- Supermicro H12SSL-NT with BIOS Version 2.5 and AMD EPYC 72F3
- OPNsense 25.1.7_4 (FreeBSD 14.2-RELEASE-p3)
x86info Installation
In order to read the microcode information, you must install the package x86info via console (or SSH shell):
root@AMD-Firewall:~ # pkg install x86info
Microcode patch level query
Now, you can query the Microcode patch level:
root@AMD-Firewall:~ # kldload cpuctl root@AMD-Firewall:~ # x86info -a |grep -i Microcode Microcode patch level: 0xa001173
Activation of AMD-CPU Microcode plugin
The Microcode plugin can be installed via OPNsense webinterface.
-
In the OPNsense web interface, go to system → firmware → plugins. -
In this list, search for the plugin os-cpu-microcode-amd and click on the Plus-button for the installation. -
The plugin is installed. Restart the system to use the Microcode update, if available.
Restart
After activating the plug-in and restarting, the system will be updated at startup if a new microcode for the CPUID is available:
root@AMD-Firewall:~ # dmesg | grep -i micro CPU microcode: updated from 0xa001173 to 0xa0011d5
 |
Author: Thomas Niedermeier Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.
|
