In this tutorial, I will help you install the latest microcode in a upgradable way so that you can upgrade it via apt command. Please don’t install packages except microcode packages from the unstable repository to avoid a broken system. This tutorial was tested on Proxmox VE 7.4 / 8.0.2 .

Microcode is the firmware used to fix bugs in the CPU. It should be installed only on the host instead of virtual machines because microcode updates are applied during boot. We need to install it from the Debian unstable repository because microcode packages in Proxmox (Debian stable) may be out of date.

Installation

Add the unstable repository with only non-free-firmware component.

1

echo "deb http://deb.debian.org/debian/ unstable non-free-firmware" > /etc/apt/sources.list.d/debian-unstable.list

To avoid installing other packages from the unstable repository, add this to /etc/apt/preferences.d/unstable-repo.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

# lower the priority of all packages in the unstable repository
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 10

# allow upgrading microcode from the unstable repository
Package: intel-microcode
Pin: release o=Debian,a=unstable
Pin-Priority: 500
# This line should be a blank line or comment
Package: amd64-microcode
Pin: release o=Debian,a=unstable
Pin-Priority: 500

Update all repositories and make sure no package will upgrade from the unstable repository.

1

apt update && apt list --upgradable

Install one of the microcode packages according to your CPU manufacturer.

1
2
3
4

# Intel CPU
apt install intel-microcode
# AMD CPU
apt install amd64-microcode

Reboot the Proxmox host.

1

reboot

Verify that microcode is loaded.

1

journalctl -k --grep="microcode updated early to"

You should see similar output like this.

1

Sep 10 11:38:55 pve kernel: microcode: microcode updated early to revision 0x24000024, date = 2022-09-02

Note: The date displayed does not correspond to the version of the [intel-microcode] package installed. It does show the last time Intel updated the microcode that corresponds to the specific hardware being updated.

Microcode - ArchWiki

Alternative installation

If you don’t want to add the unstable repository, you can download microcode packages from Debian website. Get the latest download link from amd64-microcode or intel-microcode according to your CPU manufacturer, download the package via wget 'link' and install it via apt install ./filename.deb.

Example:

1
2
3
4
5
6
7

# AMD CPU
wget 'http://ftp.us.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/amd64-microcode_3.20230808.1.1_amd64.deb/DontCopyThisLinkVerbatim'
apt install ./amd64-microcode_3.20230808.1.1_amd64.deb

# Intel CPU
wget 'http://ftp.us.debian.org/debian/pool/non-free-firmware/i/intel-microcode/intel-microcode_3.20230808.1_amd64.deb/DontCopyThisLinkVerbatim'
apt install ./intel-microcode_3.20230808.1_amd64.deb

Uninstallation

To remove microcode and the unstable repository, run:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# remove microcode packages
apt purge amd64-microcode intel-microcode
apt autoremove
# make sure there is no installed package from the unstable repository
apt list --installed | grep '/unstable'
# remove unstable repository and config
rm /etc/apt/sources.list.d/debian-unstable.list /etc/apt/preferences.d/unstable-repo
# reboot
reboot
# check microcode, you should see "No entries"
journalctl -k --grep="microcode updated early to"

Motivation

I installed Proxmox VE on a Beelink EQ591 N5105. I was satisfied at first, but some virtual machines froze from time to time, which bothered me very much. I found many N5105 CPU users had the same problem. One of the solutions is installing microcode, so I decided to install latest microcode. Though it doesn’t completely fix the problem, it really reduce freezing a lot. Besides, I also installed latest kernel in the Proxmox VE No-Subscription Repository.

Further reading

  1. Beelink EQ59 N5105 (零刻 EQ59 N5105) is China version of Beelink U59 N5105. ↩︎