Microcode is the firmware used to fix bugs in the CPU. It should be installed only on the host instead of virtual machines because microcode updates are applied during boot. We need to install it from the Debian unstable repository because microcode packages in Proxmox (Debian stable) are out of date.
Add the unstable repo.
1
|
echo "deb http://deb.debian.org/debian/ unstable non-free-firmware" > /etc/apt/sources.list.d/debian-unstable.list
|
Add this to /etc/apt/preferences.d/unstable-repo.
1
2
3
4
5
6
7
8
9
10
11
12
|
# lower the priority
Package: *
Pin: release o=Debian,a=unstable
Pin-Priority: 10
# allow upgrading microcode
Package: intel-microcode
Pin: release o=Debian,a=unstable
Pin-Priority: 500
Package: amd64-microcode
Pin: release o=Debian,a=unstable
Pin-Priority: 500
|
Update all repos and make sure no package will upgrade from the unstable repo.
1
|
apt update && apt list --upgradable
|
Install one of the microcode packages according to your CPU manufacturer. Don’t install both.
1
2
3
4
|
# Intel CPU
apt install intel-microcode
# AMD CPU
apt install amd64-microcode
|
Reboot the Proxmox host.
Check microcode.
1
|
journalctl -k --grep="microcode updated early to"
|
You should see similar output like this.
1
|
Feb 12 01:56:47 pve kernel: microcode: microcode updated early to revision 0x24000023, date = 2022-02-19
|
Note: The date displayed does not correspond to the version of the [intel-microcode] package installed. It does show the last time Intel updated the microcode that corresponds to the specific hardware being updated.
—Microcode - ArchWiki
If you want to remove microcode and unstable repo, run:
1
2
3
4
5
6
7
8
9
|
# remove microcode
apt purge amd64-microcode intel-microcode
apt autoremove
# remove unstable repo and config
rm /etc/apt/sources.list.d/debian-unstable.list /etc/apt/preferences.d/unstable-repo
# reboot
reboot
# check microcode, you should see "No entries"
journalctl -k --grep="microcode updated early to"
|
Further reading: