Intel Microcode for Spectre


I have a Purism 13v2 that I have already updated for both Meltdown and Spectre using the information listed in the Meltdown and Spectre Variant 2 blog post.

But now I am installing a new hard drive and I will have to install a fresh copy of PureOS. I see current PureOS images are ready to go with Meltdown, but do I need to run the Spectre microcode update again?


Maybe someone can correct me if I am wrong. Microcode is applied once, like firmware. If you have already applied it you can delete your OS and start over again or install a new hard drive and you will not need to apply the Spectre patch again.


I read it that way that yes, you have to install the microcode package. If it were a one-time thing, it was a script, not a package. Package suggests that the microcode has to be loaded to the CPU on every boot.


Microcode updates don’t change the CPU permanently, it just changes the CPU at run time. They are applied either by the BIOS or by the kernel each time the system boots. We have applied the microcode updates to our latest version of our BIOS ( so if you have the latest BIOS you don’t need to do anything.

If you are running an older BIOS you’ll want to install that above microcode package to a new version of PureOS.


That’s not true. Microcode updates are stored in volatile memory and disappear as soon as you power off. They must be applied on every boot.

Yes, you need to reinstall the intel-microcode package to remain protected.


Does this mean that if someone is using PureOS on hardware other than Librem 13 or 15, they are not protected from Spectre?


Correct, if they use PureOS on other hardware, they wouldn’t get the microcode updates as those are non-free. Those users would need to pull down the Purism non-free repo and install the microcode updates from there, or update their hardware’s BIOS to one that has microcode updates on it.