Intel 64 and IA-32 Architectures Software Developers Manual Volume 3A, System Programming Guide, Part 1
9-50 Vol. 3A
PROCESSOR MANAGEMENT AND INITIALIZATION
This authentication procedure relies upon the decoding provided by the processor to
verify an update from a potentially hostile source. As an example, this mechanism in
conjunction with other safeguards provides security for dynamically incorporating
field updates into the BIOS.
9.11.8 Pentium 4, Intel Xeon, and P6 Family Processor
Microcode Update Specifications
This section describes the interface that an application can use to dynamically inte-
grate processor-specific updates into the system BIOS. In this discussion, the appli-
cation is referred to as the calling program or caller.
The real mode INT15 call specification described here is an Intel extension to an OEM
BIOS. This extension allows an application to read and modify the contents of the
microcode update data in NVRAM. The update loader, which is part of the system
BIOS, cannot be updated by the interface. All of the functions defined in the specifi-
cation must be implemented for a system to be considered compliant with the speci-
fication. The INT15 functions are accessible only from real mode.
9.11.8.1 Responsibilities of the BIOS
If a BIOS passes the presence test (INT 15H, AX = 0D042H, BL = 0H), it must imple-
ment all of the sub-functions defined in the INT 15H, AX = 0D042H specification.
There are no optional functions. BIOS must load the appropriate update for each
processor during system initialization.
A Header Version of an update block containing the value 0FFFFFFFFH indicates that
the update block is unused and available for storing a new update.
The BIOS is responsible for providing a region of non-volatile storage (NVRAM) for
each potential processor stepping within a system. This storage unit consists of one
or more update blocks. An update block is a contiguous 2048-byte block of memory.
The BIOS for a single processor system need only provide update blocks to store one
microcode update. If the BIOS for a multiple processor system is intended to support
mixed processor steppings, then the BIOS needs to provide enough update blocks to
store each unique microcode update or for each processor socket on the OEM’s
system board.
The BIOS is responsible for managing the NVRAM update blocks. This includes
garbage collection, such as removing microcode updates that exist in NVRAM for
which a corresponding processor does not exist in the system. This specification only
provides the mechanism for ensuring security, the uniqueness of an entry, and that
stale entries are not loaded. The actual update block management is implementation
specific on a per-BIOS basis.
As an example, the BIOS may use update blocks sequentially in ascending order with
CPU signatures sorted versus the first available block. In addition, garbage collection