I am wanting to do a dissertation comparing the effects of Meltdown/Spectre patches on server systems, basically the performance degradation on apps like VMWare when the latest BIOS’s are installed vs the original. I’m buying my own hardware for this so I am just curious which motherboard brands or models are the easiest to revert back to older BIOS versions as I’m sure I’ll be going between versions fairly frequently.
I don’t know that the BIOS has anything to do with how the CPU talks to the RAM… those fixes were mainly software based and cpu microcode firmware updates as far as I understand.
But to answer your question. any mainstream enterprise hardware manufacturer is going to allow bios rollbacks. I’d go with DELL since they don’t paywall their firmware like HPE does. It’s going to be cheaper to buy the entire old server than it will be to “build your own” server from the ground up. Used Dells are under $200 USD on ebay, usually with free shipping.
Of course, if you’re studying the impact on DIY gaming rigs, build your own will be the way to go.
My Asrock board has two BIOS. So in case I have to revert, I can copy A -> B or B -> A. It’s an overclocker board, so I assume there are other brands with similar functionality.
In the old days, you’d boot the machine to end of post screen, while it was still on, you’d remove the running bios, insert a new chip, continue booting, reboot, and you’d have a copy of it. This was also how we repaired mainboards where a BIOS update went to shits. Not sure how good an approach this is today. Not recommending it
From my initial researching it looks like the Spectre vulnerabilities required a BIOS patch while Meltdown could be done using Windows microcode updates. So I was planning on basically configuring a server hosting multiple VMs, running the ZombieLoad attack from a host machine to see if I could monitor the VMs along with testing the VMs performance before/after BIOS and Windows/Linux patch attempts to see if there were any noticable differences. I have to submit my ideas next week but this is probably my preferred. Most people in my class are using Raspberry Pi’s for monitoring pollution/environmental things or as smart devices for the elderly etc.
Like @gordonthree mentioned, wouldn’t you also need version of the operating system that don;t have the mitigation microcode in? in which case I’m not sure it’d be an apples to apples comparison, and the newer OS would improve in other respects?
Unless you roll your own OS and exclude the patches?
Yeah I would be using different OS versions to compare update-to-update performance changes
Sounds like an interesting project. lots of variables to account for and document. best of luck!
In Linux you can now turn off the fixes for spectre/meltdown. I’m not sure if that is helpful to the OP, but I thought it was interesting.