Do not update microcode now, wait.
@https://support.lenovo.com/ee/en/solutions/len-18282:
Withdrawn Broadwell & Haswell CPU Microcode Update: Intel provides the CPU microcode updates required to address Variant 2, which manufacturers like Lenovo then incorporate into their UEFI firmware. Intel has notified manufacturers of quality issues in the initial Broadwell and Haswell microcode updates with instructions to no longer distribute the affected microcode. As such, Lenovo has withdrawn previously issued UEFI firmware containing the affected Broadwell and Haswell CPU microcode. We will issue revised UEFI firmware updates as soon as possible following Intel’s release of revised Broadwell and Haswell CPU microcode. Servers affected by this issue are noted, below, as “Earlier update X withdrawn due to a microcode quality issue.”
@robi:
I'd love to see some general-purpose tool to edit BIOS files and update microcode inside them. Something that would know most BIOS formats, open the BIN file, advise which binary microcode file to choose, and compile a new image from it.
Because most manufacturers won't care to release BIOS updates for motherboards older than 1-2 years.
pfSense would also want to have a nice GUI somewhere to allow us to browse for a microcode pack we can download from Intel etc. and apply it at each boot at runtime. And write in the logs whether the runtime update was successful or not.
It is not so simple. Every BIOS is copyrighted by AWARD, AMI and whoever else… Phoenix ;D. So you just can't edit it without buying proper license and most manufacturers use also security checks, for example I just can not flash edited BIOS into Asus motherboard with standard methods — only BIOS flashback function or hardware tools, also there are some special BIOSes like HP uses for their enterprise grade hardware.
Even not so universal tool for BIOS modding like UBU have had copyright problem with AMI.