> Good thing is we can load old microcode on Linux
You cannot load old microcode anywhere. The CPU won't let you.
The OS feeds the CPU a blob, the CPU checks that it's signed by Intel (to prevent modifications), and it additionally checks that the version number is newer than the currently-running code. If it's not, it won't be loaded.
If you have a CPU with the old microcode versions, you can keep it around, but if you update your BIOS you'll find it will bring the new microcode in and you can't downgrade after boot. If you're lucky the BIOS manufacturer wasn't too careful with signing their BIOS and you can replace the microcode blob, but that's a huge hassle.
Microcode is not written to the CPU, it gets loaded on every boot. This can happen during the BIOS POST, during the OS bootloader or even while the OS is booting. Therefore, yes its possible to run older microcode (at least on Linux), since you just have to not write the newer version on boot. If the BIOS contains the new microcode, you can flash the previous version of the BIOS.
> Microcode is not written to the CPU, it gets loaded on every boot. This can happen during the BIOS POST, during the OS bootloader or even while the OS is booting. Therefore, yes its possible to run older microcode (at least on Linux), since you just have to not write the newer version on boot. If the BIOS contains the new microcode, you can flash the previous version of the BIOS.
Did you read the last paragraph of my message? Because you're not really disputing anything I said. (to clarify, when I say "You cannot load old microcode anywhere", I define "old" to mean "older than the currently running microcode", I.E. you cannot downgrade it at runtime after it's gotten a new one loaded to RAM.
If you're willing to run outdated system firmware (with associated bugs, security vulnarbilities, etc), you can do it - just like I said in the message you're replying to. But that's not what I'd call a good solution.
The CPU has a burned-in microcode. It can be updated after the CPU is booted, but the updates are only written to RAM and lost on shutdown.
Usually the system firmware will include a recent-ish microcode and automatically update on boot. Many OSs also bundle microcode updates and install them on boot.
You cannot load old microcode anywhere. The CPU won't let you.
The OS feeds the CPU a blob, the CPU checks that it's signed by Intel (to prevent modifications), and it additionally checks that the version number is newer than the currently-running code. If it's not, it won't be loaded.
If you have a CPU with the old microcode versions, you can keep it around, but if you update your BIOS you'll find it will bring the new microcode in and you can't downgrade after boot. If you're lucky the BIOS manufacturer wasn't too careful with signing their BIOS and you can replace the microcode blob, but that's a huge hassle.