| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jan 2016 14:51:00 +0000 From: Måns Rullgård <mans@...sr.com> To: Borislav Petkov <bp@...e.de> Cc: Thomas Voegtle <tv@...96.de>, Michal Marek <mmarek@...e.cz>, Markus Trippelsdorf <markus@...ppelsdorf.de>, linux-kernel@...r.kernel.org, x86-ml <x86@...nel.org> Subject: Re: [RFC PATCH] x86/kconfig: Sanity-check config file during oldconfig Borislav Petkov <bp@...e.de> writes: > On Mon, Jan 18, 2016 at 02:11:49PM +0000, Måns Rullgård wrote: >> Wasn't the idea *not* to disable CONFIG_MICROCODE? > > Is the error message not understandable? > > +MSG="\nYou have CONFIG_MICROCODE enabled without BLK_DEV_INITRD. The preferred\n\ > +way is to enable it and make sure microcode is added to your initrd as\n\ > +explained in Documentation/x86/early-microcode.txt. This is also the\n\ > +most tested method as the majority of distros do it. Alternatively, and\n\ > +if you don't want to enable modules, you should make sure the microcode\n\ > +is built into the kernel.\n" I understand and disagree. I think you're being overzealous in trying to bludgeon people into doing things the way you think they should be done. >From the point of view of the actual update mechanism, what difference does it make where the microcode data was retrieved from? If you want to warn about what you consider "unsafe" updates, do that when the update happens instead. With this patch, simply enabling BLK_DEV_INITRD will shut up the warning even if an initrd is never actually used. Also, what do modules have to do with anything? -- Måns Rullgård
Powered by blists - more mailing lists