lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <569E2F5C.2040904@suse.cz>
Date:	Tue, 19 Jan 2016 13:43:08 +0100
From:	Michal Marek <mmarek@...e.cz>
To:	Måns Rullgård <mans@...sr.com>
Cc:	Ingo Molnar <mingo@...nel.org>, Borislav Petkov <bp@...e.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Markus Trippelsdorf <markus@...ppelsdorf.de>,
	Thomas Voegtle <tv@...96.de>, linux-kernel@...r.kernel.org,
	x86-ml <x86@...nel.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Thomas Gleixner <tglx@...utronix.de>,
	Jiri Olsa <jolsa@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...radead.org>,
	Frédéric Weisbecker <fweisbec@...il.com>
Subject: Re: [RFC] CONFIG_FORCE_MINIMALLY_SANE_CONFIG=y

Dne 19.1.2016 v 13:29 Måns Rullgård napsal(a):
> Force-enabling BLK_DEV_INITRD isn't going to make anyone change their
> boot scripts.

If you are on a regular distro, /sbin/installkernel should do the right
thing: Run mkinitrd / dracut and if the tools are recent enough and
there is a microcode update for your CPU, a cpio with the microcode blob
will be prepended to the initrd. So this is more or less covered.


> I'd also like to get a coherent answer to why microcode update is 
> preferably done from an initrd as opposed to shortly after mounting
> a regular disk.  My systems seem perfectly happy doing the latter.

It's not even done *from* the initrd but way earlier. We learned the
hard way when Intel released a microcode update for Haswell which
disabled TSX: Userspace did not expect the feature flags to change and
previously valid instructions to start trapping. This can in principle
happen again and with any vendor.

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ