| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jun 2017 12:44:43 +0200 From: Paul Menzel <pmenzel@...gen.mpg.de> To: Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org Cc: Fenghua Yu <fenghua.yu@...el.com> Subject: Early loading of microcode updates with all firmware Dear Borislav, Thank you for recently updating the document *Early load microcode* [1]. My goal is to include all microcode updates from AMD and Intel, as the image is supposed to run on several systems. Therefore, I included the files in the initramfs image, under `/lib/firmware`, and selected the microcode related Kconfig options. ``` $ grep MICROCODE /boot/config-4.11.7.mx64.161 CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y CONFIG_MICROCODE_OLD_INTERFACE=y ``` But, the microcode is not updated. For example, I have to manually run the command below. ``` $ echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload ``` Reading the document, that method is not explicitly mentioned there, so I guess it’s not supported. So two question. If I want to add it to the initramfs image, the document says to prepend the updates. But I am unclear how to create `microcode.bin` to contain all the files in `/lib/firmware/intel-ucode/`, and then the ones for AMD devices. Do I just concatenate both? Regarding the section *Builtin microcode*, it would be quite cumbersome to list all the microcode files. It looks like wildcards like `*` are not supported. At least the build breaks, if `intel-ucode/*` is used in the prompt. Kind regards, Paul [1] https://www.kernel.org/doc/Documentation/x86/early-microcode.txt
Powered by blists - more mailing lists