lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y1Jyj/MjhzJjU0rb@a4bf019067fa.jf.intel.com>
Date:   Fri, 21 Oct 2022 03:21:03 -0700
From:   Ashok Raj <ashok.raj@...el.com>
To:     Borislav Petkov <bp@...en8.de>
CC:     Tony Luck <tony.luck@...el.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        Arjan van de Ven <arjan.van.de.ven@...el.com>,
        Jacob Jun Pan <jacob.jun.pan@...el.com>,
        X86 ML <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>,
        Ashok Raj <ashok.raj@...el.com>
Subject: Re: [PATCH 2/5] x86/microcode: Simplify init path even more

On Fri, Oct 21, 2022 at 11:28:10AM +0200, Borislav Petkov wrote:
> On Thu, Oct 20, 2022 at 08:04:53AM -0700, Ashok Raj wrote:
> > - BIOS had version X
> > - Early applied Y > X
> > - I copied a new version Z > Y.
> 
> When exactly do you copy a new version?
> 
> Please write down the exact steps you're doing.

- Place a new version of microcode in /lib/firmware/intel-ucode/
- make install, it also ends up creating a new initrd
  image with the added microcode.
- Now put another new version in the same default directory.

0000000 0001 0000 0081 2b00 2022 0906 06f8 0008
------------------^^^^^^^^^ New revision
0000020 220a 855c 0001 0000 0087 0000 7b80 0008
0000040 7c00 0008 0000 0000 0041 2b00 0000 0000
----------------------------^^^^^^^^^ minrev

- reboot

During boot, i see early update message

microcode: early update: 0x2b000041 -> 0x2b000070, date = 2022-08-22

0x41 is the version from BIOS, 0x70 is what got updated in early boot.
0x81 is sitting in the default directory.

After boot expect to see 0x81 as the revision. But its left with what was
loaded at initrd image. The filesystem still had 0x81, and can successfuly
load after boot is completed.

Cheers,
Ashok

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ