| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250820135043.19048-2-bp@kernel.org>
Date: Wed, 20 Aug 2025 15:50:42 +0200
From: Borislav Petkov <bp@...nel.org>
To: X86 ML <x86@...nel.org>
Cc: "Chang S. Bae" <chang.seok.bae@...el.com>,
Sohil Mehta <sohil.mehta@...el.com>,
LKML <linux-kernel@...r.kernel.org>,
"Borislav Petkov (AMD)" <bp@...en8.de>
Subject: [PATCH -v1 1/2] x86/microcode: Add microcode= cmdline parsing
From: "Borislav Petkov (AMD)" <bp@...en8.de>
Add a "microcode=" command line argument after which all options can be
passed in a comma-separated list.
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
---
.../admin-guide/kernel-parameters.txt | 8 ++++--
arch/x86/Kconfig | 4 +--
arch/x86/kernel/cpu/microcode/core.c | 26 ++++++++++++++++---
3 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 747a55abf494..9e3bbce6583f 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3767,8 +3767,12 @@
mga= [HW,DRM]
- microcode.force_minrev= [X86]
- Format: <bool>
+ microcode= [X86] Control the behavior of the microcode loader.
+ Available options, comma separated:
+
+ dis_ucode_ldr: disable the microcode loader
+
+ force_minrev:
Enable or disable the microcode minimal revision
enforcement for the runtime microcode loader.
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 58d890fe2100..aa250d90f927 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1340,7 +1340,7 @@ config MICROCODE_LATE_LOADING
use this at your own risk. Late loading taints the kernel unless the
microcode header indicates that it is safe for late loading via the
minimal revision check. This minimal revision check can be enforced on
- the kernel command line with "microcode.minrev=Y".
+ the kernel command line with "microcode=force_minrev".
config MICROCODE_LATE_FORCE_MINREV
bool "Enforce late microcode loading minimal revision check"
@@ -1356,7 +1356,7 @@ config MICROCODE_LATE_FORCE_MINREV
revision check fails.
This minimal revision check can also be controlled via the
- "microcode.minrev" parameter on the kernel command line.
+ "microcode=force_minrev" parameter on the kernel command line.
If unsure say Y.
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index b92e09a87c69..7d590630673b 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -43,10 +43,9 @@
#include "internal.h"
static struct microcode_ops *microcode_ops;
-static bool dis_ucode_ldr = false;
+static bool dis_ucode_ldr;
bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV);
-module_param(force_minrev, bool, S_IRUSR | S_IWUSR);
/*
* Synchronization.
@@ -126,13 +125,32 @@ bool __init microcode_loader_disabled(void)
return dis_ucode_ldr;
}
+static void early_parse_cmdline(void)
+{
+ char cmd_buf[64] = {};
+ char *s, *p = cmd_buf;
+
+ if (cmdline_find_option(boot_command_line, "microcode", cmd_buf, sizeof(cmd_buf)) > 0) {
+ while ((s = strsep(&p, ","))) {
+ if (!strcmp("force_minrev", s))
+ force_minrev = true;
+
+ if (!strcmp(s, "dis_ucode_ldr"))
+ dis_ucode_ldr = true;
+ }
+ }
+
+ /* old, compat option */
+ if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
+ dis_ucode_ldr = true;
+}
+
void __init load_ucode_bsp(void)
{
unsigned int cpuid_1_eax;
bool intel = true;
- if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0)
- dis_ucode_ldr = true;
+ early_parse_cmdline();
if (microcode_loader_disabled())
return;
--
2.51.0
Powered by blists - more mailing lists