Re: x86: Apply microcode updates in GRUB?

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: x86: Apply microcode updates in GRUB?

From:	Dimitri John Ledkov
Subject:	Re: x86: Apply microcode updates in GRUB?
Date:	Tue, 8 Aug 2023 16:25:19 +0100

On Sat, 29 Jul 2023 at 06:54, Paul Menzel <pmenzel@molgen.mpg.de> wrote:
>
> Dear GRUB folks,
>
>
> On x86 microcode updates often are recommended to be applied to fix
> bugs. Just recently new microcode updates where published for AMD Zen 2
> processors to fix “Zenbleed” [1].
>
> Currently, these updates are shipped and applied by the firmware, and –
> mainly due to the proprietary and closed source x86 firmware ecosystem
> is slow to ship these updates and firmware updates are cumbersome to
> apply in this ecosystem – the operating systems like the Linux kernel
> [2] (but I believe also Microsoft Windows) also support to apply these
> updates.
>
> Should boot loaders be able to apply these updates, so these can be
> applied on systems for operating systems without such a feature?
>

Most distributions already do this via early-initrd. For example, on
all ubuntu systems if you unpack initramfs with `unmkinitramfs`
command you will notice early1 and early2 uncompressed initrd portions
that contain Intel and AMD microcode. these are loaded and applied by
kernel early on, before unpacking the rest of the initrd or
initialising the system.

Specifically for Zenbleed, Ubuntu Security team has shipped
amd64-microcode package at CRD time, which is automatically installed
by all systems and thus a reboot has already applied those.

This is a standard mechanism that is already implemented by all
distributions (i.e. Ubuntu, Ubuntu Core, Fedora, etc). If your
distribution/device doesn't install and doesn't generate early initrd,
please implement that. Reference implementations are available in
initramfs-tools (debian/ubuntu), core-initrd (ubuntu core), dracut,
and likely many others.

It is a nice property to bundle this in the initrd, as sometimes there
are microcode regressions, thus booting old kernel abi, with an old
initrd, with an old microcode is desirable.

>
> Kind regards,
>
> Paul
>
>
> [1]: https://lock.cmpxchg8b.com/zenbleed.html
> [2]: https://docs.kernel.org/arch/x86/microcode.html
>

-- 
okurrr,

Dimitri

[Prev in Thread]

Current Thread

[Next in Thread]

Re: x86: Apply microcode updates in GRUB?, Dimitri John Ledkov <=
- Re: x86: Apply microcode updates in GRUB?, Paul Menzel, 2023/08/24
  - Re: x86: Apply microcode updates in GRUB?, Dimitri John Ledkov, 2023/08/24

Prev by Date: [PATCH] loader/efi/linux: Implement x86 mixed mode using legacy boot
Next by Date: Re: [PATCH] loader/efi/linux: Implement x86 mixed mode using legacy boot
Previous by thread: [PATCH] loader/efi/linux: Implement x86 mixed mode using legacy boot
Next by thread: Re: x86: Apply microcode updates in GRUB?
Index(es):
- Date
- Thread