From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] intel-microcode
Date: Mon, 15 Jan 2018 11:39:55 +0000 [thread overview]
Message-ID: <1516016395.3647.64.camel@ipfire.org> (raw)
In-Reply-To: <E3800E71-6F67-41B9-A4F2-0BB495C34DD0@gmx.com>
[-- Attachment #1: Type: text/plain, Size: 12347 bytes --]
Hi,
unfortunately no.
Intel has not released anything yet, that would to either fix or mitigate either
Meltdown and Spectre.
I haven't either seen a full changelog about these, but it is assumed that this
updated microcode helps to keep the performance impact on the Meltdown patches
in Linux 4.14 somewhat lower.
At the moment we do not have any clear information from the vendors what
actually works and what doesn't.
Best,
-Michael
On Sun, 2018-01-14 at 21:55 +0200, Horace Michael wrote:
> Hi,
> The microcode is the one for fixing (at processor side) the Spectre
> vulnerability?
>
>
> On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag <jonatan.schlag(a)ipfir
> e.org> wrote:
> > Add intel microcode too the distribution and configure dracut in a way
> > that the microcode is loaded early in the boot process.
> >
> > Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> > ---
> > config/dracut/dracut.conf | 3 +
> > config/rootfiles/common/i586/intel-microcode | 95
> > ++++++++++++++++++++++++++
> > config/rootfiles/common/x86_64/intel-microcode | 95
> > ++++++++++++++++++++++++++
> > lfs/cdrom | 2 +-
> > lfs/intel-microcode | 80
> > ++++++++++++++++++++++
> > lfs/linux-initrd | 2 +-
> > make.sh | 1 +
> > src/paks/linux-pae/install.sh | 2 +-
> > src/scripts/rebuild-initrd | 2 +-
> > 9 files changed, 278 insertions(+), 4 deletions(-)
> > create mode 100644 config/rootfiles/common/i586/intel-microcode
> > create mode 100644 config/rootfiles/common/x86_64/intel-microcode
> > create mode 100644 lfs/intel-microcode
> >
> > diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf
> > index 52bba9c62..e9bd566b6 100644
> > --- a/config/dracut/dracut.conf
> > +++ b/config/dracut/dracut.conf
> > @@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs"
> > #hostonly="yes"
> > #
> >
> > +# Load microcode for the CPU early
> > +early_microcode=yes
> > +
> > # install local /etc/mdadm.conf
> > #mdadmconf="no"
> >
> > diff --git a/config/rootfiles/common/i586/intel-microcode
> > b/config/rootfiles/common/i586/intel-microcode
> > new file mode 100644
> > index 000000000..765debc79
> > --- /dev/null
> > +++ b/config/rootfiles/common/i586/intel-microcode
> > @@ -0,0 +1,95 @@
> > +#lib/firmware/intel-ucode
> > +lib/firmware/intel-ucode/06-03-02
> > +lib/firmware/intel-ucode/06-05-00
> > +lib/firmware/intel-ucode/06-05-01
> > +lib/firmware/intel-ucode/06-05-02
> > +lib/firmware/intel-ucode/06-05-03
> > +lib/firmware/intel-ucode/06-06-00
> > +lib/firmware/intel-ucode/06-06-05
> > +lib/firmware/intel-ucode/06-06-0a
> > +lib/firmware/intel-ucode/06-06-0d
> > +lib/firmware/intel-ucode/06-07-01
> > +lib/firmware/intel-ucode/06-07-02
> > +lib/firmware/intel-ucode/06-07-03
> > +lib/firmware/intel-ucode/06-08-01
> > +lib/firmware/intel-ucode/06-08-03
> > +lib/firmware/intel-ucode/06-08-06
> > +lib/firmware/intel-ucode/06-08-0a
> > +lib/firmware/intel-ucode/06-09-05
> > +lib/firmware/intel-ucode/06-0a-00
> > +lib/firmware/intel-ucode/06-0a-01
> > +lib/firmware/intel-ucode/06-0b-01
> > +lib/firmware/intel-ucode/06-0b-04
> > +lib/firmware/intel-ucode/06-0d-06
> > +lib/firmware/intel-ucode/06-0e-08
> > +lib/firmware/intel-ucode/06-0e-0c
> > +lib/firmware/intel-ucode/06-0f-02
> > +lib/firmware/intel-ucode/06-0f-06
> > +lib/firmware/intel-ucode/06-0f-07
> > +lib/firmware/intel-ucode/06-0f-0a
> > +lib/firmware/intel-ucode/06-0f-0b
> > +lib/firmware/intel-ucode/06-0f-0d
> > +lib/firmware/intel-ucode/06-16-01
> > +lib/firmware/intel-ucode/06-17-06
> > +lib/firmware/intel-ucode/06-17-07
> > +lib/firmware/intel-ucode/06-17-0a
> > +lib/firmware/intel-ucode/06-1a-04
> > +lib/firmware/intel-ucode/06-1a-05
> > +lib/firmware/intel-ucode/06-1c-02
> > +lib/firmware/intel-ucode/06-1c-0a
> > +lib/firmware/intel-ucode/06-1d-01
> > +lib/firmware/intel-ucode/06-1e-05
> > +lib/firmware/intel-ucode/06-25-02
> > +lib/firmware/intel-ucode/06-25-05
> > +lib/firmware/intel-ucode/06-26-01
> > +lib/firmware/intel-ucode/06-2a-07
> > +lib/firmware/intel-ucode/06-2d-06
> > +lib/firmware/intel-ucode/06-2d-07
> > +lib/firmware/intel-ucode/06-2f-02
> > +lib/firmware/intel-ucode/06-3a-09
> > +lib/firmware/intel-ucode/06-3c-03
> > +lib/firmware/intel-ucode/06-3d-04
> > +lib/firmware/intel-ucode/06-3e-04
> > +lib/firmware/intel-ucode/06-3e-06
> > +lib/firmware/intel-ucode/06-3e-07
> > +lib/firmware/intel-ucode/06-3f-02
> > +lib/firmware/intel-ucode/06-3f-04
> > +lib/firmware/intel-ucode/06-45-01
> > +lib/firmware/intel-ucode/06-46-01
> > +lib/firmware/intel-ucode/06-47-01
> > +lib/firmware/intel-ucode/06-4e-03
> > +lib/firmware/intel-ucode/06-4f-01
> > +lib/firmware/intel-ucode/06-55-04
> > +lib/firmware/intel-ucode/06-56-02
> > +lib/firmware/intel-ucode/06-56-03
> > +lib/firmware/intel-ucode/06-56-04
> > +lib/firmware/intel-ucode/06-5c-09
> > +lib/firmware/intel-ucode/06-5e-03
> > +lib/firmware/intel-ucode/06-7a-01
> > +lib/firmware/intel-ucode/06-8e-09
> > +lib/firmware/intel-ucode/06-8e-0a
> > +lib/firmware/intel-ucode/06-9e-09
> > +lib/firmware/intel-ucode/06-9e-0a
> > +lib/firmware/intel-ucode/06-9e-0b
> > +lib/firmware/intel-ucode/0f-00-07
> > +lib/firmware/intel-ucode/0f-00-0a
> > +lib/firmware/intel-ucode/0f-01-02
> > +lib/firmware/intel-ucode/0f-02-04
> > +lib/firmware/intel-ucode/0f-02-05
> > +lib/firmware/intel-ucode/0f-02-06
> > +lib/firmware/intel-ucode/0f-02-07
> > +lib/firmware/intel-ucode/0f-02-09
> > +lib/firmware/intel-ucode/0f-03-02
> > +lib/firmware/intel-ucode/0f-03-03
> > +lib/firmware/intel-ucode/0f-03-04
> > +lib/firmware/intel-ucode/0f-04-01
> > +lib/firmware/intel-ucode/0f-04-03
> > +lib/firmware/intel-ucode/0f-04-04
> > +lib/firmware/intel-ucode/0f-04-07
> > +lib/firmware/intel-ucode/0f-04-08
> > +lib/firmware/intel-ucode/0f-04-09
> > +lib/firmware/intel-ucode/0f-04-0a
> > +lib/firmware/intel-ucode/0f-06-02
> > +lib/firmware/intel-ucode/0f-06-04
> > +lib/firmware/intel-ucode/0f-06-05
> > +lib/firmware/intel-ucode/0f-06-08
> > diff --git a/config/rootfiles/common/x86_64/intel-microcode
> > b/config/rootfiles/common/x86_64/intel-microcode
> > new file mode 100644
> > index 000000000..765debc79
> > --- /dev/null
> > +++ b/config/rootfiles/common/x86_64/intel-microcode
> > @@ -0,0 +1,95 @@
> > +#lib/firmware/intel-ucode
> > +lib/firmware/intel-ucode/06-03-02
> > +lib/firmware/intel-ucode/06-05-00
> > +lib/firmware/intel-ucode/06-05-01
> > +lib/firmware/intel-ucode/06-05-02
> > +lib/firmware/intel-ucode/06-05-03
> > +lib/firmware/intel-ucode/06-06-00
> > +lib/firmware/intel-ucode/06-06-05
> > +lib/firmware/intel-ucode/06-06-0a
> > +lib/firmware/intel-ucode/06-06-0d
> > +lib/firmware/intel-ucode/06-07-01
> > +lib/firmware/intel-ucode/06-07-02
> > +lib/firmware/intel-ucode/06-07-03
> > +lib/firmware/intel-ucode/06-08-01
> > +lib/firmware/intel-ucode/06-08-03
> > +lib/firmware/intel-ucode/06-08-06
> > +lib/firmware/intel-ucode/06-08-0a
> > +lib/firmware/intel-ucode/06-09-05
> > +lib/firmware/intel-ucode/06-0a-00
> > +lib/firmware/intel-ucode/06-0a-01
> > +lib/firmware/intel-ucode/06-0b-01
> > +lib/firmware/intel-ucode/06-0b-04
> > +lib/firmware/intel-ucode/06-0d-06
> > +lib/firmware/intel-ucode/06-0e-08
> > +lib/firmware/intel-ucode/06-0e-0c
> > +lib/firmware/intel-ucode/06-0f-02
> > +lib/firmware/intel-ucode/06-0f-06
> > +lib/firmware/intel-ucode/06-0f-07
> > +lib/firmware/intel-ucode/06-0f-0a
> > +lib/firmware/intel-ucode/06-0f-0b
> > +lib/firmware/intel-ucode/06-0f-0d
> > +lib/firmware/intel-ucode/06-16-01
> > +lib/firmware/intel-ucode/06-17-06
> > +lib/firmware/intel-ucode/06-17-07
> > +lib/firmware/intel-ucode/06-17-0a
> > +lib/firmware/intel-ucode/06-1a-04
> > +lib/firmware/intel-ucode/06-1a-05
> > +lib/firmware/intel-ucode/06-1c-02
> > +lib/firmware/intel-ucode/06-1c-0a
> > +lib/firmware/intel-ucode/06-1d-01
> > +lib/firmware/intel-ucode/06-1e-05
> > +lib/firmware/intel-ucode/06-25-02
> > +lib/firmware/intel-ucode/06-25-05
> > +lib/firmware/intel-ucode/06-26-01
> > +lib/firmware/intel-ucode/06-2a-07
> > +lib/firmware/intel-ucode/06-2d-06
> > +lib/firmware/intel-ucode/06-2d-07
> > +lib/firmware/intel-ucode/06-2f-02
> > +lib/firmware/intel-ucode/06-3a-09
> > +lib/firmware/intel-ucode/06-3c-03
> > +lib/firmware/intel-ucode/06-3d-04
> > +lib/firmware/intel-ucode/06-3e-04
> > +lib/firmware/intel-ucode/06-3e-06
> > +lib/firmware/intel-ucode/06-3e-07
> > +lib/firmware/intel-ucode/06-3f-02
> > +lib/firmware/intel-ucode/06-3f-04
> > +lib/firmware/intel-ucode/06-45-01
> > +lib/firmware/intel-ucode/06-46-01
> > +lib/firmware/intel-ucode/06-47-01
> > +lib/firmware/intel-ucode/06-4e-03
> > +lib/firmware/intel-ucode/06-4f-01
> > +lib/firmware/intel-ucode/06-55-04
> > +lib/firmware/intel-ucode/06-56-02
> > +lib/firmware/intel-ucode/06-56-03
> > +lib/firmware/intel-ucode/06-56-04
> > +lib/firmware/intel-ucode/06-5c-09
> > +lib/firmware/intel-ucode/06-5e-03
> > +lib/firmware/intel-ucode/06-7a-01
> > +lib/firmware/intel-ucode/06-8e-09
> > +lib/firmware/intel-ucode/06-8e-0a
> > +lib/firmware/intel-ucode/06-9e-09
> > +lib/firmware/intel-ucode/06-9e-0a
> > +lib/firmware/intel-ucode/06-9e-0b
> > +lib/firmware/intel-ucode/0f-00-07
> > +lib/firmware/intel-ucode/0f-00-0a
> > +lib/firmware/intel-ucode/0f-01-02
> > +lib/firmware/intel-ucode/0f-02-04
> > +lib/firmware/intel-ucode/0f-02-05
> > +lib/firmware/intel-ucode/0f-02-06
> > +lib/firmware/intel-ucode/0f-02-07
> > +lib/firmware/intel-ucode/0f-02-09
> > +lib/firmware/intel-ucode/0f-03-02
> > +lib/firmware/intel-ucode/0f-03-03
> > +lib/firmware/intel-ucode/0f-03-04
> > +lib/firmware/intel-ucode/0f-04-01
> > +lib/firmware/intel-ucode/0f-04-03
> > +lib/firmware/intel-ucode/0f-04-04
> > +lib/firmware/intel-ucode/0f-04-07
> > +lib/firmware/intel-ucode/0f-04-08
> > +lib/firmware/intel-ucode/0f-04-09
> > +lib/firmware/intel-ucode/0f-04-0a
> > +lib/firmware/intel-ucode/0f-06-02
> > +lib/firmware/intel-ucode/0f-06-04
> > +lib/firmware/intel-ucode/0f-06-05
> > +lib/firmware/intel-ucode/0f-06-08
> > diff --git a/lfs/cdrom b/lfs/cdrom
> > index 7a7fff166..7056e9a0b 100644
> > --- a/lfs/cdrom
> > +++ b/lfs/cdrom
> > @@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > dd if=/dev/zero bs=1k count=2 >
> > /install/cdrom/boot/isolinux/boot.catalog
> > ifneq "$(BUILD_PLATFORM)" "arm"
> > cp /boot/vmlinuz-$(KVER)-ipfire
> > /install/cdrom/boot/isolinux/vmlinuz
> > - dracut --force -a "installer" --strip --xz
> > /install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
> > + dracut --force --early-microcode -a "installer" --strip --xz
> > /install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
> > cp $(DIR_SRC)/config/syslinux/boot.png
> > /install/cdrom/boot/isolinux/boot.png
> > cp /usr/lib/memtest86+/memtest.bin
> > /install/cdrom/boot/isolinux/memtest
> > cp /usr/share/ipfire-netboot/ipxe.lkrn
> > /install/cdrom/boot/isolinux/netboot
> > diff --git a/lfs/intel-microcode b/lfs/intel-microcode
> > new file mode 100644
> > index 000000000..03a000e91
> > --- /dev/null
> > +++ b/lfs/intel-microcode
> > @@ -0,0 +1,80 @@
> > +###########################################################################
> > ####
> > +#
> > #
> > +# IPFire.org - A linux based firewall
> > #
> > +# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org>
> > #
> > +#
> > #
> > +# This program is free software: you can redistribute it and/or modify
> > #
> > +# it under the terms of the GNU General Public License as published by
> > #
> > +# the Free Software Foundation, either version 3 of the License, or
> > #
> > +# (at your option) any later version.
>
> --
> Horace Michael (aka H&M)
> Please excuse my typos and brevity. Sent from a Smartphone.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2018-01-15 11:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-14 13:16 Jonatan Schlag
2018-01-14 19:55 ` Horace Michael
2018-01-15 11:39 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516016395.3647.64.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox