Hi, The microcode is the one for fixing (at processor side) the Spectre vulnerability? On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag wrote: >Add intel microcode too the distribution and configure dracut in a way >that the microcode is loaded early in the boot process. > >Signed-off-by: Jonatan Schlag >--- > config/dracut/dracut.conf | 3 + >config/rootfiles/common/i586/intel-microcode | 95 >++++++++++++++++++++++++++ >config/rootfiles/common/x86_64/intel-microcode | 95 >++++++++++++++++++++++++++ > lfs/cdrom | 2 +- >lfs/intel-microcode | 80 >++++++++++++++++++++++ > lfs/linux-initrd | 2 +- > make.sh | 1 + > src/paks/linux-pae/install.sh | 2 +- > src/scripts/rebuild-initrd | 2 +- > 9 files changed, 278 insertions(+), 4 deletions(-) > create mode 100644 config/rootfiles/common/i586/intel-microcode > create mode 100644 config/rootfiles/common/x86_64/intel-microcode > create mode 100644 lfs/intel-microcode > >diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf >index 52bba9c62..e9bd566b6 100644 >--- a/config/dracut/dracut.conf >+++ b/config/dracut/dracut.conf >@@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs" > #hostonly="yes" > # > >+# Load microcode for the CPU early >+early_microcode=yes >+ > # install local /etc/mdadm.conf > #mdadmconf="no" > >diff --git a/config/rootfiles/common/i586/intel-microcode >b/config/rootfiles/common/i586/intel-microcode >new file mode 100644 >index 000000000..765debc79 >--- /dev/null >+++ b/config/rootfiles/common/i586/intel-microcode >@@ -0,0 +1,95 @@ >+#lib/firmware/intel-ucode >+lib/firmware/intel-ucode/06-03-02 >+lib/firmware/intel-ucode/06-05-00 >+lib/firmware/intel-ucode/06-05-01 >+lib/firmware/intel-ucode/06-05-02 >+lib/firmware/intel-ucode/06-05-03 >+lib/firmware/intel-ucode/06-06-00 >+lib/firmware/intel-ucode/06-06-05 >+lib/firmware/intel-ucode/06-06-0a >+lib/firmware/intel-ucode/06-06-0d >+lib/firmware/intel-ucode/06-07-01 >+lib/firmware/intel-ucode/06-07-02 >+lib/firmware/intel-ucode/06-07-03 >+lib/firmware/intel-ucode/06-08-01 >+lib/firmware/intel-ucode/06-08-03 >+lib/firmware/intel-ucode/06-08-06 >+lib/firmware/intel-ucode/06-08-0a >+lib/firmware/intel-ucode/06-09-05 >+lib/firmware/intel-ucode/06-0a-00 >+lib/firmware/intel-ucode/06-0a-01 >+lib/firmware/intel-ucode/06-0b-01 >+lib/firmware/intel-ucode/06-0b-04 >+lib/firmware/intel-ucode/06-0d-06 >+lib/firmware/intel-ucode/06-0e-08 >+lib/firmware/intel-ucode/06-0e-0c >+lib/firmware/intel-ucode/06-0f-02 >+lib/firmware/intel-ucode/06-0f-06 >+lib/firmware/intel-ucode/06-0f-07 >+lib/firmware/intel-ucode/06-0f-0a >+lib/firmware/intel-ucode/06-0f-0b >+lib/firmware/intel-ucode/06-0f-0d >+lib/firmware/intel-ucode/06-16-01 >+lib/firmware/intel-ucode/06-17-06 >+lib/firmware/intel-ucode/06-17-07 >+lib/firmware/intel-ucode/06-17-0a >+lib/firmware/intel-ucode/06-1a-04 >+lib/firmware/intel-ucode/06-1a-05 >+lib/firmware/intel-ucode/06-1c-02 >+lib/firmware/intel-ucode/06-1c-0a >+lib/firmware/intel-ucode/06-1d-01 >+lib/firmware/intel-ucode/06-1e-05 >+lib/firmware/intel-ucode/06-25-02 >+lib/firmware/intel-ucode/06-25-05 >+lib/firmware/intel-ucode/06-26-01 >+lib/firmware/intel-ucode/06-2a-07 >+lib/firmware/intel-ucode/06-2d-06 >+lib/firmware/intel-ucode/06-2d-07 >+lib/firmware/intel-ucode/06-2f-02 >+lib/firmware/intel-ucode/06-3a-09 >+lib/firmware/intel-ucode/06-3c-03 >+lib/firmware/intel-ucode/06-3d-04 >+lib/firmware/intel-ucode/06-3e-04 >+lib/firmware/intel-ucode/06-3e-06 >+lib/firmware/intel-ucode/06-3e-07 >+lib/firmware/intel-ucode/06-3f-02 >+lib/firmware/intel-ucode/06-3f-04 >+lib/firmware/intel-ucode/06-45-01 >+lib/firmware/intel-ucode/06-46-01 >+lib/firmware/intel-ucode/06-47-01 >+lib/firmware/intel-ucode/06-4e-03 >+lib/firmware/intel-ucode/06-4f-01 >+lib/firmware/intel-ucode/06-55-04 >+lib/firmware/intel-ucode/06-56-02 >+lib/firmware/intel-ucode/06-56-03 >+lib/firmware/intel-ucode/06-56-04 >+lib/firmware/intel-ucode/06-5c-09 >+lib/firmware/intel-ucode/06-5e-03 >+lib/firmware/intel-ucode/06-7a-01 >+lib/firmware/intel-ucode/06-8e-09 >+lib/firmware/intel-ucode/06-8e-0a >+lib/firmware/intel-ucode/06-9e-09 >+lib/firmware/intel-ucode/06-9e-0a >+lib/firmware/intel-ucode/06-9e-0b >+lib/firmware/intel-ucode/0f-00-07 >+lib/firmware/intel-ucode/0f-00-0a >+lib/firmware/intel-ucode/0f-01-02 >+lib/firmware/intel-ucode/0f-02-04 >+lib/firmware/intel-ucode/0f-02-05 >+lib/firmware/intel-ucode/0f-02-06 >+lib/firmware/intel-ucode/0f-02-07 >+lib/firmware/intel-ucode/0f-02-09 >+lib/firmware/intel-ucode/0f-03-02 >+lib/firmware/intel-ucode/0f-03-03 >+lib/firmware/intel-ucode/0f-03-04 >+lib/firmware/intel-ucode/0f-04-01 >+lib/firmware/intel-ucode/0f-04-03 >+lib/firmware/intel-ucode/0f-04-04 >+lib/firmware/intel-ucode/0f-04-07 >+lib/firmware/intel-ucode/0f-04-08 >+lib/firmware/intel-ucode/0f-04-09 >+lib/firmware/intel-ucode/0f-04-0a >+lib/firmware/intel-ucode/0f-06-02 >+lib/firmware/intel-ucode/0f-06-04 >+lib/firmware/intel-ucode/0f-06-05 >+lib/firmware/intel-ucode/0f-06-08 >diff --git a/config/rootfiles/common/x86_64/intel-microcode >b/config/rootfiles/common/x86_64/intel-microcode >new file mode 100644 >index 000000000..765debc79 >--- /dev/null >+++ b/config/rootfiles/common/x86_64/intel-microcode >@@ -0,0 +1,95 @@ >+#lib/firmware/intel-ucode >+lib/firmware/intel-ucode/06-03-02 >+lib/firmware/intel-ucode/06-05-00 >+lib/firmware/intel-ucode/06-05-01 >+lib/firmware/intel-ucode/06-05-02 >+lib/firmware/intel-ucode/06-05-03 >+lib/firmware/intel-ucode/06-06-00 >+lib/firmware/intel-ucode/06-06-05 >+lib/firmware/intel-ucode/06-06-0a >+lib/firmware/intel-ucode/06-06-0d >+lib/firmware/intel-ucode/06-07-01 >+lib/firmware/intel-ucode/06-07-02 >+lib/firmware/intel-ucode/06-07-03 >+lib/firmware/intel-ucode/06-08-01 >+lib/firmware/intel-ucode/06-08-03 >+lib/firmware/intel-ucode/06-08-06 >+lib/firmware/intel-ucode/06-08-0a >+lib/firmware/intel-ucode/06-09-05 >+lib/firmware/intel-ucode/06-0a-00 >+lib/firmware/intel-ucode/06-0a-01 >+lib/firmware/intel-ucode/06-0b-01 >+lib/firmware/intel-ucode/06-0b-04 >+lib/firmware/intel-ucode/06-0d-06 >+lib/firmware/intel-ucode/06-0e-08 >+lib/firmware/intel-ucode/06-0e-0c >+lib/firmware/intel-ucode/06-0f-02 >+lib/firmware/intel-ucode/06-0f-06 >+lib/firmware/intel-ucode/06-0f-07 >+lib/firmware/intel-ucode/06-0f-0a >+lib/firmware/intel-ucode/06-0f-0b >+lib/firmware/intel-ucode/06-0f-0d >+lib/firmware/intel-ucode/06-16-01 >+lib/firmware/intel-ucode/06-17-06 >+lib/firmware/intel-ucode/06-17-07 >+lib/firmware/intel-ucode/06-17-0a >+lib/firmware/intel-ucode/06-1a-04 >+lib/firmware/intel-ucode/06-1a-05 >+lib/firmware/intel-ucode/06-1c-02 >+lib/firmware/intel-ucode/06-1c-0a >+lib/firmware/intel-ucode/06-1d-01 >+lib/firmware/intel-ucode/06-1e-05 >+lib/firmware/intel-ucode/06-25-02 >+lib/firmware/intel-ucode/06-25-05 >+lib/firmware/intel-ucode/06-26-01 >+lib/firmware/intel-ucode/06-2a-07 >+lib/firmware/intel-ucode/06-2d-06 >+lib/firmware/intel-ucode/06-2d-07 >+lib/firmware/intel-ucode/06-2f-02 >+lib/firmware/intel-ucode/06-3a-09 >+lib/firmware/intel-ucode/06-3c-03 >+lib/firmware/intel-ucode/06-3d-04 >+lib/firmware/intel-ucode/06-3e-04 >+lib/firmware/intel-ucode/06-3e-06 >+lib/firmware/intel-ucode/06-3e-07 >+lib/firmware/intel-ucode/06-3f-02 >+lib/firmware/intel-ucode/06-3f-04 >+lib/firmware/intel-ucode/06-45-01 >+lib/firmware/intel-ucode/06-46-01 >+lib/firmware/intel-ucode/06-47-01 >+lib/firmware/intel-ucode/06-4e-03 >+lib/firmware/intel-ucode/06-4f-01 >+lib/firmware/intel-ucode/06-55-04 >+lib/firmware/intel-ucode/06-56-02 >+lib/firmware/intel-ucode/06-56-03 >+lib/firmware/intel-ucode/06-56-04 >+lib/firmware/intel-ucode/06-5c-09 >+lib/firmware/intel-ucode/06-5e-03 >+lib/firmware/intel-ucode/06-7a-01 >+lib/firmware/intel-ucode/06-8e-09 >+lib/firmware/intel-ucode/06-8e-0a >+lib/firmware/intel-ucode/06-9e-09 >+lib/firmware/intel-ucode/06-9e-0a >+lib/firmware/intel-ucode/06-9e-0b >+lib/firmware/intel-ucode/0f-00-07 >+lib/firmware/intel-ucode/0f-00-0a >+lib/firmware/intel-ucode/0f-01-02 >+lib/firmware/intel-ucode/0f-02-04 >+lib/firmware/intel-ucode/0f-02-05 >+lib/firmware/intel-ucode/0f-02-06 >+lib/firmware/intel-ucode/0f-02-07 >+lib/firmware/intel-ucode/0f-02-09 >+lib/firmware/intel-ucode/0f-03-02 >+lib/firmware/intel-ucode/0f-03-03 >+lib/firmware/intel-ucode/0f-03-04 >+lib/firmware/intel-ucode/0f-04-01 >+lib/firmware/intel-ucode/0f-04-03 >+lib/firmware/intel-ucode/0f-04-04 >+lib/firmware/intel-ucode/0f-04-07 >+lib/firmware/intel-ucode/0f-04-08 >+lib/firmware/intel-ucode/0f-04-09 >+lib/firmware/intel-ucode/0f-04-0a >+lib/firmware/intel-ucode/0f-06-02 >+lib/firmware/intel-ucode/0f-06-04 >+lib/firmware/intel-ucode/0f-06-05 >+lib/firmware/intel-ucode/0f-06-08 >diff --git a/lfs/cdrom b/lfs/cdrom >index 7a7fff166..7056e9a0b 100644 >--- a/lfs/cdrom >+++ b/lfs/cdrom >@@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > dd if=/dev/zero bs=1k count=2 > >/install/cdrom/boot/isolinux/boot.catalog > ifneq "$(BUILD_PLATFORM)" "arm" > cp /boot/vmlinuz-$(KVER)-ipfire >/install/cdrom/boot/isolinux/vmlinuz >- dracut --force -a "installer" --strip --xz >/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire >+ dracut --force --early-microcode -a "installer" --strip --xz >/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire > cp $(DIR_SRC)/config/syslinux/boot.png >/install/cdrom/boot/isolinux/boot.png > cp /usr/lib/memtest86+/memtest.bin >/install/cdrom/boot/isolinux/memtest > cp /usr/share/ipfire-netboot/ipxe.lkrn >/install/cdrom/boot/isolinux/netboot >diff --git a/lfs/intel-microcode b/lfs/intel-microcode >new file mode 100644 >index 000000000..03a000e91 >--- /dev/null >+++ b/lfs/intel-microcode >@@ -0,0 +1,80 @@ >+############################################################################### >+# > # >+# IPFire.org - A linux based firewall > # >+# Copyright (C) 2007-2016 IPFire Team > # >+# > # >+# This program is free software: you can redistribute it and/or modify > # >+# it under the terms of the GNU General Public License as published by > # >+# the Free Software Foundation, either version 3 of the License, or > # >+# (at your option) any later version. -- Horace Michael (aka H&M) Please excuse my typos and brevity. Sent from a Smartphone.