Re: [PATCH] intel-microcode

Hi, The microcode is the one for fixing (at processor side) the Spectre vulnerability?

On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag jonatan.schlag@ipfire.org wrote:

Add intel microcode too the distribution and configure dracut in a way that the microcode is loaded early in the boot process.

Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org

config/dracut/dracut.conf | 3 + config/rootfiles/common/i586/intel-microcode | 95 ++++++++++++++++++++++++++ config/rootfiles/common/x86_64/intel-microcode | 95 ++++++++++++++++++++++++++ lfs/cdrom | 2 +- lfs/intel-microcode | 80 ++++++++++++++++++++++ lfs/linux-initrd | 2 +- make.sh | 1 + src/paks/linux-pae/install.sh | 2 +- src/scripts/rebuild-initrd | 2 +- 9 files changed, 278 insertions(+), 4 deletions(-) create mode 100644 config/rootfiles/common/i586/intel-microcode create mode 100644 config/rootfiles/common/x86_64/intel-microcode create mode 100644 lfs/intel-microcode

diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf index 52bba9c62..e9bd566b6 100644 --- a/config/dracut/dracut.conf +++ b/config/dracut/dracut.conf @@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs" #hostonly="yes" #

+# Load microcode for the CPU early +early_microcode=yes

# install local /etc/mdadm.conf #mdadmconf="no"

diff --git a/config/rootfiles/common/i586/intel-microcode b/config/rootfiles/common/i586/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/i586/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/lfs/cdrom b/lfs/cdrom index 7a7fff166..7056e9a0b 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) dd if=/dev/zero bs=1k count=2 > /install/cdrom/boot/isolinux/boot.catalog ifneq "$(BUILD_PLATFORM)" "arm" cp /boot/vmlinuz-$(KVER)-ipfire /install/cdrom/boot/isolinux/vmlinuz

• dracut --force -a "installer" --strip --xz

/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire

• dracut --force --early-microcode -a "installer" --strip --xz

/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire cp $(DIR_SRC)/config/syslinux/boot.png /install/cdrom/boot/isolinux/boot.png cp /usr/lib/memtest86+/memtest.bin /install/cdrom/boot/isolinux/memtest cp /usr/share/ipfire-netboot/ipxe.lkrn /install/cdrom/boot/isolinux/netboot diff --git a/lfs/intel-microcode b/lfs/intel-microcode new file mode 100644 index 000000000..03a000e91 --- /dev/null +++ b/lfs/intel-microcode @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version.

-- Horace Michael (aka H&M) Please excuse my typos and brevity. Sent from a Smartphone.