Re: [PATCH] intel-microcode

15 Jan 2018

Hi,
unfortunately no.
Intel has not released anything yet, that would to either fix or mitigate either
Meltdown and Spectre.
I haven't either seen a full changelog about these, but it is assumed that this
updated microcode helps to keep the performance impact on the Meltdown patches
in Linux 4.14 somewhat lower.
At the moment we do not have any clear information from the vendors what
actually works and what doesn't.
Best,
-Michael
On Sun, 2018-01-14 at 21:55 +0200, Horace Michael wrote:
...
Hi,
The microcode is the one for fixing (at processor side) the Spectre
vulnerability?
On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag <jonatan.schlag@ipfir
e.org> wrote:
...
Add intel microcode too the distribution and configure dracut in a way
that the microcode is loaded early in the boot process.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
config/dracut/dracut.conf                      |  3 +
config/rootfiles/common/i586/intel-microcode   | 95
++++++++++++++++++++++++++
config/rootfiles/common/x86_64/intel-microcode | 95
++++++++++++++++++++++++++
lfs/cdrom                                      |  2 +-
lfs/intel-microcode                            | 80
++++++++++++++++++++++
lfs/linux-initrd                               |  2 +-
make.sh                                        |  1 +
src/paks/linux-pae/install.sh                  |  2 +-
src/scripts/rebuild-initrd                     |  2 +-
9 files changed, 278 insertions(+), 4 deletions(-)
create mode 100644 config/rootfiles/common/i586/intel-microcode
create mode 100644 config/rootfiles/common/x86_64/intel-microcode
create mode 100644 lfs/intel-microcode

diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf
index 52bba9c62..e9bd566b6 100644
--- a/config/dracut/dracut.conf
+++ b/config/dracut/dracut.conf
@@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs"
#hostonly="yes"
#
+# Load microcode for the CPU early
+early_microcode=yes



# install local /etc/mdadm.conf
#mdadmconf="no"
diff --git a/config/rootfiles/common/i586/intel-microcode
b/config/rootfiles/common/i586/intel-microcode
new file mode 100644
index 000000000..765debc79
--- /dev/null
+++ b/config/rootfiles/common/i586/intel-microcode
@@ -0,0 +1,95 @@
+#lib/firmware/intel-ucode
+lib/firmware/intel-ucode/06-03-02
+lib/firmware/intel-ucode/06-05-00
+lib/firmware/intel-ucode/06-05-01
+lib/firmware/intel-ucode/06-05-02
+lib/firmware/intel-ucode/06-05-03
+lib/firmware/intel-ucode/06-06-00
+lib/firmware/intel-ucode/06-06-05
+lib/firmware/intel-ucode/06-06-0a
+lib/firmware/intel-ucode/06-06-0d
+lib/firmware/intel-ucode/06-07-01
+lib/firmware/intel-ucode/06-07-02
+lib/firmware/intel-ucode/06-07-03
+lib/firmware/intel-ucode/06-08-01
+lib/firmware/intel-ucode/06-08-03
+lib/firmware/intel-ucode/06-08-06
+lib/firmware/intel-ucode/06-08-0a
+lib/firmware/intel-ucode/06-09-05
+lib/firmware/intel-ucode/06-0a-00
+lib/firmware/intel-ucode/06-0a-01
+lib/firmware/intel-ucode/06-0b-01
+lib/firmware/intel-ucode/06-0b-04
+lib/firmware/intel-ucode/06-0d-06
+lib/firmware/intel-ucode/06-0e-08
+lib/firmware/intel-ucode/06-0e-0c
+lib/firmware/intel-ucode/06-0f-02
+lib/firmware/intel-ucode/06-0f-06
+lib/firmware/intel-ucode/06-0f-07
+lib/firmware/intel-ucode/06-0f-0a
+lib/firmware/intel-ucode/06-0f-0b
+lib/firmware/intel-ucode/06-0f-0d
+lib/firmware/intel-ucode/06-16-01
+lib/firmware/intel-ucode/06-17-06
+lib/firmware/intel-ucode/06-17-07
+lib/firmware/intel-ucode/06-17-0a
+lib/firmware/intel-ucode/06-1a-04
+lib/firmware/intel-ucode/06-1a-05
+lib/firmware/intel-ucode/06-1c-02
+lib/firmware/intel-ucode/06-1c-0a
+lib/firmware/intel-ucode/06-1d-01
+lib/firmware/intel-ucode/06-1e-05
+lib/firmware/intel-ucode/06-25-02
+lib/firmware/intel-ucode/06-25-05
+lib/firmware/intel-ucode/06-26-01
+lib/firmware/intel-ucode/06-2a-07
+lib/firmware/intel-ucode/06-2d-06
+lib/firmware/intel-ucode/06-2d-07
+lib/firmware/intel-ucode/06-2f-02
+lib/firmware/intel-ucode/06-3a-09
+lib/firmware/intel-ucode/06-3c-03
+lib/firmware/intel-ucode/06-3d-04
+lib/firmware/intel-ucode/06-3e-04
+lib/firmware/intel-ucode/06-3e-06
+lib/firmware/intel-ucode/06-3e-07
+lib/firmware/intel-ucode/06-3f-02
+lib/firmware/intel-ucode/06-3f-04
+lib/firmware/intel-ucode/06-45-01
+lib/firmware/intel-ucode/06-46-01
+lib/firmware/intel-ucode/06-47-01
+lib/firmware/intel-ucode/06-4e-03
+lib/firmware/intel-ucode/06-4f-01
+lib/firmware/intel-ucode/06-55-04
+lib/firmware/intel-ucode/06-56-02
+lib/firmware/intel-ucode/06-56-03
+lib/firmware/intel-ucode/06-56-04
+lib/firmware/intel-ucode/06-5c-09
+lib/firmware/intel-ucode/06-5e-03
+lib/firmware/intel-ucode/06-7a-01
+lib/firmware/intel-ucode/06-8e-09
+lib/firmware/intel-ucode/06-8e-0a
+lib/firmware/intel-ucode/06-9e-09
+lib/firmware/intel-ucode/06-9e-0a
+lib/firmware/intel-ucode/06-9e-0b
+lib/firmware/intel-ucode/0f-00-07
+lib/firmware/intel-ucode/0f-00-0a
+lib/firmware/intel-ucode/0f-01-02
+lib/firmware/intel-ucode/0f-02-04
+lib/firmware/intel-ucode/0f-02-05
+lib/firmware/intel-ucode/0f-02-06
+lib/firmware/intel-ucode/0f-02-07
+lib/firmware/intel-ucode/0f-02-09
+lib/firmware/intel-ucode/0f-03-02
+lib/firmware/intel-ucode/0f-03-03
+lib/firmware/intel-ucode/0f-03-04
+lib/firmware/intel-ucode/0f-04-01
+lib/firmware/intel-ucode/0f-04-03
+lib/firmware/intel-ucode/0f-04-04
+lib/firmware/intel-ucode/0f-04-07
+lib/firmware/intel-ucode/0f-04-08
+lib/firmware/intel-ucode/0f-04-09
+lib/firmware/intel-ucode/0f-04-0a
+lib/firmware/intel-ucode/0f-06-02
+lib/firmware/intel-ucode/0f-06-04
+lib/firmware/intel-ucode/0f-06-05
+lib/firmware/intel-ucode/0f-06-08
diff --git a/config/rootfiles/common/x86_64/intel-microcode
b/config/rootfiles/common/x86_64/intel-microcode
new file mode 100644
index 000000000..765debc79
--- /dev/null
+++ b/config/rootfiles/common/x86_64/intel-microcode
@@ -0,0 +1,95 @@
+#lib/firmware/intel-ucode
+lib/firmware/intel-ucode/06-03-02
+lib/firmware/intel-ucode/06-05-00
+lib/firmware/intel-ucode/06-05-01
+lib/firmware/intel-ucode/06-05-02
+lib/firmware/intel-ucode/06-05-03
+lib/firmware/intel-ucode/06-06-00
+lib/firmware/intel-ucode/06-06-05
+lib/firmware/intel-ucode/06-06-0a
+lib/firmware/intel-ucode/06-06-0d
+lib/firmware/intel-ucode/06-07-01
+lib/firmware/intel-ucode/06-07-02
+lib/firmware/intel-ucode/06-07-03
+lib/firmware/intel-ucode/06-08-01
+lib/firmware/intel-ucode/06-08-03
+lib/firmware/intel-ucode/06-08-06
+lib/firmware/intel-ucode/06-08-0a
+lib/firmware/intel-ucode/06-09-05
+lib/firmware/intel-ucode/06-0a-00
+lib/firmware/intel-ucode/06-0a-01
+lib/firmware/intel-ucode/06-0b-01
+lib/firmware/intel-ucode/06-0b-04
+lib/firmware/intel-ucode/06-0d-06
+lib/firmware/intel-ucode/06-0e-08
+lib/firmware/intel-ucode/06-0e-0c
+lib/firmware/intel-ucode/06-0f-02
+lib/firmware/intel-ucode/06-0f-06
+lib/firmware/intel-ucode/06-0f-07
+lib/firmware/intel-ucode/06-0f-0a
+lib/firmware/intel-ucode/06-0f-0b
+lib/firmware/intel-ucode/06-0f-0d
+lib/firmware/intel-ucode/06-16-01
+lib/firmware/intel-ucode/06-17-06
+lib/firmware/intel-ucode/06-17-07
+lib/firmware/intel-ucode/06-17-0a
+lib/firmware/intel-ucode/06-1a-04
+lib/firmware/intel-ucode/06-1a-05
+lib/firmware/intel-ucode/06-1c-02
+lib/firmware/intel-ucode/06-1c-0a
+lib/firmware/intel-ucode/06-1d-01
+lib/firmware/intel-ucode/06-1e-05
+lib/firmware/intel-ucode/06-25-02
+lib/firmware/intel-ucode/06-25-05
+lib/firmware/intel-ucode/06-26-01
+lib/firmware/intel-ucode/06-2a-07
+lib/firmware/intel-ucode/06-2d-06
+lib/firmware/intel-ucode/06-2d-07
+lib/firmware/intel-ucode/06-2f-02
+lib/firmware/intel-ucode/06-3a-09
+lib/firmware/intel-ucode/06-3c-03
+lib/firmware/intel-ucode/06-3d-04
+lib/firmware/intel-ucode/06-3e-04
+lib/firmware/intel-ucode/06-3e-06
+lib/firmware/intel-ucode/06-3e-07
+lib/firmware/intel-ucode/06-3f-02
+lib/firmware/intel-ucode/06-3f-04
+lib/firmware/intel-ucode/06-45-01
+lib/firmware/intel-ucode/06-46-01
+lib/firmware/intel-ucode/06-47-01
+lib/firmware/intel-ucode/06-4e-03
+lib/firmware/intel-ucode/06-4f-01
+lib/firmware/intel-ucode/06-55-04
+lib/firmware/intel-ucode/06-56-02
+lib/firmware/intel-ucode/06-56-03
+lib/firmware/intel-ucode/06-56-04
+lib/firmware/intel-ucode/06-5c-09
+lib/firmware/intel-ucode/06-5e-03
+lib/firmware/intel-ucode/06-7a-01
+lib/firmware/intel-ucode/06-8e-09
+lib/firmware/intel-ucode/06-8e-0a
+lib/firmware/intel-ucode/06-9e-09
+lib/firmware/intel-ucode/06-9e-0a
+lib/firmware/intel-ucode/06-9e-0b
+lib/firmware/intel-ucode/0f-00-07
+lib/firmware/intel-ucode/0f-00-0a
+lib/firmware/intel-ucode/0f-01-02
+lib/firmware/intel-ucode/0f-02-04
+lib/firmware/intel-ucode/0f-02-05
+lib/firmware/intel-ucode/0f-02-06
+lib/firmware/intel-ucode/0f-02-07
+lib/firmware/intel-ucode/0f-02-09
+lib/firmware/intel-ucode/0f-03-02
+lib/firmware/intel-ucode/0f-03-03
+lib/firmware/intel-ucode/0f-03-04
+lib/firmware/intel-ucode/0f-04-01
+lib/firmware/intel-ucode/0f-04-03
+lib/firmware/intel-ucode/0f-04-04
+lib/firmware/intel-ucode/0f-04-07
+lib/firmware/intel-ucode/0f-04-08
+lib/firmware/intel-ucode/0f-04-09
+lib/firmware/intel-ucode/0f-04-0a
+lib/firmware/intel-ucode/0f-06-02
+lib/firmware/intel-ucode/0f-06-04
+lib/firmware/intel-ucode/0f-06-05
+lib/firmware/intel-ucode/0f-06-08
diff --git a/lfs/cdrom b/lfs/cdrom
index 7a7fff166..7056e9a0b 100644
--- a/lfs/cdrom
+++ b/lfs/cdrom
@@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
   dd if=/dev/zero  bs=1k count=2            >
/install/cdrom/boot/isolinux/boot.catalog
ifneq "$(BUILD_PLATFORM)" "arm"
   cp /boot/vmlinuz-$(KVER)-ipfire            
/install/cdrom/boot/isolinux/vmlinuz

dracut --force -a "installer" --strip --xz

/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire

dracut --force --early-microcode -a "installer" --strip --xz

/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
   cp $(DIR_SRC)/config/syslinux/boot.png     
/install/cdrom/boot/isolinux/boot.png
   cp /usr/lib/memtest86+/memtest.bin         
/install/cdrom/boot/isolinux/memtest
   cp /usr/share/ipfire-netboot/ipxe.lkrn     
/install/cdrom/boot/isolinux/netboot
diff --git a/lfs/intel-microcode b/lfs/intel-microcode
new file mode 100644
index 000000000..03a000e91
--- /dev/null
+++ b/lfs/intel-microcode
@@ -0,0 +1,80 @@
+###########################################################################
####
+#                                                                     
      #
+# IPFire.org - A linux based firewall                                 
      #
+# Copyright (C) 2007-2016  IPFire Team  info@ipfire.org             
      #
+#                                                                     
      #
+# This program is free software: you can redistribute it and/or modify
      #
+# it under the terms of the GNU General Public License as published by
      #
+# the Free Software Foundation, either version 3 of the License, or   
      #
+# (at your option) any later version.
--
Horace Michael (aka H&M)
 Please excuse my typos and brevity. Sent from a Smartphone.

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [PATCH] intel-microcode

Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org