Add intel microcode too the distribution and configure dracut in a way that the microcode is loaded early in the boot process.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- config/dracut/dracut.conf | 3 + config/rootfiles/common/i586/intel-microcode | 95 ++++++++++++++++++++++++++ config/rootfiles/common/x86_64/intel-microcode | 95 ++++++++++++++++++++++++++ lfs/cdrom | 2 +- lfs/intel-microcode | 80 ++++++++++++++++++++++ lfs/linux-initrd | 2 +- make.sh | 1 + src/paks/linux-pae/install.sh | 2 +- src/scripts/rebuild-initrd | 2 +- 9 files changed, 278 insertions(+), 4 deletions(-) create mode 100644 config/rootfiles/common/i586/intel-microcode create mode 100644 config/rootfiles/common/x86_64/intel-microcode create mode 100644 lfs/intel-microcode
diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf index 52bba9c62..e9bd566b6 100644 --- a/config/dracut/dracut.conf +++ b/config/dracut/dracut.conf @@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs" #hostonly="yes" #
+# Load microcode for the CPU early +early_microcode=yes + # install local /etc/mdadm.conf #mdadmconf="no"
diff --git a/config/rootfiles/common/i586/intel-microcode b/config/rootfiles/common/i586/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/i586/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/lfs/cdrom b/lfs/cdrom index 7a7fff166..7056e9a0b 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) dd if=/dev/zero bs=1k count=2 > /install/cdrom/boot/isolinux/boot.catalog ifneq "$(BUILD_PLATFORM)" "arm" cp /boot/vmlinuz-$(KVER)-ipfire /install/cdrom/boot/isolinux/vmlinuz - dracut --force -a "installer" --strip --xz /install/cdrom/boot/isolinux/instroot $(KVER)-ipfire + dracut --force --early-microcode -a "installer" --strip --xz /install/cdrom/boot/isolinux/instroot $(KVER)-ipfire cp $(DIR_SRC)/config/syslinux/boot.png /install/cdrom/boot/isolinux/boot.png cp /usr/lib/memtest86+/memtest.bin /install/cdrom/boot/isolinux/memtest cp /usr/share/ipfire-netboot/ipxe.lkrn /install/cdrom/boot/isolinux/netboot diff --git a/lfs/intel-microcode b/lfs/intel-microcode new file mode 100644 index 000000000..03a000e91 --- /dev/null +++ b/lfs/intel-microcode @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 20180108 + +THISAPP = microcode-$(VER) +DL_FILE = $(THISAPP).tgz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +SUP_ARCH = i586 x86_64 + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 871df55f0ab010ee384dabfc424f2c12 + +install : $(TARGET) +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && mkdir -p $(DIR_APP) && tar zxf $(DIR_DL)/$(DL_FILE) -C $(DIR_APP) + ls /usr/src + # Copy the firmware files into the right position + cd $(DIR_APP) && cp -R intel-ucode /lib/firmware/ + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/linux-initrd b/lfs/linux-initrd index b5cc42212..e4d449b24 100644 --- a/lfs/linux-initrd +++ b/lfs/linux-initrd @@ -62,7 +62,7 @@ ifneq "$(KCFG)" "-rpi" ifneq "$(KCFG)" "-pae"
# Create initramfs images - dracut --force --verbose --strip --xz /boot/initramfs-$(KVER)-$(VERSUFIX).img $(KVER)-$(VERSUFIX) + dracut --force --early-microcode --verbose --strip --xz /boot/initramfs-$(KVER)-$(VERSUFIX).img $(KVER)-$(VERSUFIX)
ifeq "$(KCFG)" "-kirkwood" cd /boot && mkimage -A arm -T ramdisk -C lzma -d initramfs-$(KVER)-$(VERSUFIX).img uInit-$(VERSUFIX) diff --git a/make.sh b/make.sh index 690a611f0..3f10ffaec 100755 --- a/make.sh +++ b/make.sh @@ -1120,6 +1120,7 @@ buildipfire() { lfsmake2 linux-initrd KCFG="-kirkwood" ;; esac + lfsmake2 intel-microcode lfsmake2 xtables-addons USPACE="1" lfsmake2 openssl [ "${BUILD_ARCH}" = "i586" ] && lfsmake2 openssl KCFG='-sse2' diff --git a/src/paks/linux-pae/install.sh b/src/paks/linux-pae/install.sh index e5f82c567..d11fffa69 100644 --- a/src/paks/linux-pae/install.sh +++ b/src/paks/linux-pae/install.sh @@ -60,7 +60,7 @@ depmod -a $KVER-ipfire-pae # # Made initramdisk # -/usr/bin/dracut --force --xz /boot/initramfs-$KVER-ipfire-pae.img $KVER-ipfire-pae +/usr/bin/dracut --early-microcode --force --xz /boot/initramfs-$KVER-ipfire-pae.img $KVER-ipfire-pae
if [ -e /boot/grub/grub.cfg ]; then # diff --git a/src/scripts/rebuild-initrd b/src/scripts/rebuild-initrd index 06f30bbf0..2ec8fda50 100644 --- a/src/scripts/rebuild-initrd +++ b/src/scripts/rebuild-initrd @@ -24,4 +24,4 @@ # KVER=`uname -r | cut -d"-" -f1`
-dracut --force --verbose /boot/ipfirerd-$KVER.img $KVER-ipfire +dracut --early-microcode --force --verbose /boot/ipfirerd-$KVER.img $KVER-ipfire
Hi, The microcode is the one for fixing (at processor side) the Spectre vulnerability?
On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag jonatan.schlag@ipfire.org wrote:
Add intel microcode too the distribution and configure dracut in a way that the microcode is loaded early in the boot process.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
config/dracut/dracut.conf | 3 + config/rootfiles/common/i586/intel-microcode | 95 ++++++++++++++++++++++++++ config/rootfiles/common/x86_64/intel-microcode | 95 ++++++++++++++++++++++++++ lfs/cdrom | 2 +- lfs/intel-microcode | 80 ++++++++++++++++++++++ lfs/linux-initrd | 2 +- make.sh | 1 + src/paks/linux-pae/install.sh | 2 +- src/scripts/rebuild-initrd | 2 +- 9 files changed, 278 insertions(+), 4 deletions(-) create mode 100644 config/rootfiles/common/i586/intel-microcode create mode 100644 config/rootfiles/common/x86_64/intel-microcode create mode 100644 lfs/intel-microcode
diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf index 52bba9c62..e9bd566b6 100644 --- a/config/dracut/dracut.conf +++ b/config/dracut/dracut.conf @@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs" #hostonly="yes" #
+# Load microcode for the CPU early +early_microcode=yes
# install local /etc/mdadm.conf #mdadmconf="no"
diff --git a/config/rootfiles/common/i586/intel-microcode b/config/rootfiles/common/i586/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/i586/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/lfs/cdrom b/lfs/cdrom index 7a7fff166..7056e9a0b 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) dd if=/dev/zero bs=1k count=2 > /install/cdrom/boot/isolinux/boot.catalog ifneq "$(BUILD_PLATFORM)" "arm" cp /boot/vmlinuz-$(KVER)-ipfire /install/cdrom/boot/isolinux/vmlinuz
- dracut --force -a "installer" --strip --xz
/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
- dracut --force --early-microcode -a "installer" --strip --xz
/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire cp $(DIR_SRC)/config/syslinux/boot.png /install/cdrom/boot/isolinux/boot.png cp /usr/lib/memtest86+/memtest.bin /install/cdrom/boot/isolinux/memtest cp /usr/share/ipfire-netboot/ipxe.lkrn /install/cdrom/boot/isolinux/netboot diff --git a/lfs/intel-microcode b/lfs/intel-microcode new file mode 100644 index 000000000..03a000e91 --- /dev/null +++ b/lfs/intel-microcode @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version.
-- Horace Michael (aka H&M) Please excuse my typos and brevity. Sent from a Smartphone.
Hi,
unfortunately no.
Intel has not released anything yet, that would to either fix or mitigate either Meltdown and Spectre.
I haven't either seen a full changelog about these, but it is assumed that this updated microcode helps to keep the performance impact on the Meltdown patches in Linux 4.14 somewhat lower.
At the moment we do not have any clear information from the vendors what actually works and what doesn't.
Best, -Michael
On Sun, 2018-01-14 at 21:55 +0200, Horace Michael wrote:
Hi, The microcode is the one for fixing (at processor side) the Spectre vulnerability?
On January 14, 2018 3:16:31 PM GMT+02:00, Jonatan Schlag <jonatan.schlag@ipfir e.org> wrote:
Add intel microcode too the distribution and configure dracut in a way that the microcode is loaded early in the boot process.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
config/dracut/dracut.conf | 3 + config/rootfiles/common/i586/intel-microcode | 95 ++++++++++++++++++++++++++ config/rootfiles/common/x86_64/intel-microcode | 95 ++++++++++++++++++++++++++ lfs/cdrom | 2 +- lfs/intel-microcode | 80 ++++++++++++++++++++++ lfs/linux-initrd | 2 +- make.sh | 1 + src/paks/linux-pae/install.sh | 2 +- src/scripts/rebuild-initrd | 2 +- 9 files changed, 278 insertions(+), 4 deletions(-) create mode 100644 config/rootfiles/common/i586/intel-microcode create mode 100644 config/rootfiles/common/x86_64/intel-microcode create mode 100644 lfs/intel-microcode
diff --git a/config/dracut/dracut.conf b/config/dracut/dracut.conf index 52bba9c62..e9bd566b6 100644 --- a/config/dracut/dracut.conf +++ b/config/dracut/dracut.conf @@ -31,6 +31,9 @@ filesystems+="reiserfs vfat xfs" #hostonly="yes" #
+# Load microcode for the CPU early +early_microcode=yes
# install local /etc/mdadm.conf #mdadmconf="no"
diff --git a/config/rootfiles/common/i586/intel-microcode b/config/rootfiles/common/i586/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/i586/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode new file mode 100644 index 000000000..765debc79 --- /dev/null +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -0,0 +1,95 @@ +#lib/firmware/intel-ucode +lib/firmware/intel-ucode/06-03-02 +lib/firmware/intel-ucode/06-05-00 +lib/firmware/intel-ucode/06-05-01 +lib/firmware/intel-ucode/06-05-02 +lib/firmware/intel-ucode/06-05-03 +lib/firmware/intel-ucode/06-06-00 +lib/firmware/intel-ucode/06-06-05 +lib/firmware/intel-ucode/06-06-0a +lib/firmware/intel-ucode/06-06-0d +lib/firmware/intel-ucode/06-07-01 +lib/firmware/intel-ucode/06-07-02 +lib/firmware/intel-ucode/06-07-03 +lib/firmware/intel-ucode/06-08-01 +lib/firmware/intel-ucode/06-08-03 +lib/firmware/intel-ucode/06-08-06 +lib/firmware/intel-ucode/06-08-0a +lib/firmware/intel-ucode/06-09-05 +lib/firmware/intel-ucode/06-0a-00 +lib/firmware/intel-ucode/06-0a-01 +lib/firmware/intel-ucode/06-0b-01 +lib/firmware/intel-ucode/06-0b-04 +lib/firmware/intel-ucode/06-0d-06 +lib/firmware/intel-ucode/06-0e-08 +lib/firmware/intel-ucode/06-0e-0c +lib/firmware/intel-ucode/06-0f-02 +lib/firmware/intel-ucode/06-0f-06 +lib/firmware/intel-ucode/06-0f-07 +lib/firmware/intel-ucode/06-0f-0a +lib/firmware/intel-ucode/06-0f-0b +lib/firmware/intel-ucode/06-0f-0d +lib/firmware/intel-ucode/06-16-01 +lib/firmware/intel-ucode/06-17-06 +lib/firmware/intel-ucode/06-17-07 +lib/firmware/intel-ucode/06-17-0a +lib/firmware/intel-ucode/06-1a-04 +lib/firmware/intel-ucode/06-1a-05 +lib/firmware/intel-ucode/06-1c-02 +lib/firmware/intel-ucode/06-1c-0a +lib/firmware/intel-ucode/06-1d-01 +lib/firmware/intel-ucode/06-1e-05 +lib/firmware/intel-ucode/06-25-02 +lib/firmware/intel-ucode/06-25-05 +lib/firmware/intel-ucode/06-26-01 +lib/firmware/intel-ucode/06-2a-07 +lib/firmware/intel-ucode/06-2d-06 +lib/firmware/intel-ucode/06-2d-07 +lib/firmware/intel-ucode/06-2f-02 +lib/firmware/intel-ucode/06-3a-09 +lib/firmware/intel-ucode/06-3c-03 +lib/firmware/intel-ucode/06-3d-04 +lib/firmware/intel-ucode/06-3e-04 +lib/firmware/intel-ucode/06-3e-06 +lib/firmware/intel-ucode/06-3e-07 +lib/firmware/intel-ucode/06-3f-02 +lib/firmware/intel-ucode/06-3f-04 +lib/firmware/intel-ucode/06-45-01 +lib/firmware/intel-ucode/06-46-01 +lib/firmware/intel-ucode/06-47-01 +lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-4f-01 +lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-56-02 +lib/firmware/intel-ucode/06-56-03 +lib/firmware/intel-ucode/06-56-04 +lib/firmware/intel-ucode/06-5c-09 +lib/firmware/intel-ucode/06-5e-03 +lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-8e-09 +lib/firmware/intel-ucode/06-8e-0a +lib/firmware/intel-ucode/06-9e-09 +lib/firmware/intel-ucode/06-9e-0a +lib/firmware/intel-ucode/06-9e-0b +lib/firmware/intel-ucode/0f-00-07 +lib/firmware/intel-ucode/0f-00-0a +lib/firmware/intel-ucode/0f-01-02 +lib/firmware/intel-ucode/0f-02-04 +lib/firmware/intel-ucode/0f-02-05 +lib/firmware/intel-ucode/0f-02-06 +lib/firmware/intel-ucode/0f-02-07 +lib/firmware/intel-ucode/0f-02-09 +lib/firmware/intel-ucode/0f-03-02 +lib/firmware/intel-ucode/0f-03-03 +lib/firmware/intel-ucode/0f-03-04 +lib/firmware/intel-ucode/0f-04-01 +lib/firmware/intel-ucode/0f-04-03 +lib/firmware/intel-ucode/0f-04-04 +lib/firmware/intel-ucode/0f-04-07 +lib/firmware/intel-ucode/0f-04-08 +lib/firmware/intel-ucode/0f-04-09 +lib/firmware/intel-ucode/0f-04-0a +lib/firmware/intel-ucode/0f-06-02 +lib/firmware/intel-ucode/0f-06-04 +lib/firmware/intel-ucode/0f-06-05 +lib/firmware/intel-ucode/0f-06-08 diff --git a/lfs/cdrom b/lfs/cdrom index 7a7fff166..7056e9a0b 100644 --- a/lfs/cdrom +++ b/lfs/cdrom @@ -94,7 +94,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) dd if=/dev/zero bs=1k count=2 > /install/cdrom/boot/isolinux/boot.catalog ifneq "$(BUILD_PLATFORM)" "arm" cp /boot/vmlinuz-$(KVER)-ipfire /install/cdrom/boot/isolinux/vmlinuz
- dracut --force -a "installer" --strip --xz
/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire
- dracut --force --early-microcode -a "installer" --strip --xz
/install/cdrom/boot/isolinux/instroot $(KVER)-ipfire cp $(DIR_SRC)/config/syslinux/boot.png /install/cdrom/boot/isolinux/boot.png cp /usr/lib/memtest86+/memtest.bin /install/cdrom/boot/isolinux/memtest cp /usr/share/ipfire-netboot/ipxe.lkrn /install/cdrom/boot/isolinux/netboot diff --git a/lfs/intel-microcode b/lfs/intel-microcode new file mode 100644 index 000000000..03a000e91 --- /dev/null +++ b/lfs/intel-microcode @@ -0,0 +1,80 @@ +########################################################################### #### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version.
-- Horace Michael (aka H&M) Please excuse my typos and brevity. Sent from a Smartphone.
-
Horace Michael -
Jonatan Schlag -
Michael Tremer