From: Mihai Carabas <mihai.carabas@oracle.com>
To: linux-kernel@vger.kernel.org
Cc: Mihai Carabas <mihai.carabas@oracle.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org
Subject: [PATCH RFC] Microcode late loading feature identification
Date: Mon, 27 Apr 2020 10:27:56 +0300 [thread overview]
Message-ID: <1587972479-10971-1-git-send-email-mihai.carabas@oracle.com> (raw)
This RFC patch set aims to provide a way to identify the modifications
brought in by the new microcode updated at runtime (aka microcode late
loading). This was debated last year and this patch set implements
point #1 from Thomas Gleixner's idea:
https://lore.kernel.org/lkml/alpine.DEB.2.21.1909062237580.1902@nanos.tec.linutronix.de/
This patch set has the following patches:
- patch 1 is introducing a new metadata file that comes with the microcode
(provided by the CPU manufacture) that describes what modifications are
done by loading the new microcode
- patch 2 parses the metadata file and is verifying it against kernel
policy. In this patch, as an RFC, as a kernel policy, it was imposed
the rule of not allowing to remove any feature. If so, it won't be
loaded a new microcode. The policy can be further extended and describe
in different ways
- patch 3 adds the documentation of the metadata file format
How to test:
- place metadata file in /lib/firmware/intel-ucode/ together with the
microcode blob:
[root@ovs108 ~]# ls -l /lib/firmware/intel-ucode
total 96
-rw-r--r--. 1 root root 34816 Mar 11 00:27 06-55-04
-rw-r--r--. 1 root root 84 Mar 25 03:13 06-55-04.metadata
The microcode blob can be taken from the microcode_ctl package.
- after installing the kernel and rebooting the machine run "dracut -f
--no-early-microcode" to create an initramfs without the microcode (and
avoid early loading)
- reboot
- after rebooting issue: echo 1 > /sys/devices/system/cpu/microcode/reload
[root@ovs108 ~]# cat /lib/firmware/intel-ucode/06-55-04.metadata
m - 0x00000122
c + 0x00000007 0x00 0x00000000 0x021cbfbb 0x00000000 0x00000000
[root@ovs108 ~]# echo 1 > /sys/devices/system/cpu/microcode/reload
[root@ovs108 ~]# dmesg | tail -2
[ 1285.729841] microcode: Kernel policy does not allow to remove MSR: 122
[ 1285.737144] microcode: kernel does not support the new microcode: intel-ucode/06-55-04
[root@ovs108 ~]# cat /lib/firmware/intel-ucode/06-55-04.metadata
m + 0x00000122
c + 0x00000007 0x00 0x00000000 0x021cbfbb 0x00000000 0x00000000
[root@ovs108 ~]# echo 1 > /sys/devices/system/cpu/microcode/reload
[root@ovs108 ~]# dmesg | tail -10
[ 1220.212415] microcode: updated to revision 0x2000065, date = 2019-09-05
[ 1220.212645] microcode: Reload completed, microcode revision: 0x2000065
Mihai Carabas (3):
x86: microcode: intel: read microcode metadata file
x86: microcode: intel: process microcode metadata
Documentation: x86: microcode: add description for metadata file
Documentation/x86/microcode.rst | 36 +++++++++++++
arch/x86/kernel/cpu/microcode/intel.c | 97 +++++++++++++++++++++++++++++++++++
2 files changed, 133 insertions(+)
--
1.8.3.1
next reply other threads:[~2020-04-27 8:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 7:27 Mihai Carabas [this message]
2020-04-27 7:27 ` [PATCH RFC 1/3] x86: microcode: intel: read microcode metadata file Mihai Carabas
2020-05-04 14:12 ` Borislav Petkov
2020-04-27 7:27 ` [PATCH RFC 2/3] x86: microcode: intel: process microcode metadata Mihai Carabas
2020-04-27 7:27 ` [PATCH RFC 3/3] Documentation: x86: microcode: add description for metadata file Mihai Carabas
2020-05-04 14:09 ` Borislav Petkov
2020-05-11 14:11 ` [PATCH RFC] Microcode late loading feature identification Mihai Carabas
2020-05-11 15:23 ` Raj, Ashok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1587972479-10971-1-git-send-email-mihai.carabas@oracle.com \
--to=mihai.carabas@oracle.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=hpa@zytor.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.