| Summary: | Package Intel/AMD microcode and make the system load it at boot time | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Michael Tremer <michael.tremer> |
| Component: | --- | Assignee: | Jonatan Schlag <jonatan.schlag> |
| Status: | CLOSED FIXED | QA Contact: | |
| Severity: | Major Usability | ||
| Priority: | Will affect all users | CC: | arne.fitzenreiter, peter.mueller |
| Version: | 2 | Keywords: | Security |
| Hardware: | unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 11591, 11734 | ||
|
Description
Michael Tremer
2018-01-13 13:46:32 UTC
Just some resources which I want to keep in my mind https://koji.fedoraproject.org/koji/buildinfo?buildID=1015275 http://man7.org/linux/man-pages/man5/dracut.conf.5.html https://github.com/torvalds/linux/blob/master/Documentation/x86/microcode.txt Hi, just some updates what I have achieved so far: - the microcode for Intel is packed and will be shipped with the core - dracut is configured in a way that the microcode is loaded early in the boot process, the microcode itself is built into our initrd file - I not sure we need to change some kernel options, but I build a test version in the moment Test results: I just copied the firmware to an installation and regenerated the initframe with the needed option and the microcode was reported to be at version 0x28. On the same machine using Debian the microcode is 0x23. To ship am updated microcode, for which we have no official source we need this patch: https://github.com/torvalds/linux/commit/f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf Intel has re-released those microcodes. Would you prepare patches to add them again? Reminder to submit this patch again Core 122 has been shipped; this is fixed. The package is not up to date in core122 |