From: Mihai Carabas <mihai.carabas@oracle.com>
To: linux-kernel@vger.kernel.org
Cc: Mihai Carabas <mihai.carabas@oracle.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org
Subject: [PATCH RFC] Microcode late loading feature identification
Date: Mon, 27 Apr 2020 10:27:56 +0300 [thread overview]
Message-ID: <1587972479-10971-1-git-send-email-mihai.carabas@oracle.com> (raw)
This RFC patch set aims to provide a way to identify the modifications
brought in by the new microcode updated at runtime (aka microcode late
loading). This was debated last year and this patch set implements
point #1 from Thomas Gleixner's idea:
https://lore.kernel.org/lkml/alpine.DEB.2.21.1909062237580.1902@nanos.tec.linutronix.de/
This patch set has the following patches:
- patch 1 is introducing a new metadata file that comes with the microcode
(provided by the CPU manufacture) that describes what modifications are
done by loading the new microcode
- patch 2 parses the metadata file and is verifying it against kernel
policy. In this patch, as an RFC, as a kernel policy, it was imposed
the rule of not allowing to remove any feature. If so, it won't be
loaded a new microcode. The policy can be further extended and describe
in different ways
- patch 3 adds the documentation of the metadata file format
How to test:
- place metadata file in /lib/firmware/intel-ucode/ together with the
microcode blob:
[root@ovs108 ~]# ls -l /lib/firmware/intel-ucode
total 96
-rw-r--r--. 1 root root 34816 Mar 11 00:27 06-55-04
-rw-r--r--. 1 root root 84 Mar 25 03:13 06-55-04.metadata
The microcode blob can be taken from the microcode_ctl package.
- after installing the kernel and rebooting the machine run "dracut -f
--no-early-microcode" to create an initramfs without the microcode (and
avoid early loading)
- reboot
- after rebooting issue: echo 1 > /sys/devices/system/cpu/microcode/reload
[root@ovs108 ~]# cat /lib/firmware/intel-ucode/06-55-04.metadata
m - 0x00000122
c + 0x00000007 0x00 0x00000000 0x021cbfbb 0x00000000 0x00000000
[root@ovs108 ~]# echo 1 > /sys/devices/system/cpu/microcode/reload
[root@ovs108 ~]# dmesg | tail -2
[ 1285.729841] microcode: Kernel policy does not allow to remove MSR: 122
[ 1285.737144] microcode: kernel does not support the new microcode: intel-ucode/06-55-04
[root@ovs108 ~]# cat /lib/firmware/intel-ucode/06-55-04.metadata
m + 0x00000122
c + 0x00000007 0x00 0x00000000 0x021cbfbb 0x00000000 0x00000000
[root@ovs108 ~]# echo 1 > /sys/devices/system/cpu/microcode/reload
[root@ovs108 ~]# dmesg | tail -10
[ 1220.212415] microcode: updated to revision 0x2000065, date = 2019-09-05
[ 1220.212645] microcode: Reload completed, microcode revision: 0x2000065
Mihai Carabas (3):
x86: microcode: intel: read microcode metadata file
x86: microcode: intel: process microcode metadata
Documentation: x86: microcode: add description for metadata file
Documentation/x86/microcode.rst | 36 +++++++++++++
arch/x86/kernel/cpu/microcode/intel.c | 97 +++++++++++++++++++++++++++++++++++
2 files changed, 133 insertions(+)
--
1.8.3.1
next reply other threads:[~2020-04-27 8:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 7:27 Mihai Carabas [this message]
2020-04-27 7:27 ` [PATCH RFC 1/3] x86: microcode: intel: read microcode metadata file Mihai Carabas
2020-05-04 14:12 ` Borislav Petkov
2020-04-27 7:27 ` [PATCH RFC 2/3] x86: microcode: intel: process microcode metadata Mihai Carabas
2020-04-27 7:27 ` [PATCH RFC 3/3] Documentation: x86: microcode: add description for metadata file Mihai Carabas
2020-05-04 14:09 ` Borislav Petkov
2020-05-11 14:11 ` [PATCH RFC] Microcode late loading feature identification Mihai Carabas
2020-05-11 15:23 ` Raj, Ashok
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1587972479-10971-1-git-send-email-mihai.carabas@oracle.com \
--to=mihai.carabas@oracle.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=hpa@zytor.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).