|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86/microcode: Support builtin CPU microcode
On 10.12.19 10:21, Jan Beulich wrote: On 09.12.2019 22:49, Eslam Elnikety wrote:On 09.12.19 16:19, Andrew Cooper wrote:On 09/12/2019 08:41, Eslam Elnikety wrote:--- /dev/null +++ b/xen/arch/x86/microcode/Makefile @@ -0,0 +1,40 @@ +# Copyright (C) 2019 Amazon.com, Inc. or its affiliates. +# Author: Eslam Elnikety <elnikety@xxxxxxxxxx> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +obj-y += builtin_ucode.o + +# Directory holding the microcode updates. +UCODE_DIR=$(patsubst "%",%,$(CONFIG_BUILTIN_UCODE_DIR)) +amd-blobs := $(wildcard $(UCODE_DIR)/amd-ucode/*) +intel-blobs := $(wildcard $(UCODE_DIR)/intel-ucode/*)This is a little dangerous. I can see why you want to do it like this, and I can't provide any obvious suggestions, but if this glob picks up anything which isn't a microcode file, it will break the logic to search for the right blob.We can limit the amd-blobs and intel-blob to binaries following the naming convention AuthenticAMD.bin and GenuineIntel.bin for amd and intel, respectively. Yet, this would be imposing an unnecessary restriction on administrators who may want to be innovative with naming (or want to use the naming microcode_amd_*.bin or FF-MM-SS instead). Alternatively, we can introduce CONFIG_BUILTIN_UCODE_INTEL and CONFIG_BUILTIN_UCODE_AMD. Both default to empty strings. Then, an administrator can specify exactly the microcodes to include relative to the CONFIG_BUILTIN_UCODE_DIR. For example: CONFIG_BUILTIN_UCODE_INTEL="intel-ucode/06-3a-09" CONFIG_BUILTIN_UCODE_AMD="amd-ucode/microcode_amd_fam15h.bin"This would make the feature even less generic - I already meant to I do not follow the point about being less generic. (I hope my example did not give the false impression that CONFIG_BUILTIN_UCODE_{AMD,INTEL} allow for only a single microcode blob for a single signature). ask whether building ucode into binaries is really a useful thing when we already have more flexible ways. I could see this being useful if there was no other way to make ucode available at boot time. It is useful in addition to the existing ways to do early microcode updates. First, when operating many hosts, using boot modules (either a distinct microcode module or within an initrd) becomes involved. For instance, tools to update boot entries (e.g., https://linux.die.net/man/8/grubby) do not support adding arbitrary (microcode) modules. Second, there is often need to couple a Xen build with a minimum microcode patch level. Having the microcode built within the Xen image itself is a streamlined, natural way of achieving that. Thanks, Eslam Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |