~alpine/users

Syslinux & Xen & microcode updates

Christian Kujau <lists@nerdbynature.de>
Details
Message ID
<alpine.DEB.2.21.99999.352.1910210236100.13135@trent.utfs.org>
DKIM signature
missing
Download raw message
4 years ago 
Hello,

I'm having trouble applying CPU microcode updates to this system running a 
Xen dom0. Lots of internet resources appear to recommend to add 
"ucode=early_ucode.cpio" to the EFI xen.cfg configuration file and it will 
magically work, but even though EFI support is now available[0], this 
system of mine is using Syslinux to boot:

 LABEL xen-vanilla
   MENU LABEL Xen + Linux vanilla
   COM32 mboot.c32
   APPEND xen.gz dom0_mem=512M,max:1024M ucode=scan --- vmlinuz-vanilla \
     root=[...] modules=ext4 --- initramfs-vanilla


"xl dmesg" sees that command line, but nothing gets loaded:

======================================================================
# xl dmesg | grep -i code
(XEN) Command line: dom0_mem=512M,max:1024M ucode=scan

# dmesg | grep -i micro
[    0.602101] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
======================================================================

Hm. So, the intel-ucode package installed a file called 
/boot/intel-ucode.img, where a single file 
kernel/x86/microcode/GenuineIntel.bin is stored. Specifying 
"ucode=intel-ucode.img" or "ucode=GenuineIntel.bin" (after extracting it) 
only confused the microcode loader:

======================================================================
$ sudo xl dmesg | grep intel
(XEN) parameter "ucode" has invalid value "intel-ucode.img", rc=-22!
======================================================================

I even tried to re-generate the microcode package from the firmware files:

  $ iucode_tool -v -S --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/[0-9]*

But passing this early_ucode.cpio to "ucode=" didn't work either, same 
error as above.

This Arch Linux posting[2] ("Advice: Where to capture custom Microcode 
system requirements/setup?") looked promising, but did not work for me 
(see above), maybe because I don't have an EFI system here. As mentioned 
there, according to the kernel documentation[1], the microcode can just be 
added to the standard initrd - tried that, but nothing happened.

Also, combining microcode+intrd on the Syslinux command line[3] didn't 
work either:

  [...]
  APPEND xen.gz dom0_mem=512M,max:1024M ucode=scan --- vmlinuz-vanilla 
      root=[...] early_ucode.cpio,initramfs-vanilla

Booting this failed with:

   Loading xen.gz.... ok
   Loading vmlinuz-vanilla... ok
   Loading early_ucode.cpio,initramfs-vanilla... failed!
   No files found!

Anybody got any ideas how to proceed here?

Thanks,
Christian.

[0] https://wiki.alpinelinux.org/wiki/Alpine_and_UEFI
[1] https://www.kernel.org/doc/html/latest/x86/microcode.html
[2] https://bbs.archlinux.org/viewtopic.php?pid=1814472#p1814472
[3] https://wiki.gentoo.org/wiki/Intel_microcode#Syslinux
-- 
BOFH excuse #200:

The monitor needs another box of pixels.
Reply to thread Export thread (mbox)