early x86 microcode loading

Konstantin Belousov kostikbel at gmail.com
Fri Jul 13 12:51:04 UTC 2018 

On Thu, Jul 12, 2018 at 06:46:31PM -0400, Mark Johnston wrote:
> On Thu, Jul 12, 2018 at 08:52:29PM +0000, Poul-Henning Kamp wrote:
> > --------
> > In message <20180712183116.GB15892 at raichu>, Mark Johnston writes:
> > 
> > >My plan is to extend cpucontrol(8) to determine the
> > >correct microcode update for the running system, and have the devcpu-data
> > >port install the corresponding file to /boot/firmware.
> > 
> > This is problematic when a diskimage is migrated to a different CPU,
> > only on the second reboot on the new hardware are you certain to
> > have the correct microcode.
> > 
> > For images which are resurrected on demand on whatever hardware is
> > available this really problematic.
> 
> I can think of three ways to address this case:
> 
> 1a) Always load all of the updates as a single file, and select the
>     correct update during boot.  As I pointed out, this wastes some
>     memory (a couple of megabytes currently).  On at least amd64 it
>     doesn't look very practical to release the pages backing the
>     update file back to the VM.  That is, I don't think we can easily
>     "shed" the preloaded file data once the correct update has been
>     selected and saved.
> 
> 1b) Have the devcpu-data port operate in one of two modes: either the
>     port selects the update for the current machine, as I outlined in my
>     original mail, or it concatenates all of the updates as in 1a) and
>     the kernel selects the correct update.  This way we'd only
>     waste memory if the disk image is to be shared among multiple
>     machines.  I'm not sure what the mechanism should be for selecting
>     the mode.
> 
>  2) Install all updates to a directory under /boot and add code to the
>     loader to perform the selection, and pass only the required microcode
>     file to the kernel.  This seems straightforward to me, though I'm not
>     yet sure exactly where in the loader this logic should go.

What is the problem with having the microcode blob unmatched ? The
result would be only lack of the update for the CPU. If user cares about
having the updated microcode, he would run the required command anew.
Or you might add an automatic run of such command on shutdown.

More information about the freebsd-arch mailing list