question on microcode loading

Steffen Nurpmeso steffen at sdaoden.eu
Wed Feb 8 11:57:09 PST 2023 

Borislav Petkov wrote in
 <Y+N4qE2CD9Vu6maw at zn.tnic>:
 |On Wed, Feb 08, 2023 at 11:21:13AM +0800, RuiRui Yang wrote:
 |>> There is only one question regarding CPU microcode loading: it
 |>> seems the microcode is not "updated early" with kexec upon "boot".
 |
 |You lost me here: when you load a kernel and you have builtin microcode
 |or have supplied it through initrd, it should update.

Ok.  That was what i always hoped.  I have never seen "microcode
updated early" for kexec-booted kernels.

(For all CPUs i have it does not make a difference regarding
/sys/devices/system/cpu/vulnerabilities/*, only SMT on/off changes
things; ie, CPU microcode is not newest but seems to offer
mitigations already; and likewise new microcode does not mitigate
the remaining vulnerabilities; and it unfortunately seems FINEIBT
is not backported to 6.1, but that off-topic.)

I only wanted to ask once, as the message comes so late, when all
CPUs are in use.  (And the "updated early" _does_ come after
suspend/resume.  And i am no kernel / hardware hacker.)

 |>> This is a homegrown kernel, with built-in firmware
 |
 |Yeah, this is kinda confusing. When you kexec a kernel, it should be
 |just the same as when you boot a k^ernel normally.

Very lucky for that kexec possibility, thanks.
I have not seen the "normal" case for long, at least not the log
(it goes nowhere), and the screen scrolls too fast.  (And there is
no scrollback buffer, and i think i am 

 |If you can give simplified reproduction instructions, I could give it a
 |try...

Well it is a simple kernel with enough built-in to boot stage1 so
i can run cryptsetup, and then (optionally) kexec-boot stage2
(same (maybe newer) kernel but on encrypted device).  Formerly all
static, but now network/firewall, sound etc are modules.
Three small somewhat simple scripts with text-only config files.
But upon interest i can very well post them?  (I like it!  No
extra boot loader, no systemd here.)

Thank you.  And ciao!

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the kexec mailing list