[arch-releng] Changes for early microcode
Hello everybody, the official ISO file includes intel-ucode, which requires changes to the bootloader for early microcode. Will we see changes before November release? -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
On 10/29/2014 08:31 AM, Christian Hesse wrote:
Hello everybody,
the official ISO file includes intel-ucode, which requires changes to the bootloader for early microcode. Will we see changes before November release?
I see al least two options: (1) Write two syslinux/gummiboot entries per each current entry, something like "start archlinux for Intel machine (except virtualized enviroment)", "start archlinux for non-Intel machine". (2) Always load intel-ucode.img for all enviroments, should be ignored in cases where does not care.
On 10/29/2014 09:35 AM, Gerardo Exequiel Pozzi wrote:
On 10/29/2014 08:31 AM, Christian Hesse wrote:
Hello everybody,
the official ISO file includes intel-ucode, which requires changes to the bootloader for early microcode. Will we see changes before November release?
I see al least two options:
(1) Write two syslinux/gummiboot entries per each current entry, something like "start archlinux for Intel machine (except virtualized enviroment)", "start archlinux for non-Intel machine".
(2) Always load intel-ucode.img for all enviroments, should be ignored in cases where does not care.
In case (2), for keep it simple, we can unpack then intel-ucode.img and just always add the .bin inside archiso.img I guess, should work. Please confirm, I do not have Intel CPU. Thanks.
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 09:41:
On 10/29/2014 09:35 AM, Gerardo Exequiel Pozzi wrote:
On 10/29/2014 08:31 AM, Christian Hesse wrote:
Hello everybody,
the official ISO file includes intel-ucode, which requires changes to the bootloader for early microcode. Will we see changes before November release?
I see al least two options:
(1) Write two syslinux/gummiboot entries per each current entry, something like "start archlinux for Intel machine (except virtualized enviroment)", "start archlinux for non-Intel machine".
(2) Always load intel-ucode.img for all enviroments, should be ignored in cases where does not care.
In case (2), for keep it simple, we can unpack then intel-ucode.img and just always add the .bin inside archiso.img
I guess, should work. Please confirm, I do not have Intel CPU.
That does not work. Not sure why the microcode is ignored, but I could not updated this way. What works is concatenating the initramfs images. Something like # cat intel-ucode.img initramfs-linux.img > archiso.img works perfectly. This is the method described upstream [0]. [0] https://www.kernel.org/doc/Documentation/x86/early-microcode.txt -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
From: Christian Hesse <mail@eworm.de> https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img cp ${work_dir}/${arch}/airootfs/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz } -- 2.1.2
On Wed, Oct 29, 2014 at 03:02:38PM +0100, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
Does this actually work? archiso.img is XZ compressed -- I don't think the kernel will read the real initramfs properly.
cp ${work_dir}/${arch}/airootfs/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz }
-- 2.1.2
Dave Reisner <d@falconindy.com> on Wed, 2014/10/29 10:23:
On Wed, Oct 29, 2014 at 03:02:38PM +0100, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
Does this actually work? archiso.img is XZ compressed -- I don't think the kernel will read the real initramfs properly.
It does. ;) I just built an image to test.
cp ${work_dir}/${arch}/airootfs/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz }
-- 2.1.2
-- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
On 10/29/2014 11:02 AM, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
This does not look good. archiso.img is compressed, while intel-ucode.img is uncompressed.
cp ${work_dir}/${arch}/airootfs/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz }
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 11:35:
On 10/29/2014 11:02 AM, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
This does not look good. archiso.img is compressed, while intel-ucode.img is uncompressed.
Both of these are cpio archives. So what's wrong? # file initramfs-linux.img intel-ucode.img initramfs-linux.img: ASCII cpio archive (SVR4 with no CRC) intel-ucode.img: ASCII cpio archive (SVR4 with no CRC)
cp ${work_dir}/${arch}/airootfs/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz }
-- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
On 10/29/2014 11:56 AM, Christian Hesse wrote:
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 11:35:
On 10/29/2014 11:02 AM, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
This does not look good. archiso.img is compressed, while intel-ucode.img is uncompressed.
Both of these are cpio archives. So what's wrong?
# file initramfs-linux.img intel-ucode.img initramfs-linux.img: ASCII cpio archive (SVR4 with no CRC) intel-ucode.img: ASCII cpio archive (SVR4 with no CRC)
Looks like you are you working with uncompressed initcpio images (ie you made a change to the default mkinitcpio.conf provided by archiso.) If prefer this way: --- archiso_intel_ucode --- #!/bin/bash build() { cd /tmp bsdcpio -i -d < /boot/intel-ucode.bin add_file /tmp/kernel/x86/microcode/GenuineIntel.bin /kernel/x86/microcode/GenuineIntel.bin } help() { cat <<HELPEOF This hook adds intel microcode updates to the early boot stage. HELPEOF } # vim: set ft=sh ts=4 sw=4 et: ----------------------------
cp ${work_dir}/${arch}/airootfs/boot/vmlinuz-linux ${work_dir}/iso/${install_dir}/boot/${arch}/vmlinuz }
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 12:05:
On 10/29/2014 11:56 AM, Christian Hesse wrote:
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 11:35:
On 10/29/2014 11:02 AM, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
This does not look good. archiso.img is compressed, while intel-ucode.img is uncompressed.
Both of these are cpio archives. So what's wrong?
# file initramfs-linux.img intel-ucode.img initramfs-linux.img: ASCII cpio archive (SVR4 with no CRC) intel-ucode.img: ASCII cpio archive (SVR4 with no CRC)
Looks like you are you working with uncompressed initcpio images (ie you made a change to the default mkinitcpio.conf provided by archiso.)
Oops, my fault. In fact I used the files from my working system, which already contained a concatenated image. # ls -l initramfs-linux.img intel-ucode.img intel-ucode-initramfs-linux.img -rw-r--r-- 1 root root 5839896 Oct 29 16:12 initramfs-linux.img -rw-r--r-- 1 root root 648704 Oct 12 14:05 intel-ucode.img -rw-r--r-- 1 root root 6488600 Oct 27 11:00 intel-ucode-initramfs-linux.img # file initramfs-linux.img intel-ucode.img intel-ucode-initramfs-linux.img initramfs-linux.img: XZ compressed data intel-ucode.img: ASCII cpio archive (SVR4 with no CRC) intel-ucode-initramfs-linux.img: ASCII cpio archive (SVR4 with no CRC) Booting intel-ucode-initramfs-linux.img works perfectly fine, including microcode update.
If prefer this way:
--- archiso_intel_ucode --- #!/bin/bash
build() { cd /tmp bsdcpio -i -d < /boot/intel-ucode.bin add_file /tmp/kernel/x86/microcode/GenuineIntel.bin /kernel/x86/microcode/GenuineIntel.bin }
help() { cat <<HELPEOF This hook adds intel microcode updates to the early boot stage. HELPEOF }
# vim: set ft=sh ts=4 sw=4 et: ----------------------------
As said before... This does not work. Please prove me wrong! -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
Christian Hesse <list@eworm.de> on Wed, 2014/10/29 16:18:
As said before... This does not work. Please prove me wrong!
This explains the details: https://lists.debian.org/debian-user/2013/07/msg00383.html Henrique de Moraes Holschuh wrote: it will read any mix of compressed and uncompressed cpio archives appended one after the other. However, the early initramfs for firmware and microcode update *must* be uncompressed, and it *must* be the first cpio image in the initramfs -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
On 10/29/2014 12:48 PM, Christian Hesse wrote:
Christian Hesse <list@eworm.de> on Wed, 2014/10/29 16:18:
As said before... This does not work. Please prove me wrong!
This explains the details:
https://lists.debian.org/debian-user/2013/07/msg00383.html
Henrique de Moraes Holschuh wrote:
it will read any mix of compressed and uncompressed cpio archives appended one after the other. However, the early initramfs for firmware and microcode update *must* be uncompressed, and it *must* be the first cpio image in the initramfs
Right right. In other words, this is a special hack (intel_early.c) before initramfs general code (initramfs.c) And is documented in some way in: early-microcode.txt Thanks.
Am 29.10.2014 um 16:48 schrieb Christian Hesse:
Christian Hesse <list@eworm.de> on Wed, 2014/10/29 16:18:
As said before... This does not work. Please prove me wrong!
This explains the details:
https://lists.debian.org/debian-user/2013/07/msg00383.html
Henrique de Moraes Holschuh wrote:
it will read any mix of compressed and uncompressed cpio archives appended one after the other. However, the early initramfs for firmware and microcode update *must* be uncompressed, and it *must* be the first cpio image in the initramfs
This is wrong - it will read any number of uncompressed initramfs until it finds a compressed one. You can add two initramfs (one for AMD and one for Intel) in any order and it will find the ucode. This works because the concatenation of two uncompressed cpio images looks just like a single cpio image AFAIK.
On Wed, Oct 29, 2014 at 07:11:28PM +0100, Thomas Bächler wrote:
Am 29.10.2014 um 16:48 schrieb Christian Hesse:
Christian Hesse <list@eworm.de> on Wed, 2014/10/29 16:18:
As said before... This does not work. Please prove me wrong!
This explains the details:
https://lists.debian.org/debian-user/2013/07/msg00383.html
Henrique de Moraes Holschuh wrote:
it will read any mix of compressed and uncompressed cpio archives appended one after the other. However, the early initramfs for firmware and microcode update *must* be uncompressed, and it *must* be the first cpio image in the initramfs
This is wrong - it will read any number of uncompressed initramfs until it finds a compressed one. You can add two initramfs (one for AMD and one for Intel) in any order and it will find the ucode. This works because the concatenation of two uncompressed cpio images looks just like a single cpio image AFAIK.
Sorry to be pedantic, but because I spent this past weekend writing a CPIO library... The end of any CPIO archive has a valid CPIO header for the filename "TRAILER!!!". Upon finding this entry, the kernel will reset some internal state and continue to read the file, expecting that if the following read doesn't return EOF, it's the start of a new CPIO archive. Userspace tools see the "TRAILER!!!" entry and stop reading, even if there's more data beyond the trailer record. hey man, man 5 cpio. d
Am 29.10.2014 um 15:35 schrieb Gerardo Exequiel Pozzi:
On 10/29/2014 11:02 AM, list@eworm.de wrote:
From: Christian Hesse <mail@eworm.de>
https://www.kernel.org/doc/Documentation/x86/early-microcode.txt --- configs/releng/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/releng/build.sh b/configs/releng/build.sh index 07ff911..8b6beee 100755 --- a/configs/releng/build.sh +++ b/configs/releng/build.sh @@ -90,7 +90,7 @@ make_customize_airootfs() { # Prepare kernel/initramfs ${install_dir}/boot/ make_boot() { mkdir -p ${work_dir}/iso/${install_dir}/boot/${arch} - cp ${work_dir}/${arch}/airootfs/boot/archiso.img ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img + cat ${work_dir}/${arch}/airootfs/boot/intel-ucode.img ${work_dir}/${arch}/airootfs/boot/archiso.img > ${work_dir}/iso/${install_dir}/boot/${arch}/archiso.img
This does not look good. archiso.img is compressed, while intel-ucode.img is uncompressed.
While this does work fine, it breaks lsinitcpio. The correct solution is to simply add two initrds to all syslinux and gummiboot configuration files, just like the wiki says (and add the ucode.img as the first one).
On 10/29/2014 09:57 AM, Christian Hesse wrote:
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 09:41:
On 10/29/2014 09:35 AM, Gerardo Exequiel Pozzi wrote:
On 10/29/2014 08:31 AM, Christian Hesse wrote:
Hello everybody,
the official ISO file includes intel-ucode, which requires changes to the bootloader for early microcode. Will we see changes before November release?
I see al least two options:
(1) Write two syslinux/gummiboot entries per each current entry, something like "start archlinux for Intel machine (except virtualized enviroment)", "start archlinux for non-Intel machine".
(2) Always load intel-ucode.img for all enviroments, should be ignored in cases where does not care.
In case (2), for keep it simple, we can unpack then intel-ucode.img and just always add the .bin inside archiso.img
I guess, should work. Please confirm, I do not have Intel CPU.
That does not work. Not sure why the microcode is ignored, but I could not updated this way.
Should work. Are you sure that you are doing the right thing? This file must exist on initramfs: /kernel/x86/microcode/GenuineIntel.bin
What works is concatenating the initramfs images. Something like
# cat intel-ucode.img initramfs-linux.img > archiso.img
works perfectly. This is the method described upstream [0].
[0] https://www.kernel.org/doc/Documentation/x86/early-microcode.txt
Or generate a initcpio hook with: add_file /path/to/GenuineIntel.bin /kernel/x86/microcode/GenuineIntel.bin Concat archive the same effect, weird if this does not works...
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 11:28:
On 10/29/2014 09:57 AM, Christian Hesse wrote:
Gerardo Exequiel Pozzi <vmlinuz386@gmail.com> on Wed, 2014/10/29 09:41:
On 10/29/2014 09:35 AM, Gerardo Exequiel Pozzi wrote:
On 10/29/2014 08:31 AM, Christian Hesse wrote:
Hello everybody,
the official ISO file includes intel-ucode, which requires changes to the bootloader for early microcode. Will we see changes before November release?
I see al least two options:
(1) Write two syslinux/gummiboot entries per each current entry, something like "start archlinux for Intel machine (except virtualized enviroment)", "start archlinux for non-Intel machine".
(2) Always load intel-ucode.img for all enviroments, should be ignored in cases where does not care.
In case (2), for keep it simple, we can unpack then intel-ucode.img and just always add the .bin inside archiso.img
I guess, should work. Please confirm, I do not have Intel CPU.
That does not work. Not sure why the microcode is ignored, but I could not updated this way.
Should work. Are you sure that you are doing the right thing?
This file must exist on initramfs: /kernel/x86/microcode/GenuineIntel.bin
Yap.
What works is concatenating the initramfs images. Something like
# cat intel-ucode.img initramfs-linux.img > archiso.img
works perfectly. This is the method described upstream [0].
[0] https://www.kernel.org/doc/Documentation/x86/early-microcode.txt
Or generate a initcpio hook with:
add_file /path/to/GenuineIntel.bin /kernel/x86/microcode/GenuineIntel.bin
I tried exactly this. Did not work for. Please prove me wrong! I would prefer it that way. ;)
Concat archive the same effect, weird if this does not works...
Don't know... -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
participants (5)
-
Christian Hesse
-
Dave Reisner
-
Gerardo Exequiel Pozzi
-
list@eworm.de
-
Thomas Bächler