Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microcode check for Centos 7 #148

Closed
mphilipps opened this issue May 23, 2019 · 4 comments
Closed

Microcode check for Centos 7 #148

mphilipps opened this issue May 23, 2019 · 4 comments
Labels
enhancement
Milestone
v3.5

Comments

@mphilipps
Copy link

hi,
Because microcode updates aren't part of systemd and therefore every distribution feels like they have to distribute them slightly different, they appear to be in /usr/share/microcode_ctl/ucode_with_caveats/intel/intel-ucode on Centos 7.
In #123 @duck-rh reported them to be in /lib/firmware/intel-ucode, but that directory does not appear to exist on Centos 6 or 7.

Given how much pain it is support every distribution on the planet, maybe we could just have a setting for the microcode path in needrestart.conf? That way package maintainer could set them to the correct value for their respective distribution.
@duck-rh
Copy link
Contributor

duck-rh commented May 23, 2019

@mphilipps this path is owned by the microcode_ctl package; AFAIU it is meant to hold the result of the iucode_tool and it is missing at first. The /usr/libexec/microcode_ctl/update_ucode script says « Maintain kernel-version-specific symlinks in /lib/firmware based on configuration present in /usr/share/microcode_ctl/ucode_with_caveats. ». I don't know when this script is called but it seems this is the proper path and the one you gave is used to prepare its content.

This path is also used in Debian in the intel-microcode package.

@mphilipps
Copy link
Author

I am aware of the of the symlinks in /lib/firmware/$kernelversion, but checking against them seems like a just more convoluted way of checking against /usr/share/microcode_ctl/ucode_with_caveats/intel/intel-ucode.

You are right in that /lib/firmware/intel-ucode is owned by microcode_ctl, however I am not sure it still used. In /usr/libexec/microcode_ctl/update_ucode there is some code about creating symlinks there, but the script seems to be more concerned with deleting them.
Reading further there is some documentation in /usr/share/doc/microcode_ctl/README.caveats. From what I have gathered there /lib/firmware/intel-ucode might be used for manual late firmware updates. However afaik the recommended way of updating firmware is the early one through the initramfs. I didn't expect redhat to even support the 'whenever you feel like it' firmware update process.

Maybe it would be best to inspect the initramfs? lsinitrd shows a kernel/x86/microcode/GenuineIntel.bin in the early cpio image that should contain the microcode used after the next update.

@mphilipps
Copy link
Author

lsinitrd -f kernel/x86/microcode/GenuineIntel.bin /boot/initramfs-3.10.0-957.12.2.el7.x86_64.img | iucode_tool -t b -l - looks promising,

@liske
Copy link
Owner

liske commented Jun 5, 2019

Adding a config options sounds reasonable so that advanced users are able to to configure the path on their own choice..

@liske liske added this to the v3.5 milestone Jun 5, 2019
@liske liske closed this as completed in a491bcc Dec 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
v3.5
Development

No branches or pull requests
3 participants
@liske @mphilipps @duck-rh