• Thomas Gleixner's avatar
    x86/microcode: Prepare for minimal revision check · 9407bda8
    Thomas Gleixner authored
    Applying microcode late can be fatal for the running kernel when the
    update changes functionality which is in use already in a non-compatible
    way, e.g. by removing a CPUID bit.
    
    There is no way for admins which do not have access to the vendors deep
    technical support to decide whether late loading of such a microcode is
    safe or not.
    
    Intel has added a new field to the microcode header which tells the
    minimal microcode revision which is required to be active in the CPU in
    order to be safe.
    
    Provide infrastructure for handling this in the core code and a command
    line switch which allows to enforce it.
    
    If the update is considered safe the kernel is not tainted and the annoying
    warning message not emitted. If it's enforced and the currently loaded
    microcode revision is not safe for late loading then the load is aborted.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
    Link: https://lore.kernel.org/r/20231017211724.079611170@linutronix.de
    9407bda8
core.c 21.4 KB