Re: x86/microcode update on systems without INITRD

From: Måns Rullgård
Date: Fri Jan 08 2016 - 06:46:35 EST

Borislav Petkov <bp@xxxxxxx> writes:

> On Fri, Jan 08, 2016 at 11:18:51AM +0000, Måns Rullgård wrote:
>> Neither "depends on" nor "select" makes sense to me here. The driver
>> apparently works without it,
> The driver works without it if you build your microcode into the kernel.
> There are use cases where building microcode into the kernel is *not* a
> viable option so we have to support both builtin microcode and microcode
> from the initrd.

How is an initrd different from a real filesystem as seen by the
microcode update driver?

>> and simply having BLK_DEV_INITRD enabled doesn't prevent improper
>> (according to some people) use of the driver. If updating microcode
>> is inherently unsafe when a real disk is mounted, the driver ought
>> to detect this and refuse the operation (possibly with an override
>> option).
> Huh, what?

The objection against removing the dependency was that updating
microcode "late" isn't safe. I don't see how turning on BLK_DEV_INITRD
stops anyone doing those allegedly unsafe updates anyway.

Måns Rullgård