Ubuntu
linux-aws package

linux-aws fails to late load microcode, works with generic

Bug #1863299 reported by Dimitri John Ledkov
266
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-aws (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

[Impact]

 * Late loading of intel microcode doesn't seem to work on aws.

[Test Case]

 * Boot Focal on AWS metal instance
 * Install intel-microcode package
 * Disable early microcode loading:
   sudo rm /usr/share/initramfs-tools/hooks/intel_microcode to disable including microcde in the initrd
 * Update initrd
   sudo update-initramfs -u
 * Observe that late loading (due to /usr/lib/tmpfiles.d/intel-microcode.conf ) does not happen.

I.e. expected to see something like this:
$ journalctl -b | grep microcode
Feb 14 11:08:38 ottawa kernel: microcode: sig=0x506e3, pf=0x20, revision=0xc6
Feb 14 11:08:38 ottawa kernel: microcode: Microcode Update Driver: v2.2.
Feb 14 11:08:42 ottawa kernel: microcode: updated to revision 0xd6, date = 2019-10-03
Feb 14 11:08:42 ottawa kernel: x86/CPU: CPU features have changed after loading microcode, but might not take effect.
Feb 14 11:08:42 ottawa kernel: microcode: Reload completed, microcode revision: 0xd6

instead I see something like this:
Feb 14 11:08:38 ottawa kernel: microcode: sig=0x506e3, pf=0x20, revision=0xc6
Feb 14 11:08:38 ottawa kernel: microcode: Microcode Update Driver: v2.2.

(no updated to revivsion .... message)

[Regression Potential]

 * Late loading is new, as the current default is to load microcode early from initrd. It will only change behaviour on initrd-less bionic-minimal images, and any image types on later releases, but only when booted on the .metal instances.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Hello Dimitri,

The source of this is that the linux-aws (and some other cloud-specific) kernels do not have CONFIG_MICROCODE_OLD_INTERFACE enabled, while they are enabled in the generic kernel configs.

For consideration, this is the kernel config documentation for this option:

  config MICROCODE_OLD_INTERFACE
        bool "Ancient loading interface (DEPRECATED)"
        default n
        depends on MICROCODE
        ---help---
          DO NOT USE THIS! This is the ancient /dev/cpu/microcode interface
          which was used by userspace tools like iucode_tool and microcode.ctl.
          It is inadequate because it runs too late to be able to properly
          load microcode on a machine and it needs special tools. Instead, you
          should've switched to the early loading method with the initrd or
          builtin microcode by now: Documentation/x86/microcode.rst

I'm going to mark this issue public. Thanks.

information type: Private Security → Public Security
Revision history for this message
Steve Beattie (sbeattie) wrote :

Is this worth addressing in the cloud kernels or should we stick to early microcode loads only?

Changed in linux-aws (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux-aws (Ubuntu) because there has been no activity for 60 days.]

Changed in linux-aws (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.