From dc2b22a8763d97fba63756395a3c112a62f68ebe Mon Sep 17 00:00:00 2001 From: Eugene Syromiatnikov Date: Wed, 23 Aug 2023 01:46:41 +0200 Subject: [PATCH] dracut_99microcode_ctl-fw_dir_override_module_init.sh: add new default fw_dir Since commit dracut-57~5[1], dracut uses a different set directories as default $fw_dir, which leads to not resetting it to a state where kernel-based FW directories (where the microcode for late load resides) are skipped and leads to having multiple microcode versions in the early cpio, which prevents the caveats mechanism from working properly. [1] https://github.com/dracutdevs/dracut/commit/95aeed8975dd * dracut_99microcode_ctl-fw_dir_override_module_init.sh: Check $fw_dir for the new default directory set as well in the condition for the $fw_dir reset check. * microcode_ctl.spec (Release): Bump to 2. (%changelog): Add a new record. Resolves: #2213125 Signed-off-by: Eugene Syromiatnikov --- dracut_99microcode_ctl-fw_dir_override_module_init.sh | 11 ++++++++--- microcode_ctl.spec | 6 +++++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/dracut_99microcode_ctl-fw_dir_override_module_init.sh b/dracut_99microcode_ctl-fw_dir_override_module_init.sh index 854e278..f1244cb 100755 --- a/dracut_99microcode_ctl-fw_dir_override_module_init.sh +++ b/dracut_99microcode_ctl-fw_dir_override_module_init.sh @@ -13,6 +13,7 @@ install() { local DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats local CFG_DIR="/etc/microcode_ctl/ucode_with_caveats" local check_caveats=/usr/libexec/microcode_ctl/check_caveats + local fw_path_para=$(< /sys/module/firmware_class/parameters/path) local verbose_opt local cc_out @@ -36,9 +37,13 @@ install() { } # Reset fw_dir to avoid inclusion of kernel-version-specific directories - # populated with microcode for the late load - [ "x$fw_dir" != \ - "x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" ] || { + # populated with microcode for the late load, only in case it is set + # to the default value to avoid meddling with user-enforced changes. + # The second variant has been introduced in dracut-057~5. + [ \( "x$fw_dir" != \ + "x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" \) -a \ + \( "x$fw_dir" != \ + "x${fw_path_para:+$fw_path_para }/lib/firmware/updates/$kernel /lib/firmware/updates /lib/firmware/$kernel /lib/firmware" \) ] || { fw_dir="/lib/firmware/updates /lib/firmware" dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\"" } diff --git a/microcode_ctl.spec b/microcode_ctl.spec index 175493a..03bd1d1 100644 --- a/microcode_ctl.spec +++ b/microcode_ctl.spec @@ -13,7 +13,7 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl Version: %{intel_ucode_version} -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files @@ -569,6 +569,10 @@ rm -rf %{buildroot} %changelog +* Tue Aug 22 2023 Eugene Syromiatnikov - 4:20230808-2 +- Add support for the new, more correct, variant of dracut's default + $fw_dir path in dracut_99microcode_ctl-fw_dir_override_module_init.sh. + * Thu Aug 10 2023 Eugene Syromiatnikov - 4:20230808-1 - Update Intel CPU microcode to microcode-20230808 release, addresses CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213125, #2223993, #2230678,