Xen project Mailing List

[PATCH] Package microcode for the x86 hardware runners

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 11 Apr 2025 20:59:14 +0100

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Doug Goldstein <cardoe@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 11 Apr 2025 19:59:33 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

They are all out of date, to different degrees. Install jq into the x86_64 build container so we can parse the Github latest release information in an acceptable way. The resulting archive must be uncompressed, in order to work during early boot. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> CC: Michal Orzel <michal.orzel@xxxxxxx> CC: Doug Goldstein <cardoe@xxxxxxxxxx> CC: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> Example working in Xen: https://gitlab.com/xen-project/hardware/xen-staging/-/jobs/9700756054#L206 --- .gitlab-ci.yml | 4 +++ images/alpine/3.18-x86_64-build.dockerfile | 3 ++ scripts/x86-microcode.sh | 42 ++++++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100755 scripts/x86-microcode.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3587d660aa62..63722233dc6f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -64,6 +64,10 @@ linux-6.6.56-x86_64: ARGO_SHA: "ca5473a56f62e2b4d59697c8552d151391d3fec1" ARGOEXEC_SHA: "d900429f6640acc6f68a3d3a4c945d7da60625d8" +microcode-x86: + extends: .x86_64-artifacts + script: ./scripts/x86-microcode.sh + # # The jobs below here are legacy and being phased out. # diff --git a/images/alpine/3.18-x86_64-build.dockerfile b/images/alpine/3.18-x86_64-build.dockerfile index eac0cda4fed3..c4ff30e1f138 100644 --- a/images/alpine/3.18-x86_64-build.dockerfile +++ b/images/alpine/3.18-x86_64-build.dockerfile @@ -27,6 +27,9 @@ RUN <<EOF openssl-dev perl + # Microcode + jq + # Argo build deps autoconf automake diff --git a/scripts/x86-microcode.sh b/scripts/x86-microcode.sh new file mode 100755 index 000000000000..cb55a3bd2d52 --- /dev/null +++ b/scripts/x86-microcode.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +set -eux -o pipefail + +WORKDIR="${PWD}" +COPYDIR="${WORKDIR}/binaries" + +ROOTDIR="${WORKDIR}/root" +UCODEDIR="${ROOTDIR}/kernel/x86/microcode" +mkdir -p "${UCODEDIR}" + +# +# Intel microcode comes from github +# +curl -fsSL https://api.github.com/repos/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/latest > intel-latest.json +TARBALL_URL="$(jq -r .tarball_url intel-latest.json)" +curl -fsSL "${TARBALL_URL}" > intel-latest.tar +tar xf intel-latest.tar --strip-components=1 + +( + cd intel-ucode + cat 06-97-02 # adl-* + cat 06-8e-09 # kbl-* +) > "${UCODEDIR}/GenuineIntel.bin" + +# +# AMD microcode comes from linux-firmware +# +curl -fsSLO https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam17h.bin +curl -fsSLO https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam19h.bin + +( + cat microcode_amd_fam17h.bin # zen2-*, xilinux-*-x86_64-* + cat microcode_amd_fam19h.bin # zen3p-* +) > "${UCODEDIR}/AuthenticAMD.bin" + +# Package everything up. It must be uncompressed +cd "${ROOTDIR}" +find . | cpio -R 0:0 -H newc -o > "${COPYDIR}/ucode.cpio" + +# Print the contents for the build log +cpio -tv < "${COPYDIR}/ucode.cpio" -- 2.39.5

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.