You are not logged in.

#1 2024-03-18 11:20:41

vanja_z
Member
Registered: 2012-04-11
Posts: 43

New mkinitcpio microcode hook not working

After reading the news and the wiki, I understand the new way to load microcode is to add the 'microcode' hook to mkinitcpio.conf and then then to remove the initrd microcode entry from my bootloader (refind). I've tried this on my two Arch linux boxes and it worked on the first one but it is not working on the second one. Both are Intel.

Original:
mkinitcpio.conf

HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck)

refind.conf

options  "root= ...  initrd=boot/intel-ucode.img"

Microcode update working:

sudo journalctl -b | grep microcode
xxx xxx kernel: microcode: Current revision: 0x0b000040
xxx xxx kernel: microcode: Updated early from: 0x0b00001c

After:
mkinitcpio.conf

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems fsck)

refind.conf

options  "root= ... "

Microcode update NOT working:

sudo journalctl -b | grep microcode
xxx xxx kernel: microcode: Current revision: 0x0b00001c

The initramfs seems to have been generated correctly:

sudo lsinitcpio --early /boot/initramfs-linux.img
early_cpio
kernel/
kernel/x86/
kernel/x86/microcode/
kernel/x86/microcode/GenuineIntel.bin

Does anyone have an idea why the microcode would not be applying in this situation? I've tried running mkinitcpio again and I've tried reinstalling the kernel package. Strange that it worked on one computer but not the second one.

Offline

#2 2024-03-18 12:36:10

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 627

Re: New mkinitcpio microcode hook not working

Did you regenerate the initramfs after editing /etc/mkinitcpio.conf?

Try moving the microcode hook before autodetect and see if it changes anything.

Last edited by nl6720 (2024-03-18 12:37:06)

Offline

#3 2024-04-01 11:54:50

vanja_z
Member
Registered: 2012-04-11
Posts: 43

Re: New mkinitcpio microcode hook not working

Try moving the microcode hook before autodetect and see if it changes anything.

Tried this even though I'm not sure why it would help. According to the doco I had it in the correct order already. Didn't make any difference, as per my original post kernel/x86/microcode/GenuineIntel.bin is in the image. Strange that this is working fine on one of my Arch computers and not on the other.

Microcode patches are a very important security feature so would be good if somebody could help figure out why this is broken. The wiki advises people that

This method is preferred over #Microcode in a separate initramfs file

so would be good if the method that is recommended worked reliably.

Offline

#4 2024-04-01 12:43:26

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 627

Re: New mkinitcpio microcode hook not working

Open an issue in https://gitlab.archlinux.org/archlinux/ … o/-/issues so that this could be investigated further.

Offline

#5 2024-04-01 14:38:50

ua4000
Member
Registered: 2015-10-14
Posts: 430

Re: New mkinitcpio microcode hook not working

vanja_z wrote:

I've tried this on my two Arch linux boxes and it worked on the first one but it is not working on the second one. Both are Intel.

Both are intel you wrote, but both are the same CPU, same revision ?
Microcode is only applied, when the cpu has old code and the provided Microcode file is newer and contains updates for your cpu model.
The Microcode can be also applied already by the UEFI/BIOS during boot.

It is normal, to get *no* Microcode update at all: either you CPU Microcode is latest, or latest Microcode is in UEFI/BIOS and no fresher one exist.

Are your two Arch boxes the same, or do they differ ?

Last edited by ua4000 (2024-04-02 18:34:09)

Offline

Board footer

Powered by FluxBB