[Feature] Early load microcode for x86 CPU

The code is expected to be included in the merge for the 3.9 kernel.

All the required 13 patches were merged in kernel v3.9:

0d91ea8 x86, doc: Documentation for early microcode loading
9cd4d78 x86/microcode_intel.h: Define functions and macros for early loading ucode
d288e1c x86/common.c: Make have_cpuid_p() a global function
e6ebf5d x86/common.c: load ucode in 64 bit or show loading ucode info in 32 bit on AP
a8ebf6d x86/microcode_core_early.c: Define interfaces for early loading ucode
e666dfa x86/microcode_intel_lib.c: Early update ucode on Intel's CPU
086fc8f x86/tlbflush.h: Define __native_flush_tlb_global_irq_disabled()
ec400dd x86/microcode_intel_early.c: Early update ucode on Intel's CPU
63b553c x86/head_32.S: Early update ucode in 32-bit
feddc9d x86/head64.c: Early update ucode in 64-bit
cd745be x86/mm/init.c: Copy ucode from initrd image to kernel memory
da76f64 x86/Kconfig: Make early microcode loading a configuration feature

The above 12 patches for early load microcode also depends on one early page fault handler patch:
8170e6b x86, 64bit: Use a #PF handler to materialize early mappings on demand

Yingying - I need help with 8170e6b since it has a number of dependent patches. Perhaps Yinghai Lu could make some suggestions given that he authored most of these inter-related patches.

Hi Tim,

I can't find help from Yinghai as he is not an Intel person.

I ran: gitk da76f64e7eb28b718501d15c1b79af560b7ca4ea and found there are 30+ dependent patches.

As this would be a big effort to backport all of them to Raring kernel, I will leave it for you to decide whether to enable this feature in Ubuntu 13.04 or move it to the next release via straightforward kernel upgrade.

Yingying - we're also past feature freeze, so I think this will have to wait for 3.9.

A tool and readme are attached. It generates combined initrd file which contains microcode and initrd image.

The tool can run by itself. But the better way to use it is to integrate it in existing OSVs' initrd relevant tool

Please integrate this tool into initrd relevant management tool!

@Tim,

When I tested the latest CPU microcode v20140624, I found the early load method doesn't work in Ubuntu 14.04. The kernel code and kernel config was enabled in 14.04, it looks like the utility "microcode2initrd" mentioned in comment #6 and #7 was not integrated into to initrd relevant mgmt tool, thus caused this microcode early loading failure.

Would you please double confirm this issue? Or do I need to open a bug?

BTW, manually loading with "iucode_tool" works in Ubuntu 14.04. The early load method works in Ubuntu 14.10.

Yingying - the packaging for intel-microcode which supplies the initramfs hooks for early microcode loading have not changed:

$: diff trusty/intel-microcode/intel-microcode-2.20140624-t/debian/initramfs.init-premount utopic/intel-microcode/intel-microcode-2.20140624.1ubuntu1/debian/initramfs.init-premount
$: diff trusty/intel-microcode/intel-microcode-2.20140624-t/debian/initramfs.hook utopic/intel-microcode/intel-microcode-2.20140624.1ubuntu1/debian/initramfs.hook

If it is a kernel issue, then installing the Utopic LTS kernel from the Trusty pocket in https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa should have the same result, e.g., a Trusty kernel doesn't work whereas a Utopic kernel does (regardless of userspace).

I've reproduced the problem. Somehow 'CONFIG_MICROCODE_INTEL_EARLY is not set' in Utopic, whereas it _is_ enabled in Trusty.

Tim,

I did make some mistake in my comment #8, let me make the correction: Ubuntu 14.04 supports this feature while Ubuntu 14.10 doesn't.

Currently, the intel-microcode package is in "universe" repository, is it okay to move it to the "main" repository, so that CPU new microcode can be loaded by default?

Yingying - I believe policy will prevent intel-microcode from being promoted to main since it contains a binary component that runs directly on the host CPU.

HI Tim,

Can you please elaborate the policy concern?

Is it a license issue? As linux-firmware also contains binary files which is in main repository and loaded by default. From the perspective of "binary", I don't know the difference of cpu microcode vs. device firmwares.

As the Intel cpu microcode is used to correct errata in the processor which is important for users who uses the affected platforms. Even the intel-microcode can't be moved to the main repository, is there a way to automatically notify Ubuntu users that there's a cpu microcode update? And users can make their decision to install the package or not.

Thanks for your information and advice!

This bug was fixed in the package linux - 3.16.0-7.12

---------------
linux (3.16.0-7.12) utopic; urgency=low

  [ Andy Whitcroft ]

  * rebase to v3.16 final
  * [Config] d-i -- add virtio_scsi to virtio-modules
    - LP: #1342000

  [ dann frazier ]

  * [Packaging] Fix 'printchanges' to work with versions containing '+'

  [ Tim Gardner ]

  * [Config] CONFIG_MICROCODE=y
    - LP: #1084373
  * [Config] CONFIG_CONTEXT_TRACKING_FORCE=n
    - LP: #1349028
  * [Config] Add hv_balloon to d-i virtio-modules
    - LP: #1292216
  * Release Tracking Bug
    - LP: #1354530

  [ Upstream Kernel Changes ]

  * rebase to v3.16
 -- Tim Gardner <email address hidden> Tue, 29 Jul 2014 09:55:15 -0400