[Bug 1862938] Re: Enable late loading of microcode by default

2020-08-06 Thread Dimitri John Ledkov
** Changed in: intel-microcode (Ubuntu)
   Status: Fix Released => Won't Fix

** Changed in: intel-microcode (Ubuntu Xenial)
   Status: New => Won't Fix

** Changed in: intel-microcode (Ubuntu Bionic)
   Status: New => Won't Fix

** Changed in: intel-microcode (Ubuntu Eoan)
   Status: Fix Committed => Won't Fix

** Changed in: intel-microcode (Ubuntu Focal)
   Status: Fix Released => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862938] Re: Enable late loading of microcode by default

2020-06-11 Thread Steve Beattie
The version in eoan was superceded by the 20200609 release. In focal and
groovy, this change was reverted in 3.20200609.0ubuntu0.20.04.2 because
the tmpfiles.d approach, in addition to attmepting to late load early in
the boot process, also caused late loading to trigger during package
installation.

Enabling late loading by default also makes it more difficult to recover
from a problematic microcode update, attempting to boot an earlier
kernel/initramfs with a known-good microcode to recover will be thwarted
by the late loaded problematic microcode.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1862938] Re: Enable late loading of microcode by default

2020-02-16 Thread Henrique de Moraes Holschuh
On Fri, 14 Feb 2020, Steve Beattie wrote:
> The reason I ask is that every communication I've had with Intel has
> indicated that late loading is risky and should not be used. The reason

Well, it is risky, it is actively discouraged, and regular users are
NEVER expected to come anywhere close to late loading.

The target audience of late loading is, as far as I know, gigantic cloud
provider senior engineers with proper NDAs signed with Intel and access
to relevant support channels and non-public information.

I am not adding this change to Debian, FWIW.

-- 
  Henrique Holschuh

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862938] Re: Enable late loading of microcode by default

2020-02-15 Thread Dimitri John Ledkov
I'm trying to fix the case when users/manufacturers failed to
provide/install uefi capsule update on the motherboard, failed to first-
boot with up to date microcode, and thus remain unsecured, whilst one
can install microcode. In bare-metal cloud context, late loading of
microcode can be done as the line of last defence to apply microcode.

** Changed in: intel-microcode (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862938] Re: Enable late loading of microcode by default

2020-02-14 Thread Steve Beattie
Hey Dimitri,

Can you expand on what problems/situations where you're actually seeing
late loading be a solution?

The reason I ask is that every communication I've had with Intel has
indicated that late loading is risky and should not be used. The reason
for this is that performing late loading on a running system can result
in race conditions where cpu cores have different values for MSRs/cpu
flags, or even have them disappear momentarily while the microcode is
loading. This can cause a variety of problems for virtual machine
hosts/hypervisors.

Also this statement:

  "For example, from time to time, certain microcode updates are pulled
or get blacklisted from late loading."

isn't really a reason to do late loading.

Finally, why is this being done via tmpfiles.d(5)? If we're really going
to do this, should it not be its own systemd unit, rather than hijacking
something that isn't related?

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862938] Re: Enable late loading of microcode by default

2020-02-14 Thread Timo Aaltonen
Hello Dimitri, or anyone else affected,

Accepted intel-microcode into eoan-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/intel-
microcode/3.20191115.1ubuntu0.19.10.3 in a few hours, and then in the
-proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-eoan to verification-done-eoan. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-eoan. In either case, without details of your
testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: intel-microcode (Ubuntu Eoan)
   Status: New => Fix Committed

** Tags added: verification-needed verification-needed-eoan

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1862938] Re: Enable late loading of microcode by default

2020-02-12 Thread Dimitri John Ledkov
intel-microcode (3.20191115.1ubuntu3) focal; urgency=medium

  * Ship tmpfiles.d snippet to attempt late loading of microcode during
boot, in case early loading of microcode did not happen. Early
microcode loading might not happen if booting without initramfs or a
missbuilt one.

 -- Dimitri John Ledkov   Wed, 12 Feb 2020 12:37:30
+

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1862938

Title:
  Enable late loading of microcode by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1862938/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs