> Date: Wed, 22 May 2019 20:02:14 +0200 > From: Alexander Bluhm <alexander.bl...@gmx.net> > > On Wed, May 22, 2019 at 05:54:35PM +0200, Mark Kettenis wrote: > > Should we also fix biosboot? The machines that are affected are all > > fairly recent and should boot using UEFI by default... > > If we change fewer things, we may have less trouble for 6.4 and 6.5 > errata. > > Do we know any non-UEFI capable machines with huge firmware?
The problem is that most UEFI capable machines still include a CSM module that provides classic BIOS support. While many modern machines disable this module by default, users can twidle knobs and may end up using biosboot. > Does boot on BIOS machines have enough memory to handle huge firmware? According to https://wiki.osdev.org/Memory_Map_(x86) the area from 0x00100000-0x00EFFFFF should be free for use if it exists. Since we currently load our kernel at 0x01000000 we already assume that memory exists. But there is no official standard so no absolute guarantee. My guess is that bumping the limit from 128k to 256k should work. Such a bump is fairly riskless since there is no impact on machines with "small" microcodes. > > I have no clue if/how this should be handled as an errata/syspatch. > > I think we should include this into errata. Otherwise x280 and > similar machines would not get new firmware. As claudio@ points out we provide mitigation against MDS even without the microcode. And vendors are much more likely to provide BIOS updates for machines with these fairly recent Intel CPUs than for 8-year old hardware, so I think there is a reasonable case for not bothering about 6.4 and 6.5 here. And... > First we need a diff for 6.5 and 6.5. exec_i386.c is based on > recent refactoring. > > Can we explain users to run installboot in errata description? > Do they know which boot disk to give on the command line? > > Can syspatch handle calling installboot? > Can it autodetect the boot disk device? ...given these complications I think we shouldn't bother and concentrating on getting the MDS errata/syspatch out that is currently being tested.
