Project

General

Profile

Actions

Feature #14906

closed

AMD CPU microcode files should not be flagged with 'preserve'

Added by Andy Fiddaman about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
packaging
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:

Description

At present, the package manifest for the AMD CPU microcode files has each entry flagged with preserve=true - the equivalent Intel microcode files are not flagged with preserve at all. We should be consistent, and, on balance, I think we should remove the preserve flag from the AMD package.

The original rationale was most likely to allow people to download an update file from Intel or AMD, and install it manually with ucodeadm -i, and not have that overwritten by future package updates. However there are some downsides to this:

  • Once a file has been manually modified, future package updates will never overwrite it unless the user manually uses pkg revert;
  • pkg verify will not report the modified microcode file - even in the case where it has become corrupt rather than manually replaced - and pkg fix will not operate on it;
  • There is additional verbose output on package updates, reporting each microcode file as 'editable'.

The most common case to think about here is an administrator wanting to install a newer microcode file while waiting for an update from the distribution to be published. If the manually installed version should not be overwritten, then pkg freeze microcode/amd can be used. Finally, in IPS distributions, it is possible to downgrade to an earlier microcode version if necessary by relaxing the incorporation via a version-lock facet.

Actions #1

Updated by Electric Monk about 2 months ago

  • Gerrit CR set to 2305
Actions #2

Updated by Andy Fiddaman about 2 months ago

I tested this by onu@ing a system to these gate bits, checking that the package had updated successfully and that the manifest no longer contains @preserve attributes on the file actions, and exercising verify/fix

bloody% pfexec cp /platform/i86pc/ucode/AuthenticAMD/A01{0,1}-00
bloody% pfexec pkg verify microcode/amd
PACKAGE                                                                 STATUS
pkg://omnios/system/microcode/amd                                        ERROR
        file: platform/i86pc/ucode/AuthenticAMD/A011-00
                ERROR: Hash: 4e1b8afa324d0ed24dba5d1988ae26452c6013ca7d560f8efe7902dc67d2d825 should be c982b9cbed6d51d4bf2c494d8f7cd2914c1f2550f5b96e752f45a395d3af5852
bloody% pfexec pkg fix microcode/amd

******************************************************************************
WARNING: The boot environment being modified is not the active one.
         Changes made in the active BE will not be reflected on the next boot.
******************************************************************************

               Packages to fix:   1
       Create boot environment: Yes
     Activate boot environment: Yes
Create backup boot environment:  No

Repairing: pkg://omnios/system/microcode/amd@20220408,5.11-151043.0:20220819T154611Z
PACKAGE                                                                 STATUS
pkg://omnios/system/microcode/amd                                        ERROR
        file: platform/i86pc/ucode/AuthenticAMD/A011-00
                ERROR: Hash: 4e1b8afa324d0ed24dba5d1988ae26452c6013ca7d560f8efe7902dc67d2d825 should be c982b9cbed6d51d4bf2c494d8f7cd2914c1f2550f5b96e752f45a395d3af5852
DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                                1/1           1/1      0.0/0.0      --

PHASE                                          ITEMS
Updating modified actions                        1/1
Updating package state database                 Done
Updating package cache                           0/0
Updating image state                            Done
Creating fast lookup database                   Done

A clone of 2022081901-onu exists and has been updated and activated.
On the next boot the Boot Environment 2022081901-onu-1 will be
mounted on '/'.  Reboot when ready to switch to this updated BE.

*** Reboot required ***
New BE: 2022081901-onu-1

Actions #3

Updated by Electric Monk about 1 month ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 80b8dac6b3f2dc1f25951b319091df750a4e7d81

commit  80b8dac6b3f2dc1f25951b319091df750a4e7d81
Author: Andy Fiddaman <illumos@fiddaman.net>
Date:   2022-08-24T18:00:40.000Z

    14906 AMD CPU microcode files should not be flagged with 'preserve'
    Reviewed by: Rich Lowe <richlowe@richlowe.net>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Actions

Also available in: Atom PDF