Attention is currently required from: Arthur Heymans, Himanshu Sahdev, Julius Werner, Lean Sheng Tan, Rizwan Qureshi, Tarun Tuli, Wonkyu Kim, Yu-Ping Wu.
Subrata Banik has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/75357?usp=email )
Change subject: {cpu, security}: Stitch multiple microcodes per CPUID into CBFS ......................................................................
Patch Set 14:
(8 comments)
File src/cpu/Kconfig:
https://review.coreboot.org/c/coreboot/+/75357/comment/43c26bdd_c4748e02 : PS14, Line 122: CPU_MICROCODE_CBFS_SPLIT_BINS
The code does intel specific things so this needs to be captured in the name.
Acknowledged
https://review.coreboot.org/c/coreboot/+/75357/comment/b212cd6a_0b9dbda2 : PS14, Line 123: bool "Include microcode per CPUID into CBFS"
This option will show on ALL platforms. Does it even make sense to have it as a user visible option?
it will allow to override the default value from site-local rather forcing to enable from SoC/MB config using upstream coreboot.
As we are not uploading the ucode blobs in coreboot upstream build hence it's easy to go by default value which is `n` and don't need to specify the split ucode blob path.
https://review.coreboot.org/c/coreboot/+/75357/comment/10b91d3c_ce5e1568 : PS14, Line 130: if the unified microcode is large.
Searching is not what takes a long time. […]
Acknowledged
https://review.coreboot.org/c/coreboot/+/75357/comment/7aec55b8_463ad072 : PS14, Line 134: frequent
frequent? what does that mean in this context? booting often, loading microcode multiple times in one boot?
The intention is to convey that having split ucode makes it easy to update a particular CPUID for in-field devices rather bothering about to stitch multiple ucode together.
lets drop this like to avoid further confusion.
https://review.coreboot.org/c/coreboot/+/75357/comment/10b1d287_93d04af9 : PS14, Line 135: requied
required.
Acknowledged
https://review.coreboot.org/c/coreboot/+/75357/comment/70f61165_5afe8fc1 : PS14, Line 216: config CPU_UCODE_SPLIT_BINARIES : string "Split microcode blob directory path" : depends on CPU_MICROCODE_CBFS_SPLIT_BINS : default "" : help : Provide the microcode blob directory path based on the configuration setting that : allows for split microcode binaries per CPUID for both RO and RW CBFS. : : Some platforms have microcode in the blobs directory, and these can be hardcoded : in the makefiles. The expected format for keeping the microcode filename in the : directory is `cpu_microcode_$(CPUID).bin`. : : This should contain the full path of the microcode blob directory. For example: : "3rdparty/blobs/mainboard/$(CONFIG_MAINBOARD_DIR)/microcode_inputs". : : If unsure, leave this blank.
Can the existing options not be reused? I don't see how fetching everything from a dir is related […]
Acknowledged
https://review.coreboot.org/c/coreboot/+/75357/comment/fe408042_b4e97f76 : PS14, Line 216: config CPU_UCODE_SPLIT_BINARIES : string "Split microcode blob directory path" : depends on CPU_MICROCODE_CBFS_SPLIT_BINS : default "" : help : Provide the microcode blob directory path based on the configuration setting that : allows for split microcode binaries per CPUID for both RO and RW CBFS. : : Some platforms have microcode in the blobs directory, and these can be hardcoded : in the makefiles. The expected format for keeping the microcode filename in the : directory is `cpu_microcode_$(CPUID).bin`. : : This should contain the full path of the microcode blob directory. For example: : "3rdparty/blobs/mainboard/$(CONFIG_MAINBOARD_DIR)/microcode_inputs". : : If unsure, leave this blank.
Can the existing options not be reused? I don't see how fetching everything from a dir is related […]
Acknowledged
File src/cpu/Makefile.inc:
https://review.coreboot.org/c/coreboot/+/75357/comment/e85d3290_2948c837 : PS14, Line 83: $(eval regions-for-file-$(params) = COREBOOT,FW_MAIN_A,FW_MAIN_B) \
Is this line needed?
we don't need this now