Attention is currently required from: Himanshu Sahdev, Julius Werner, Lean Sheng Tan, Rizwan Qureshi, Subrata Banik, Tarun Tuli, Wonkyu Kim, Yu-Ping Wu.

Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/75357?usp=email )

Change subject: {cpu, security}: Stitch multiple microcodes per CPUID into CBFS ......................................................................

Patch Set 14:

(4 comments)

File src/cpu/Kconfig:

https://review.coreboot.org/c/coreboot/+/75357/comment/430e05c2_d9965d35 : PS14, Line 130: if the unified microcode is large. Searching is not what takes a long time. Mapping it all in cache to make it TOCTOU safe with CBFS_VERIFICATION is what makes it slow. Maybe have the default depend on that?

https://review.coreboot.org/c/coreboot/+/75357/comment/885bc113_6ea8f365 : PS14, Line 134: frequent frequent? what does that mean in this context? booting often, loading microcode multiple times in one boot?

https://review.coreboot.org/c/coreboot/+/75357/comment/09e96c17_d8c390c7 : PS14, Line 135: requied required.

https://review.coreboot.org/c/coreboot/+/75357/comment/70bab06f_837d01d9 : PS14, Line 216: config CPU_UCODE_SPLIT_BINARIES : string "Split microcode blob directory path" : depends on CPU_MICROCODE_CBFS_SPLIT_BINS : default "" : help : Provide the microcode blob directory path based on the configuration setting that : allows for split microcode binaries per CPUID for both RO and RW CBFS. : : Some platforms have microcode in the blobs directory, and these can be hardcoded : in the makefiles. The expected format for keeping the microcode filename in the : directory is `cpu_microcode_$(CPUID).bin`. : : This should contain the full path of the microcode blob directory. For example: : "3rdparty/blobs/mainboard/$(CONFIG_MAINBOARD_DIR)/microcode_inputs". : : If unsure, leave this blank. Can the existing options not be reused? I don't see how fetching everything from a dir is related to splitting binaries in cbfs.