From nobody Thu Aug 10 05:26:32 2023
X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RLwQM3QqLz4q6rg
	for <freebsd-security@mlmmj.nyi.freebsd.org>; Thu, 10 Aug 2023 05:26:35 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RLwQL3sZlz3c1V
	for <freebsd-security@freebsd.org>; Thu, 10 Aug 2023 05:26:34 +0000 (UTC)
	(envelope-from grarpamp@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=NiT1Jxck;
	spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::e29 as permitted sender) smtp.mailfrom=grarpamp@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-vs1-xe29.google.com with SMTP id ada2fe7eead31-4475df91bb1so230154137.3
        for <freebsd-security@freebsd.org>; Wed, 09 Aug 2023 22:26:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1691645193; x=1692249993;
        h=to:subject:message-id:date:from:references:in-reply-to:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=bDVkavpcSHM4ySsb7A6RGAYA2SQIPxg3UNKInYe1Kl0=;
        b=NiT1JxcknZEw2HJDlPaCZfe5aIj6b0N9VFzZ8HfINVyUb3ckjBUo48JRNZBOy3qT5/
         h6eFnRzQXOZKByoaZxEwBTs+ZL60NcUDWSbgWwFNcVY4mTiNxCNzT7d2r4tm9sDQHkND
         a+86Ed6Sh78cgjR3h93Kx5BBhi3+/3n7ItsjOYdBWjYbPuilGNTy5yxJCF4rpgBXi8AR
         Xw24KLs6mXzkGGwOFTJKlwpnY4PxiG1I5frRZktEy0iTkC8vbMIqy5n7RG5GAJrp0x6L
         YRx6tZWmly4parnLYSvBUDwrA1E17hipJ62+yRA9wlEwbpaFywsglwsikfXqpt40+oiY
         /+oA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691645193; x=1692249993;
        h=to:subject:message-id:date:from:references:in-reply-to:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=bDVkavpcSHM4ySsb7A6RGAYA2SQIPxg3UNKInYe1Kl0=;
        b=HLVjoCxyVDN+yhqTsiKZTO5oLi0ORUEOtiPLdA1jHFILSyAk3AOH0eSqjGJw4YHGWy
         kUgDFDzS5l25Y4CgM6osJwHF23spHJhMUCL5TzavZPMS5ls785MrViY2i2ghWjUeSt9j
         OeJURw6EhOo74Dl83cfQuSpi/XEpuTs5mCWPjl6YcsFqODvh8VUcPKDV1IeK22+Cb5hk
         Clc3FBM/ibhSgVS2RgVfOXgKjLl55lGR3h/DP14St94l7wzWForEc8g3e/aRXO+xGHmF
         GxPORp6EL2olvNzs2ktLU2fWopEzvEAW6kILUikHPZ2CcykgidP5vlLau1dIK7VpgoAO
         VGHA==
X-Gm-Message-State: AOJu0Ywr2Vt4wnRYUz3cliKaheUaMjeEsNImJDuTk/fx3LX8eo7xFI2J
	Uk1xAHG8rfzLW1gEQOwVJAIOtNRKZWY/+CQtCGYfArfP+Qcq4PHt
X-Google-Smtp-Source: AGHT+IFak3S9ozXl+qojGWVvJZ/BAlK/EQzGK2345+k7nBFVCc6o8R9w3+4d9QOxVfNZ3HFD0kXBuyd659hfd/th670=
X-Received: by 2002:a67:d00a:0:b0:443:69fd:3628 with SMTP id
 r10-20020a67d00a000000b0044369fd3628mr926155vsi.13.1691645193385; Wed, 09 Aug
 2023 22:26:33 -0700 (PDT)
List-Id: Security issues <freebsd-security.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-security
List-Help: <mailto:freebsd-security+help@freebsd.org>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Subscribe: <mailto:freebsd-security+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-security+unsubscribe@freebsd.org>
Sender: owner-freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
MIME-Version: 1.0
Received: by 2002:a59:b907:0:b0:3ed:209f:4d2d with HTTP; Wed, 9 Aug 2023
 22:26:32 -0700 (PDT)
In-Reply-To: <ZNOP3jrj2s7Pl7pC@lorvorc.mips.inka.de>
References: <E2A96C20-6F5D-42B0-A16D-BF70CBB6B99B@lassitu.de>
 <189d93e0238.2805.fa4b1493b064008fe79f0f905b8e5741@Leidinger.net> <ZNOP3jrj2s7Pl7pC@lorvorc.mips.inka.de>
From: grarpamp <grarpamp@gmail.com>
Date: Thu, 10 Aug 2023 01:26:32 -0400
Message-ID: <CAD2Ti29nL3v+SrgEjU+cMYjWDJjUNSWnM0SWA_6qRKiQUdRqRA@mail.gmail.com>
Subject: Re: Downfall microcode update
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Spamd-Result: default: False [-2.69 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.96)[-0.962];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	NEURAL_SPAM_MEDIUM(0.27)[0.274];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20221208];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e29:from];
	RCVD_TLS_LAST(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-security@freebsd.org];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	DKIM_TRACE(0.00)[gmail.com:+];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FREEMAIL_FROM(0.00)[gmail.com];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	TO_DN_NONE(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-Spamd-Bar: --
X-Rspamd-Queue-Id: 4RLwQL3sZlz3c1V

> Updating the CPU microcode _after_ the kernel has started

Kernel does lot of stuff "after it starts" running,
after it gets loaded, before userland, so really
your note means next possible place to "updating"
is after kernel hands off to init.

> seems questionable.

Yes it's supposed to go in from bios before
executing any other code (ie from disk).

So unless you able to rebuild your own bios images
on old boards whose makers are too lame to support
updates from upstream cpu vendor, then the next earliest and
thus most correct way is have loader load it into cpu first...
in case kernel does use the cpu ops that the ucode modifies.

The rc way could be there for easier config switch from
bad ucode in single user mode. At least Intel has
revoked at least one ucode for problems before,
but probably not yet for one that locked up anyone's
basic kernel load, boot, or user shell.

So rc kindof doesn't need to exist given loader way,
and that reboot repair methods still exist.

> cron

From the HW vendors cpu repos could work, no need
to hammer fbsd site for that, but a bit overkill unless you're
a shared hosting service, the big guys get advance notice anyway.
Nor is anyone sane doing cron fetch and installworld to
apply new code either like that.