From patchwork Mon Jun 1 13:40:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Andrew Cooper X-Patchwork-Id: 11582063 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8B2BC913 for ; Mon, 1 Jun 2020 13:41:45 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6FF712068D for ; Mon, 1 Jun 2020 13:41:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6FF712068D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jfkgV-0001E7-2T; Mon, 01 Jun 2020 13:40:59 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jfkgT-0001E2-D3 for xen-devel@lists.xenproject.org; Mon, 01 Jun 2020 13:40:57 +0000 X-Inumbo-ID: 84e9b336-a40d-11ea-81bc-bc764e2007e4 Received: from esa4.hc3370-68.iphmx.com (unknown [216.71.155.144]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 84e9b336-a40d-11ea-81bc-bc764e2007e4; Mon, 01 Jun 2020 13:40:56 +0000 (UTC) Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: EiEC/4LNeYzNvajZEdL3Yks2kRlluXttvjFpXKdHb7DO0ZMwGZoFv6vXdEGnI43ZsuBkXp6oG9 X5h6LMaGyEg0QQCDGSfXrMx+6HNtG5xQEqGw3YiIkEJswL6NlEuv2plg+U4QrTvpA3ueqZZivg I4sfJ83kT+H4K56t0xe53B4C23kHA5qeN1KeHy4sMMClQ8sAEVeWG0q/t7OW6XCxBZfORqQay4 uAGPFyWcsY3bWVY2ndCWps9y9He5bu9b5suoPwI3pkzpcA4ODVLhdM8bqg8E2AFkV/OdRnhZa8 q0I= X-SBRS: 2.7 X-MesageID: 19661962 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.73,460,1583211600"; d="scan'208";a="19661962" From: Andrew Cooper To: Xen-devel Subject: [PATCH for-4.14] docs/ucode: Extend runtime microcode loading documentation Date: Mon, 1 Jun 2020 14:40:25 +0100 Message-ID: <20200601134025.24142-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Paul Durrant , Jan Beulich , Ian Jackson Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Extend the disclaimer about runtime loading. While we've done our best to make the mechaism reliable, the safety of late loading does ultimately depend on the contents of the blobs. Extend the xen-ucode portion with examples of how to use it. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné Reviewed-by: Jan Beulich --- CC: George Dunlap CC: Ian Jackson CC: Jan Beulich CC: Konrad Rzeszutek Wilk CC: Stefano Stabellini CC: Wei Liu CC: Julien Grall CC: Paul Durrant --- docs/admin-guide/microcode-loading.rst | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/docs/admin-guide/microcode-loading.rst b/docs/admin-guide/microcode-loading.rst index 5f0f661a2e..8cd5d0351b 100644 --- a/docs/admin-guide/microcode-loading.rst +++ b/docs/admin-guide/microcode-loading.rst @@ -104,8 +104,8 @@ modules to find any CPIO archives, and search the archive for the applicable file. Xen will stop searching at the first match. -Run time microcode loading --------------------------- +Runtime microcode loading +------------------------- .. warning:: @@ -113,7 +113,23 @@ Run time microcode loading or at boot time. Not all microcode updates (or parts thereof) can be applied at runtime. -The ``xen-ucode`` utility can be used to initiate a runtime microcode load. + Given the proprietry nature of microcode, we are unable to make any claim + that a runtime microcode is risk-free. Any runtime microcode loading needs + adequate testing on a dev instance before being rolled out to production + systems. + +The ``xen-ucode`` utility can be used to initiate a runtime microcode load:: + + [root@host ~]# xen-ucode + xen-ucode: Xen microcode updating tool + Usage: xen-ucode + [root@host ~]# + +e.g. With a Linux dom0 on a Haswell system:: + + [root@host ~]# xen-ucode /lib/firmware/intel-ucode/06-3c-03 + [root@host ~]# + It will pass the blob to Xen, which will check to see whether the blob is correct for the processor, and newer than the running microcode.