diff mbox series

[v2] x86/ucode: Add option to scan microcode by default

Message ID 20250217175011.3175683-1-ross.lagerwall@citrix.com (mailing list archive)
State New
Headers show
Series [v2] x86/ucode: Add option to scan microcode by default | expand

Commit Message

Ross Lagerwall Feb. 17, 2025, 5:50 p.m. UTC 
A lot of systems automatically add microcode to the initramfs so it can
be useful as a vendor policy to always scan for microcode. Add a Kconfig
option to allow setting the default behaviour.

The default behaviour is unchanged since the new option defaults to
"no".

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---

* Updated the command-line docs.
* Tweaked Kconfig wording.
* def_bool -> bool

 docs/misc/xen-command-line.pandoc |  5 +++--
 xen/arch/x86/Kconfig              | 10 ++++++++++
 xen/arch/x86/cpu/microcode/core.c |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

Comments

Roger Pau Monné Feb. 18, 2025, 9:50 a.m. UTC | #1 
On Mon, Feb 17, 2025 at 05:50:11PM +0000, Ross Lagerwall wrote:
> A lot of systems automatically add microcode to the initramfs so it can
> be useful as a vendor policy to always scan for microcode. Add a Kconfig
> option to allow setting the default behaviour.
> 
> The default behaviour is unchanged since the new option defaults to
> "no".
> 
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks, Roger.
diff mbox series

Patch

diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc
index 9bbd00baef91..0c6225391d55 100644
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -2724,7 +2724,7 @@  performance.
 > `= List of [ <integer> | scan=<bool>, nmi=<bool> ]`
 
     Applicability: x86
-    Default: `nmi`
+    Default: `scan` is selectable via Kconfig, `nmi=true`
 
 Controls for CPU microcode loading. For early loading, this parameter can
 specify how and where to find the microcode update blob. For late loading,
@@ -2747,7 +2747,8 @@  microcode in the cpio name space must be:
   - on Intel: kernel/x86/microcode/GenuineIntel.bin
   - on AMD  : kernel/x86/microcode/AuthenticAMD.bin
 When using xen.efi, the `ucode=<filename>` config file setting takes
-precedence over `scan`.
+precedence over `scan`. The default value for `scan` is set with
+`CONFIG_UCODE_SCAN_DEFAULT`.
 
 'nmi' determines late loading is performed in NMI handler or just in
 stop_machine context. In NMI handler, even NMIs are blocked, which is
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig
index 9cdd04721afa..6e41bc0fb435 100644
--- a/xen/arch/x86/Kconfig
+++ b/xen/arch/x86/Kconfig
@@ -383,6 +383,16 @@  config ALTP2M
 
 	  If unsure, stay with defaults.
 
+config UCODE_SCAN_DEFAULT
+	bool "Scan for microcode by default"
+	help
+	  During boot, Xen can scan the multiboot images for a CPIO archive
+	  containing CPU microcode to be loaded, which is Linux's mechanism for
+	  early microcode loading.
+
+	  Enable if you have a Linux-based dom0 with microcode attached to the
+	  initramfs.
+
 endmenu
 
 source "common/Kconfig"
diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c
index 87283cff1de4..de00c22b4bd6 100644
--- a/xen/arch/x86/cpu/microcode/core.c
+++ b/xen/arch/x86/cpu/microcode/core.c
@@ -100,7 +100,7 @@  static struct microcode_patch *microcode_cache;
  * location we require that they are not both active together.
  */
 static int __initdata opt_mod_idx;
-static bool __initdata opt_scan;
+static bool __initdata opt_scan = IS_ENABLED(CONFIG_UCODE_SCAN_DEFAULT);
 
 /*
  * Used by the EFI path only, when xen.cfg identifies an explicit microcode