We are no longer using the frozen-in-amber microcode from 2015. Now we use current microcode from Debian (or hopefully in future via other distros).
Empirically this fixes the XSA-308 test on rimava1, which was failing and producing very strange symptoms. CC: Andrew Cooper <[email protected]> Signed-off-by: Ian Jackson <[email protected]> --- ts-host-install | 6 ++++++ ts-xen-install | 2 ++ 2 files changed, 8 insertions(+) diff --git a/ts-host-install b/ts-host-install index 4bfa2f5e..7a72a867 100755 --- a/ts-host-install +++ b/ts-host-install @@ -139,6 +139,12 @@ END target_cmd_root($ho, "chmod 2775 /root"); target_install_packages($ho, qw(ed)); + if ($ho->{Arch} =~ m/^(?:i386|amd64)$/) { + # We don't necessarily know the CPU vendor, but the Debian + # packaged microcode doesn't mind us installing both. + target_install_packages_nonfree_nonconcurrent($ho, + qw(amd64-microcode intel-microcode)); + } my $ntpserver = get_target_property($ho, 'NtpServer'); if ($ntpserver) { diff --git a/ts-xen-install b/ts-xen-install index 9113f318..08b4ea23 100755 --- a/ts-xen-install +++ b/ts-xen-install @@ -209,6 +209,8 @@ sub setupboot () { my $mem = $r{'dom0_mem'} // 512; $xenhopt .= " dom0_mem=${mem}M,max:${mem}M"; } + $xenhopt .= " ucode=scan"; + my $append= $r{xen_boot_append}; $xenhopt .= " $append" if defined $append; $append = get_host_property($ho, 'xen-commandline-append', undef); -- 2.11.0 _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
