diff options
Diffstat (limited to 'debian/initramfs.hook')
| -rwxr-xr-x | debian/initramfs.hook | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/debian/initramfs.hook b/debian/initramfs.hook new file mode 100755 index 0000000..c65d7d4 --- /dev/null +++ b/debian/initramfs.hook @@ -0,0 +1,127 @@ +#!/bin/sh +# amd64-microcode initramfs-tools hook script +# Copyright (C) 2012-2016 Henrique de Moraes Holschuh <hmh@debian.org> +# Released under the GPL v2 or later license +# +# Generates a copy of the minimal microcode for all AMD processors +# and installs it to the early initramfs + +PREREQ="" +AMD64UCODE_CONFIG=/etc/default/amd64-microcode + +prereqs() +{ + echo "$PREREQ" +} + +case $1 in +prereqs) + prereqs + exit 0 + ;; +esac + +. /usr/share/initramfs-tools/hook-functions + +verbose() +{ + if [ "${verbose}" = "y" ] ; then + echo "I: amd64-microcode: $*" + fi + : +} + +AUCODE_FW_DIR=/lib/firmware/amd-ucode +AMD64UCODE_INITRAMFS=auto +[ -r ${AMD64UCODE_CONFIG} ] && . ${AMD64UCODE_CONFIG} + +[ -z "${AMD64UCODE_INITRAMFS}" ] && AMD64UCODE_INITRAMFS=no + +if [ ! -d "${AUCODE_FW_DIR}" ] ; then + verbose "no AMD64 processor microcode datafiles to install" + exit 0 +fi + +case "${AMD64UCODE_INITRAMFS}" in + no|0) + verbose "disabled by ${AMD64UCODE_CONFIG}" + exit 0 + ;; + auto|early) + ;; + yes|1) + echo "W: amd64-microcode: initramfs mode not supported, using early-initramfs mode" >&2 + AMD64UCODE_INITRAMFS=early + ;; + *) + echo "E: amd64-microcode: invalid AMD64UCODE_INITRAMFS, using automatic mode" >&2 + AMD64UCODE_INITRAMFS=auto +esac + +if [ "${AMD64UCODE_INITRAMFS}" = "auto" ] ; then + grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo || { + verbose "no AMD processors detected, nothing to do" + exit 0 + } +fi + +# whitelist AMD early updates for kernels 3.14 and later +if dpkg --compare-versions "${version}" lt 3.14 ; then + echo "E: amd64-microcode: unsupported kernel version!" >&2 + exit 0 +fi + +verbose "installing AMD64 microcode into the early initramfs..." + +# set during package build to the date from the package *version* +CHANGELOG_TS=@CHANGELOG_TS@ + +EFWD=$(mktemp -d "${TMPDIR:-/var/tmp}/mkinitramfs-EFW_XXXXXXXXXX") || { + echo "E: amd64-microcode: cannot create temporary directory" >&2 + exit 1 +} +# paranoia +[ ! -d "${EFWD}" ] && { + echo "E: amd64-microcode: mktemp -d malfunction" >&2 + exit 1 +} + +EFWE="${EFWD}/early-initramfs.cpio" + +EFWCD="${EFWD}/d/kernel/x86/microcode" +EFWF="${EFWCD}/AuthenticAMD.bin" + +# note: to build a reproducible early initramfs, we force +# the microcode component ordering inside the microcode +# firmware file, as well as the timestamp and ordering of +# all cpio members. +mkdir -p "${EFWCD}" && \ + find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | LC_ALL=C sort -z | xargs -0 -r cat 2>/dev/null >"${EFWF}" && \ + find "${EFWD}" -print0 | xargs -0r touch --no-dereference --date="@${CHANGELOG_TS}" && { \ + # --reproducible requires cpio >= 2.12 + cpio --usage | grep -qs -- "--reproducible" && cpio_reproducible="--reproducible" || true + } && test -s "${EFWF}" && \ + ( cd "${EFWD}/d" ; find . -print0 | LC_ALL=C sort -z | cpio --null $cpio_reproducible -R 0:0 -H newc -o --quiet > "${EFWE}" ) \ +&& prepend_earlyinitramfs "${EFWE}" || { + # something failed somewhere in that pipeline + [ -d "${EFWD}" ] && rm -fr "${EFWD}" + echo "E: amd64-microcode: failed to create or prepend the early initramfs to the initramfs" >&2 + exit 0 +} + +[ -d "${EFWD}" ] && rm -fr "${EFWD}" + +# attempt to load microcode module to get proper logging. +# microcode support cannot be made modular since Linux 4.4 + +if dpkg --compare-versions "${version}" lt 4.4 ; then + manual_add_modules microcode && { + # force_load has broken semanthics when the .ko file is missing + find "${DESTDIR}/${MODULESDIR}" -type f -print | grep -qc '/microcode\.ko$' && { + verbose "modular microcode driver detected" + force_load microcode + } + } +fi + +: |