Received: by 10.223.185.111 with SMTP id b44csp1571718wrg;
        Sat, 10 Mar 2018 08:48:42 -0800 (PST)
X-Google-Smtp-Source: AG47ELtP+5xbGrgND66WiymJje1keyFLc9dOZvtptYZw3axgeoNd/uyBndB1/rX8PEWIkc3dXBmn
X-Received: by 10.98.15.137 with SMTP id 9mr2475053pfp.216.1520700522736;
        Sat, 10 Mar 2018 08:48:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520700522; cv=none;
        d=google.com; s=arc-20160816;
        b=adujN5Uhx1RELBVBTMIabUDxcWuFEjiMdyaAkqZjqPD8vN0Ebk5A/KVvzPXNvH5JUq
         1bCuC6SjAF7ICAbTRADE28S7Am90s1cND0iOCFmNBaDDGo24WblN9qMHUchkDc2CDq7I
         royp1m8pcLTx3AUj5algzRJkk4UXckqJB4CTyGPSgSxjzz4KdjhfQtsKpxlIvcHYC5DP
         spT1xPQWIUBZzBFAEJVPHfL1SfvHzIYVycjoz8GW+bC3oAR9x7R7rUbaB+7s487pPwp5
         qbO2LebkXlrC29/+QBHz/stnjBWwlz+9/t2Q3SW9GUPH02fjCrCWtK5JXwf5QqIQE9lp
         sB/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=4IYyQtkGsx2H5iI79hLYDFNZt6duv5TbCPFZtd1ggvM=;
        b=RiR9LhOnTDWx/sSE17DolSQyVYZCRm1LRwuPINs3kum+dorfsmdmiqAFNMUSyStGs5
         vBkmdwXYq/7wDeQAJMvPtmIuBJPJEc009QBOfjPrs6sE4Itywn/dcNJtJbIE2VcSwjqe
         5NnWE0QO6FnUbH1jHihJBRjQofHXRkkhTkG622ExhgKAF2FBhn35Li5g2y7zQeqdyGGy
         Mu0sslCxsn5DIfRuP4v8VAKvpvG6wM6it9TsU2rlY8yWqlpkAIv166UZ/aK5Guoo2Ijd
         ddGh91jVF+t7ZEgvzhU1v3OT/4JHDLZW/F3Cr6uMPETu/BOWyrqbsABu3ntj/AHfEeUq
         iLRA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s62si2541473pgc.184.2018.03.10.08.48.27;
        Sat, 10 Mar 2018 08:48:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932116AbeCJQrN (ORCPT <rfc822;yxhlfx@gmail.com> + 99 others);
        Sat, 10 Mar 2018 11:47:13 -0500
Received: from mail.skyhub.de ([5.9.137.197]:33170 "EHLO mail.skyhub.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750703AbeCJQrM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 10 Mar 2018 11:47:12 -0500
X-Virus-Scanned: Nedap ESD1 at mail.skyhub.de
Received: from mail.skyhub.de ([127.0.0.1])
        by localhost (blast.alien8.de [127.0.0.1]) (amavisd-new, port 10026)
        with ESMTP id BvsFcYf4nBpL; Sat, 10 Mar 2018 17:47:11 +0100 (CET)
Received: from pd.tnic (p200300EC2BD4CE00596C69A920A9793D.dip0.t-ipconnect.de [IPv6:2003:ec:2bd4:ce00:596c:69a9:20a9:793d])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id CD53E1EC00EA;
        Sat, 10 Mar 2018 17:47:10 +0100 (CET)
Date:   Sat, 10 Mar 2018 17:46:55 +0100
From:   Borislav Petkov <bp@alien8.de>
To:     "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
Cc:     Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] x86/microcode/AMD: check microcode file sanity before
 loading it
Message-ID: <20180310164654.GD8261@pd.tnic>
References: <34e9d679-2eca-90cf-9a95-3864f0be060e@maciej.szmigiero.name>
 <f61522e6-fa15-0fc1-feef-6e0c84d6fc80@maciej.szmigiero.name>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <f61522e6-fa15-0fc1-feef-6e0c84d6fc80@maciej.szmigiero.name>
User-Agent: Mutt/1.9.3 (2018-01-21)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Mar 10, 2018 at 05:16:40PM +0100, Maciej S. Szmigiero wrote:
> To make sure that it is clear what this patch is about:

I know what you're trying to do but it seems you don't want to listen.
So let me try one last time to clear your confusion.

> It *isn't* about verifying the actual microcode update, that is, the
> blob that gets sent to the CPU as the new microcode.
> Such verification is (hopefully) done by the CPU itself.

Yes, it is done by the CPU. Microcode is encrypted.

> There is no container file at all for family 17h (Zen) so
> distributions like OpenSUSE that include this file must have gotten it
> from some other source

Or maybe they've gotten it from AMD directly. Don't you think that
getting microcode from the CPU vendor directly is the logical thing?

> That's why to get things like IBPB it is sometimes necessary to use
> a newer microcode version than included in linux-firmware, sourced for
> example from a BIOS update.

linux-firmware will get F17h microcode soon.

> Since BIOS updates contain only actual (raw) microcode updates one
> has to place it in a microcode container file so this driver can parse
> it.
> 
> As far I know there is no tool to automate this work so one has to
> manually tweak the container metadata.

Let me get this straight: am I reading this correctly that you've tried
to carve out the F17h microcode from a BIOS update blob and you're
trying to load that?!?

If so, you could've simply taken a distro microcode package and used
F17h microcode from there - they are all the same.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.