Subject: Intel microcode extended signature table support in Linux/BITS

I am directing this question to you hoping one of you can either address it
directly, or forward it internally at Intel.

We have code in the Linux kernel to support microcode extended signature
tables which has never been tested as far as I know, as there are no public
test vectors of microcode update containers with extended signature tables.

IMHO, untested kernel code is never a good thing, and useless untested
kernel code is even worse.

So, the first question would be whether microcode extended signature tables
are ever going to be used by Intel?

If that code is going to remain unused, we probably should remove support
for Intel microcode extended signatures from Linux.

Anyway, there is an incompatibility between the code in Linux and also in
Intel BITS, and what is documented in the SDM (Intel? 64 and IA-32
Architectures Software Developer Manual).

So, for the second question, could someone at Intel please clarify the
following point?

In the Intel? 64 and IA-32 Architectures Software Developer Manual (SDM) vol
3A page 9-30, table 9-6, last row, the description of the extended signature
table checksum ("Checksum[n]" in table 9-6) makes it clear one is supposed
to strip out the extended signature table entirely from the microcode
container when one applies the extended signature to the main microcode

However, this removal of the extended signature table also implies in a
change of the "Total Size" field of the main microcode header (table 9-6).
Therefore, the "CheckSum[n]" field of table 9-6 has to take into account
this change in the "Total Size" field.

Two public implementations of extended microcode signature table support
(Linux kernel and Intel BITS) do NOT take into account the required change
to "Total Size" in order to strip the extended microcode signature table,
and thus will not validate microcode with extended signature tables that
follow the SDM.

So, which is correct: the code in Linux and BITS, or the text of the SDM?

As a sidenote, the way the SDM documents the extended signature table
implies no extra padding can be added after the extended signature table.

Such padding would be required to satisfy the SDM requirement that "Total
Size" be a multiple of 1024, unless the padding is done inside the microcode
opaque data itself (payload). This seems suboptimal, as it ties the
container strongly to the payload/opaque data... maybe the multiple-of-1024
requirement for Total Size is superfluous for variable-size microcode

"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh