diff --git a/changelog/bugfixes/2025-10-20-microcode-updates.md b/changelog/bugfixes/2025-10-20-microcode-updates.md new file mode 100644 index 0000000000..4d0b8cafc5 --- /dev/null +++ b/changelog/bugfixes/2025-10-20-microcode-updates.md @@ -0,0 +1 @@ +- Fixed Intel microcode updates which were broken in recent Alpha and Beta releases by switching back to built-in extra firmware instead of early cpio inclusion ([Flatcar#1909](https://github.com/flatcar/Flatcar/issues/1909)) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use index 8e35aecd7a..037ffd9faf 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use @@ -157,13 +157,10 @@ sys-libs/libsemanage -python sys-fs/zfs minimal -rootfs # Do not tinker with /boot partition at installation time. +sys-firmware/intel-microcode -initramfs sys-fs/zfs-kmod -initramfs sys-kernel/coreos-firmware -initramfs -# Only needed for direct loading by the kernel, which is dangerous, and we -# include all the microcode in the initrd anyway. -sys-firmware/intel-microcode -split-ucode - # For sys-auth/sssd net-dns/bind gssapi net-dns/bind-tools gssapi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.51.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.51.ebuild index 8e50a61a5e..77094b324d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.51.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.51.ebuild @@ -96,20 +96,9 @@ src_compile() { lsinitrd --kver SILENCEERROR --unpack "${S}"/build/bootengine.cpio || die mksquashfs . "${S}"/build/bootengine.img -noappend -xattrs-exclude ^btrfs. || die popd || die + # No early cpio, drop full initrd + > "${S}"/build/bootengine.cpio # Create minimal initrd - if use amd64; then - mkdir "${S}"/build/early-cpio || die - pushd "${S}"/build/early-cpio || die - lsinitrd --kver SILENCEERROR --unpackearly "${S}"/build/bootengine.cpio || die - # Recreate to only contain the early cpio for microcode - find . -print0 | cpio --null --create --verbose --format=newc > "${S}"/build/bootengine.cpio || die - # Debug: List contents after recreation - cpio -t < "${S}"/build/bootengine.cpio - popd || die - else - # No early cpio, drop full initrd - > "${S}"/build/bootengine.cpio - fi mkdir "${S}"/build/minimal || die pushd "${S}"/build/minimal || die mkdir -p {etc,dev,proc,sys,dev,usr/bin,usr/lib64,realinit,sysusr/usr} || die @@ -141,6 +130,7 @@ src_compile() { mknod ./dev/random c 1 8 || die mknod ./dev/zero c 1 5 || die # No compression because CONFIG_INITRAMFS_COMPRESSION_XZ should take care of it + # (Note: The kernel build system does not support prepending an uncompressed microcode early cpio here) find . -print0 | cpio --null --create --verbose --format=newc >> "${S}"/build/bootengine.cpio || die popd || die kmake "$(kernel_target)"