sys-firmware/intel-microcode: Use kernel built-in microcode

The Intel microcode wasn't applied anymore after it was reworked to be
in the initrd instead of being built-in as part of the kernel image.
This was due to how the kernel build system can't handle combined
initrds and skip the early cpio when compressing. The AMD microcode was
still built-in as part of the kernel image.
Let the kernel build system pick up the Intel microcode by installing it
to the firmware directory. Disable the inclusion of microcode in the
initrd. Also, we can drop the preservation of the early cpio when
generating the minimal initrd.

Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This commit is contained in:
Kai Lueke 2025-10-20 14:24:23 +09:00
parent eb1c6c2438
commit c0baf9bed4
3 changed files with 5 additions and 17 deletions

View File

@ -0,0 +1 @@
- Fixed Intel microcode updates which were broken in recent Alpha and Beta releases by switching back to built-in extra firmware instead of early cpio inclusion ([Flatcar#1909](https://github.com/flatcar/Flatcar/issues/1909))

View File

@ -157,13 +157,10 @@ sys-libs/libsemanage -python
sys-fs/zfs minimal -rootfs sys-fs/zfs minimal -rootfs
# Do not tinker with /boot partition at installation time. # Do not tinker with /boot partition at installation time.
sys-firmware/intel-microcode -initramfs
sys-fs/zfs-kmod -initramfs sys-fs/zfs-kmod -initramfs
sys-kernel/coreos-firmware -initramfs sys-kernel/coreos-firmware -initramfs
# Only needed for direct loading by the kernel, which is dangerous, and we
# include all the microcode in the initrd anyway.
sys-firmware/intel-microcode -split-ucode
# For sys-auth/sssd # For sys-auth/sssd
net-dns/bind gssapi net-dns/bind gssapi
net-dns/bind-tools gssapi net-dns/bind-tools gssapi

View File

@ -96,20 +96,9 @@ src_compile() {
lsinitrd --kver SILENCEERROR --unpack "${S}"/build/bootengine.cpio || die lsinitrd --kver SILENCEERROR --unpack "${S}"/build/bootengine.cpio || die
mksquashfs . "${S}"/build/bootengine.img -noappend -xattrs-exclude ^btrfs. || die mksquashfs . "${S}"/build/bootengine.img -noappend -xattrs-exclude ^btrfs. || die
popd || die popd || die
# Create minimal initrd
if use amd64; then
mkdir "${S}"/build/early-cpio || die
pushd "${S}"/build/early-cpio || die
lsinitrd --kver SILENCEERROR --unpackearly "${S}"/build/bootengine.cpio || die
# Recreate to only contain the early cpio for microcode
find . -print0 | cpio --null --create --verbose --format=newc > "${S}"/build/bootengine.cpio || die
# Debug: List contents after recreation
cpio -t < "${S}"/build/bootengine.cpio
popd || die
else
# No early cpio, drop full initrd # No early cpio, drop full initrd
> "${S}"/build/bootengine.cpio > "${S}"/build/bootengine.cpio
fi # Create minimal initrd
mkdir "${S}"/build/minimal || die mkdir "${S}"/build/minimal || die
pushd "${S}"/build/minimal || die pushd "${S}"/build/minimal || die
mkdir -p {etc,dev,proc,sys,dev,usr/bin,usr/lib64,realinit,sysusr/usr} || die mkdir -p {etc,dev,proc,sys,dev,usr/bin,usr/lib64,realinit,sysusr/usr} || die
@ -141,6 +130,7 @@ src_compile() {
mknod ./dev/random c 1 8 || die mknod ./dev/random c 1 8 || die
mknod ./dev/zero c 1 5 || die mknod ./dev/zero c 1 5 || die
# No compression because CONFIG_INITRAMFS_COMPRESSION_XZ should take care of it # No compression because CONFIG_INITRAMFS_COMPRESSION_XZ should take care of it
# (Note: The kernel build system does not support prepending an uncompressed microcode early cpio here)
find . -print0 | cpio --null --create --verbose --format=newc >> "${S}"/build/bootengine.cpio || die find . -print0 | cpio --null --create --verbose --format=newc >> "${S}"/build/bootengine.cpio || die
popd || die popd || die
kmake "$(kernel_target)" kmake "$(kernel_target)"