From ef6754e325eb582508b443ff00c285b3abce8a3b Mon Sep 17 00:00:00 2001
From: Kai Lueke <kailuke@microsoft.com>
Date: Mon, 20 Oct 2025 14:24:23 +0900
Subject: [PATCH] sys-firmware/intel-microcode: Use kernel built-in microcode

The Intel microcode wasn't applied anymore after it was reworked to be
in the initrd instead of being built-in as part of the kernel image.
This was due to how the kernel build system can't handle combined
initrds and skip the early cpio when compressing. The AMD microcode was
still built-in as part of the kernel image.
Let the kernel build system pick up the Intel microcode by installing it
to the firmware directory. Disable the inclusion of microcode in the
initrd.

Signed-off-by: Kai Lueke <kailuke@microsoft.com>
---
 changelog/bugfixes/2025-10-20-microcode-updates.md           | 1 +
 .../coreos-overlay/profiles/coreos/base/package.use          | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)
 create mode 100644 changelog/bugfixes/2025-10-20-microcode-updates.md

diff --git a/changelog/bugfixes/2025-10-20-microcode-updates.md b/changelog/bugfixes/2025-10-20-microcode-updates.md
new file mode 100644
index 0000000000..4d0b8cafc5
--- /dev/null
+++ b/changelog/bugfixes/2025-10-20-microcode-updates.md
@@ -0,0 +1 @@
+- Fixed Intel microcode updates which were broken in recent Alpha and Beta releases by switching back to built-in extra firmware instead of early cpio inclusion ([Flatcar#1909](https://github.com/flatcar/Flatcar/issues/1909))
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index 785127fe0b..f367cd9aa9 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -157,12 +157,9 @@ sys-libs/libsemanage -python
 sys-fs/zfs minimal -rootfs
 
 # Do not tinker with /boot partition at installation time.
+sys-firmware/intel-microcode -initramfs
 sys-fs/zfs-kmod -initramfs
 
-# Only needed for direct loading by the kernel, which is dangerous, and we
-# include all the microcode in the initrd anyway.
-sys-firmware/intel-microcode -split-ucode
-
 # For sys-auth/sssd
 net-dns/bind       gssapi
 net-dns/bind-tools gssapi