View previous topic :: View next topic |
Author |
Message |
miket Guru
Joined: 28 Apr 2007 Posts: 496 Location: Gainesville, FL, USA
|
Posted: Fri Aug 02, 2024 11:20 pm Post subject: WTF moment with linux-firmware |
|
|
While getting set up for building a kernel, I noticed a Strange Thing. I suppose that some people in this section of the forums might have a use for it, but it sure has me scratching my head.
I did a quick ls of my /boot directory to see if I had the boot partition mounted and was surprised by what I found: amd-uc.img. Not having a clue about what it was or how it got there, file told me that it is a cpio archive and equery told me it was installed by sys-kernel/linux-firmware. Installed into /boot?!? WTF! Next I saw that the IUSE for the package now turns on the initramfs USE flag by default.
This is crazy on several levels. 1. I've got an Intel CPU with Intel video, so I don't need AMD microcode; 2. most of the time, even during emerges, I don't have anything mounted on /boot--so when something is mounted there, the amd-uc.img file would no longer be visible; 2a. a subsequent emerge of linux-firmware would want to remove or replace that file, so if /boot were mounted at that time, emerge would not be able to find it; 3. I do use an initramfs, but it is hand-rolled and used with my extlinux boot loader; and 4. would you not want to build the kernel with that microcode built in? The wiki page for linux-firmware has nothing to say about how to use this cpio image.
Maybe it takes advantage of some magic in genkernel or grub, but at this point, I don't see how it would work. All in all, though, I think the file would better be installed somewhere else like /usr/share/linux-firmware-[ver] |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20476
|
Posted: Sat Aug 03, 2024 12:22 am Post subject: |
|
|
There's already a topic about your exact scenario and an Intel CPU. There are other threads in general about the changes to installkernel.
Oh, and at least 1 news item if not 2 related to the changes. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
miket Guru
Joined: 28 Apr 2007 Posts: 496 Location: Gainesville, FL, USA
|
Posted: Sat Aug 03, 2024 1:54 am Post subject: |
|
|
pjp wrote: | There's already a topic about your exact scenario and an Intel CPU. There are other threads in general about the changes to installkernel. | I saw a news item about installkernel. I hadn't been aware of it and since I never run make install for the kernel, I've never used installkernel unknowingly. I always hand-copy kernel images and configurations to their respective directories on the /boot partition and edit extlinux.conf by hand. The only thing I got from the news item was that--hooray--a bit of software I never use would no longer be installed.
Not only that, the news item for installkernel makes no mention of firmware, let alone linux-firmware. I've found that one of the installkernel threads does discuss linux-firmware and AMD microcode, but does not make a convincing case for me that installing a blob directly into /boot is the right solution. The big fly in the ointment is the contents of the /boot directory are ephemeral. Many of us mount it only to update the boot configuration after building a kernel. When I do a world update it is seldom mounted.
For me, the greatest question is why the recent ebuild for linux-firmware switched to enabling the initramfs USE flag by default.
pjp wrote: | Oh, and at least 1 news item if not 2 related to the changes. | Edit: <strikethru>I saw only one.</strikethru> Sorry--I did see a second news item--still no mention of linux-firmware. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20476
|
|
Back to top |
|
|
logrusx Advocate
Joined: 22 Feb 2018 Posts: 2380
|
Posted: Sat Aug 03, 2024 5:07 am Post subject: |
|
|
I think it's this:
Code: | # equery uses linux-firmware
...
- - initramfs : Create and install initramfs for early microcode loading in /boot (only AMD for now)
|
Best Regards,
Georgi |
|
Back to top |
|
|
miket Guru
Joined: 28 Apr 2007 Posts: 496 Location: Gainesville, FL, USA
|
Posted: Sat Aug 03, 2024 4:32 pm Post subject: |
|
|
I took a look at various packages that are adjacent to automagic boot setup: grub, genkernel, dracut, and plymouth (I had never emerged any of the last three of these). Guess what? None of these install anything into /boot!
One attribute of the boot directory/partition is the wide diversity of layouts it may have. There is no one-size-fits-all solution. I argue that is is widely inappropriate for a package manager to install things there directly: leave the manipulation of the contents of the boot directory/partition to other tools or manual processes that are outside of the package manager.
I haven't found explicit documentation about what directories can be the explicit targets of package-installation operations, but documents such as https://devmanual.gentoo.org/general-concepts/filesystem/index.html and https://wiki.gentoo.org/wiki/Gentoo_specific_directories give strong hints.
It would seem that package installation should be limited to these directories:- anywhere in /bin, /lib*, /opt, and /sbin
- anywhere in /usr except under /usr/local
- judiciously in /etc and /var
|
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5050 Location: Bavaria
|
Posted: Sat Aug 03, 2024 5:06 pm Post subject: |
|
|
miket wrote: | I took a look at various packages that are adjacent to automagic boot setup: grub, genkernel, dracut, and plymouth (I had never emerged any of the last three of these). Guess what? None of these install anything into /boot!
One attribute of the boot directory/partition is the wide diversity of layouts it may have. There is no one-size-fits-all solution. I argue that is is widely inappropriate for a package manager to install things there directly: leave the manipulation of the contents of the boot directory/partition to other tools or manual processes that are outside of the package manager. |
First of all: I'm not a fan of automagic things either ... but there are many users who don't want to/can't take care of the kernel configuration themselves. For these users you MUST offer automatic routines ... and they have to install something on the ESP and/or /boot:
If a booloader/bootmanager is to be used, at least something must be written to the ESP (mounted on /efi). The grub installs itself by default to /boot/grub ... and the kernel ... yes, the kernel always needs - if not configured itself - an EXTERNAL initramfs (if no UKI is built) ... and firmware files ...
If you are using a bootloader that looks for the kernel in /boot, I recommend simply copying it yourself instead of using "make install":
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Manual_kernel_configuration#Cheat_Sheets
But if you - like me - do everything yourself, you shouldn't have any problems switching all that off:
I have a self-configured, monolithic, signed Linux kernel (on the notebook even with an embedded initramfs) which I boot directly from UEFI via SecureBoot (all self-built *). No need to install the install-kernel package (certainly no "dracut"), because I don't do a "make install" at all; and for my firmware I only need USE="-initramfs ..." in the make.conf (because of linux-firmware) ... nothing else:
Code: | # emerge -pvD gentoo-sources linux-firmware intel-microcode installkernel dracut
...
[ebuild R ] sys-kernel/linux-firmware-20240709-r1::gentoo USE="redistributable -bindist -compress-xz -compress-zstd -deduplicate -dist-kernel -initramfs -savedconfig (-unknown-license)" 0 KiB
[ebuild N ] sys-kernel/installkernel-39-r2::gentoo USE="-dracut (-efistub) -grub -refind -systemd -systemd-boot (-ugrd) -uki -ukify" 22 KiB
[ebuild R ~] sys-firmware/intel-microcode-20240531_p20240526-r2::gentoo USE="split-ucode -dist-kernel -hostonly -initramfs -vanilla" 0 KiB
[ebuild N ] sys-kernel/dracut-060_pre20240104-r4::gentoo USE="(-selinux) (-test)" 489 KiB
[ebuild R ~] sys-kernel/gentoo-sources-6.10.2:6.10.2::gentoo USE="-build -experimental -symlink" 0 KiB |
My /boot is completely empty ... and on my ESP I have only my (stub-)kernels.
*) https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/Boot_kernel_via_UEFI#Cheat_Sheet_for_a_stub_kernel_booted_with_SecureBoot _________________ https://wiki.gentoo.org/wiki/User:Pietinger
Last edited by pietinger on Sat Aug 03, 2024 5:10 pm; edited 1 time in total |
|
Back to top |
|
|
logrusx Advocate
Joined: 22 Feb 2018 Posts: 2380
|
Posted: Sat Aug 03, 2024 5:07 pm Post subject: |
|
|
miket wrote: | I took a look at various packages that are adjacent to automagic boot setup: grub, genkernel, dracut, and plymouth (I had never emerged any of the last three of these). Guess what? None of these install anything into /boot! |
Didn't you see my replay?
I just tested it and:
Code: | equery belongs /boot/amd-uc.img
* Searching for /boot/amd-uc.img ...
sys-kernel/linux-firmware-20240709-r1 (/boot/amd-uc.img)
|
Disable initramfs on linux-firmware.
Best Regards,
Georgi |
|
Back to top |
|
|
Nowa Developer
Joined: 25 Jun 2014 Posts: 409 Location: Nijmegen
|
Posted: Sat Aug 03, 2024 5:28 pm Post subject: |
|
|
Quote: | This is crazy on several levels. |
No it's not, and it would be nice if you'd look into something a bit more before declaring it crazy.
Quote: | 1. I've got an Intel CPU with Intel video, so I don't need AMD microcode; |
And there are also situations where a disk must be able to boot on both systems with an AMD *and* an Intel CPU. Via USE=initramfs on linux-firmware and intel-microcode you get the choice of installing, neither, only Intel, only AMD, or both.
Quote: | 2. most of the time, even during emerges, I don't have anything mounted on /boot--so when something is mounted there, the amd-uc.img file would no longer be visible; 2a. a subsequent emerge of linux-firmware would want to remove or replace that file, so if /boot were mounted at that time, emerge would not be able to find it; |
Which is why the ebuild enforces that /boot is mounted
Quote: | 3. I do use an initramfs, but it is hand-rolled and used with my extlinux boot loader; |
The kernel supports loading multiple initramfs'. USE=initramfs on linux-firmware and intel-microcode is an essential feature for users that use initrd generators that do not bundle the microcode
Quote: | 4. would you not want to build the kernel with that microcode built in? |
A good reason to prefer the initramfs approach over building the microcode into the kernel is that the initramfs gets updated directly when linux-firmware/intel-microcode updates. Whereas building it into the kernel requires rebuilding the whole kernel before microcode updates take effect. Besides there are many users that use the preconfigured distribution kernels.
Quote: | The wiki page for linux-firmware has nothing to say about how to use this cpio image. |
It's picked up automatically by grub-mkconfig at that location. And via sys-kernel/installkernel it is also possible to install/register it for other supported bootloaders.
Quote: | For me, the greatest question is why the recent ebuild for linux-firmware switched to enabling the initramfs USE flag by default. |
Because it makes sense for the most secure to be the default. You may have additional methods of updating the microcode (e.g. build it into the kernel), but applying the updates twice (built-in and via initramfs) is harmless, while applying them not at all is a security risk.
Advanced users may disable the flag because they build the microcode into the kernel. But for the not so advanced users, the default configuration ensures that their cpu microcode is up to date.
See https://devmanual.gentoo.org/eclass-reference/mount-boot.eclass/index.html _________________ OS: Gentoo 6.10.12-gentoo-dist, ~amd64, 23.0/desktop/plasma/systemd
MB: MSI Z370-A PRO
CPU: Intel Core i9-9900KS
GPU: Intel Arc A770 16GB & Intel UHD Graphics 630
SSD: Samsung 970 EVO Plus 2 TB
RAM: Crucial Ballistix 32GB DDR4-2400 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|