sysutils/cpu-microcode-(amd|intel): add plugins; closes #4075

Already support early loading for AMD, but as of 24.7.1 this hasn't
been shipped with the kernel yet.

README.md

@@ -91,6 +91,8 @@ security/tor -- The Onion Router
 security/wazuh-agent -- Agent for the open source security platform Wazuh
 sysutils/apcupsd -- APCUPSD - APC UPS daemon
 sysutils/apuled -- PC Engine APU LED control (development only)
+sysutils/cpu-microcode-amd -- AMD CPU microcode updates
+sysutils/cpu-microcode-intel -- Intel CPU microcode updates
 sysutils/dec-hw -- Deciso hardware specific information
 sysutils/dmidecode -- Display hardware information on the dashboard
 sysutils/git-backup -- Track config changes using git

sysutils/cpu-microcode-amd/Makefile

@@ -0,0 +1,8 @@
+PLUGIN_NAME=		cpu-microcode-amd
+PLUGIN_VERSION=		1.0
+PLUGIN_COMMENT=		AMD CPU microcode updates
+PLUGIN_DEPENDS=		cpu-microcode-amd
+PLUGIN_CONFLICTS=	cpu-microcode-intel
+PLUGIN_MAINTAINER=	franco@opnsense.org
+
+.include "../../Mk/plugins.mk"

sysutils/cpu-microcode-amd/pkg-descr

@@ -0,0 +1,6 @@
+Updating your microcode can help to mitigate certain potential security
+vulnerabilities in CPUs as well as address certain functional issues that could,
+for example, result in unpredictable system behavior such as hangs, crashes,
+unexpected reboots, data errors, etc.
+
+The microcode update will be loaded when the system is rebooted.

sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode

@@ -0,0 +1,2 @@
+cpu_microcode_load="YES"
+cpu_microcode_name="/boot/firmware/amd-ucode.bin"

sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+export microcode_update_enable="YES"
+
+/usr/local/etc/rc.d/microcode_update start

sysutils/cpu-microcode-intel/Makefile

@@ -0,0 +1,8 @@
+PLUGIN_NAME=		cpu-microcode-intel
+PLUGIN_VERSION=		1.0
+PLUGIN_COMMENT=		Intel CPU microcode updates
+PLUGIN_DEPENDS=		cpu-microcode-intel
+PLUGIN_CONFLICTS=	cpu-microcode-amd
+PLUGIN_MAINTAINER=	franco@opnsense.org
+
+.include "../../Mk/plugins.mk"

sysutils/cpu-microcode-intel/pkg-descr

@@ -0,0 +1,6 @@
+Updating your microcode can help to mitigate certain potential security
+vulnerabilities in CPUs as well as address certain functional issues that could,
+for example, result in unpredictable system behavior such as hangs, crashes,
+unexpected reboots, data errors, etc.
+
+The microcode update will be loaded when the system is rebooted.

sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode

@@ -0,0 +1,2 @@
+cpu_microcode_load="YES"
+cpu_microcode_name="/boot/firmware/intel-ucode.bin"

sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+export microcode_update_enable="YES"
+
+/usr/local/etc/rc.d/microcode_update start