From 77ecf1eb876f47124240053232a129dd42953fe1 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 13 Aug 2024 13:35:48 +0200 Subject: [PATCH] sysutils/cpu-microcode-(amd|intel): add plugins; closes #4075 Already support early loading for AMD, but as of 24.7.1 this hasn't been shipped with the kernel yet. --- README.md | 2 ++ sysutils/cpu-microcode-amd/Makefile | 8 ++++++++ sysutils/cpu-microcode-amd/pkg-descr | 6 ++++++ .../src/etc/rc.loader.d/40-cpu-microcode | 2 ++ .../src/etc/rc.syshook.d/early/40-cpu-microcode | 5 +++++ sysutils/cpu-microcode-intel/Makefile | 8 ++++++++ sysutils/cpu-microcode-intel/pkg-descr | 6 ++++++ .../src/etc/rc.loader.d/40-cpu-microcode | 2 ++ .../src/etc/rc.syshook.d/early/40-cpu-microcode | 5 +++++ 9 files changed, 44 insertions(+) create mode 100644 sysutils/cpu-microcode-amd/Makefile create mode 100644 sysutils/cpu-microcode-amd/pkg-descr create mode 100644 sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode create mode 100755 sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode create mode 100644 sysutils/cpu-microcode-intel/Makefile create mode 100644 sysutils/cpu-microcode-intel/pkg-descr create mode 100644 sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode create mode 100755 sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode diff --git a/README.md b/README.md index 02fc2fb69..2cf77dee5 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,8 @@ security/tor -- The Onion Router security/wazuh-agent -- Agent for the open source security platform Wazuh sysutils/apcupsd -- APCUPSD - APC UPS daemon sysutils/apuled -- PC Engine APU LED control (development only) +sysutils/cpu-microcode-amd -- AMD CPU microcode updates +sysutils/cpu-microcode-intel -- Intel CPU microcode updates sysutils/dec-hw -- Deciso hardware specific information sysutils/dmidecode -- Display hardware information on the dashboard sysutils/git-backup -- Track config changes using git diff --git a/sysutils/cpu-microcode-amd/Makefile b/sysutils/cpu-microcode-amd/Makefile new file mode 100644 index 000000000..eacda9643 --- /dev/null +++ b/sysutils/cpu-microcode-amd/Makefile @@ -0,0 +1,8 @@ +PLUGIN_NAME= cpu-microcode-amd +PLUGIN_VERSION= 1.0 +PLUGIN_COMMENT= AMD CPU microcode updates +PLUGIN_DEPENDS= cpu-microcode-amd +PLUGIN_CONFLICTS= cpu-microcode-intel +PLUGIN_MAINTAINER= franco@opnsense.org + +.include "../../Mk/plugins.mk" diff --git a/sysutils/cpu-microcode-amd/pkg-descr b/sysutils/cpu-microcode-amd/pkg-descr new file mode 100644 index 000000000..cdf882f5f --- /dev/null +++ b/sysutils/cpu-microcode-amd/pkg-descr @@ -0,0 +1,6 @@ +Updating your microcode can help to mitigate certain potential security +vulnerabilities in CPUs as well as address certain functional issues that could, +for example, result in unpredictable system behavior such as hangs, crashes, +unexpected reboots, data errors, etc. + +The microcode update will be loaded when the system is rebooted. diff --git a/sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode b/sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode new file mode 100644 index 000000000..c7cbf86a3 --- /dev/null +++ b/sysutils/cpu-microcode-amd/src/etc/rc.loader.d/40-cpu-microcode @@ -0,0 +1,2 @@ +cpu_microcode_load="YES" +cpu_microcode_name="/boot/firmware/amd-ucode.bin" diff --git a/sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode b/sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode new file mode 100755 index 000000000..4dab1e32c --- /dev/null +++ b/sysutils/cpu-microcode-amd/src/etc/rc.syshook.d/early/40-cpu-microcode @@ -0,0 +1,5 @@ +#!/bin/sh + +export microcode_update_enable="YES" + +/usr/local/etc/rc.d/microcode_update start diff --git a/sysutils/cpu-microcode-intel/Makefile b/sysutils/cpu-microcode-intel/Makefile new file mode 100644 index 000000000..bd0f7384c --- /dev/null +++ b/sysutils/cpu-microcode-intel/Makefile @@ -0,0 +1,8 @@ +PLUGIN_NAME= cpu-microcode-intel +PLUGIN_VERSION= 1.0 +PLUGIN_COMMENT= Intel CPU microcode updates +PLUGIN_DEPENDS= cpu-microcode-intel +PLUGIN_CONFLICTS= cpu-microcode-amd +PLUGIN_MAINTAINER= franco@opnsense.org + +.include "../../Mk/plugins.mk" diff --git a/sysutils/cpu-microcode-intel/pkg-descr b/sysutils/cpu-microcode-intel/pkg-descr new file mode 100644 index 000000000..cdf882f5f --- /dev/null +++ b/sysutils/cpu-microcode-intel/pkg-descr @@ -0,0 +1,6 @@ +Updating your microcode can help to mitigate certain potential security +vulnerabilities in CPUs as well as address certain functional issues that could, +for example, result in unpredictable system behavior such as hangs, crashes, +unexpected reboots, data errors, etc. + +The microcode update will be loaded when the system is rebooted. diff --git a/sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode b/sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode new file mode 100644 index 000000000..976a36fa5 --- /dev/null +++ b/sysutils/cpu-microcode-intel/src/etc/rc.loader.d/40-cpu-microcode @@ -0,0 +1,2 @@ +cpu_microcode_load="YES" +cpu_microcode_name="/boot/firmware/intel-ucode.bin" diff --git a/sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode b/sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode new file mode 100755 index 000000000..4dab1e32c --- /dev/null +++ b/sysutils/cpu-microcode-intel/src/etc/rc.syshook.d/early/40-cpu-microcode @@ -0,0 +1,5 @@ +#!/bin/sh + +export microcode_update_enable="YES" + +/usr/local/etc/rc.d/microcode_update start