On Wed, Nov 25, 2020, Borislav Petkov wrote: > On Mon, Nov 16, 2020 at 10:25:48AM -0800, isaku.yamahata@xxxxxxxxx wrote: > > From: Zhang Chen <chen.zhang@xxxxxxxxx> > > > > Move get_builtin_firmware() to common.c so that it can be used to get > > non-ucode firmware, e.g. Intel's SEAM modules, even if MICROCODE=n. > > What for? > > This is used for microcode built in the kernel - a non-common use case. > Why is your thing built into the kernel and not a normal module object? The SEAM module needs to be loaded during early boot, it can't be deferred to a module, at least not without a lot more blood, sweat, and tears. The SEAM Loader is an ACM that is invoked via GETSEC[EnterACCS], which requires all APs to be in WFS. SEAM Loader also returns control to the kernel with a null IDT and NMIs unblocked, i.e. we're toast if there's a pending NMI. And unlike the run-time SEAMCALLs, boot-time SEAMCALLs do not have a strictly bounded runtime. Invoking configuration SEAMCALLs after the kernel is fully up and running could cause instability as IRQ, NMI, and SMI are all blocked in SEAM mode, e.g. a high priority IRQ/NMI/SMI could be blocked for 50+ usecs (it might be far more than 50 usecs, I haven't seen real numbers for all SEAMCALLs).
