|
 |
4eb1a6 |
Older RHEL 7 kernels try to early load microcode even inside virtual
|
|
|
4eb1a6 |
machine, which may lead to panic on some hypervisors. In order to circumvent
|
|
|
4eb1a6 |
that, microcode is installed into a kernel-version-specific directory (which
|
|
|
4eb1a6 |
is not scanned by the dracut script, that constructs early microcode binary
|
|
|
4eb1a6 |
in initramfs, by default), and path to microcode files provided only in case
|
|
|
4eb1a6 |
initramfs is generated for the kernel version that properly handles early
|
|
|
4eb1a6 |
microcode inside a virtual machine (i.e. do not attempts yo load it).
|
|
|
4eb1a6 |
The versions of the kernel package that properly handle early microcode load
|
|
|
4eb1a6 |
inside a virtual machine are as follows:
|
|
|
4eb1a6 |
RHEL 7.6: kernel-3.10.0-930 or newer;
|
|
|
4eb1a6 |
RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
|
|
|
4eb1a6 |
RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
|
|
|
4eb1a6 |
RHEL 7.3: kernel-3.10.0-514.57.1 or newer.
|
|
|
4eb1a6 |
RHEL 7.2: kernel-3.10.0-327.73.1 or newer.
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
If you want to avoid adding this ucode for a specific kernel, please create
|
|
|
4eb1a6 |
"disallow-early-intel" file inside /lib/firmware/<kernel_version> directory
|
|
|
4eb1a6 |
and run dracut -f:
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
touch /lib/firmware/3.10.0-862.9.1/disallow-intel
|
|
|
4eb1a6 |
/usr/libexec/microcode_ctl/update_ucode
|
|
|
4eb1a6 |
dracut -f --kver 3.10.0-862.9.1
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
If you want to skip processing of this microcode for all kernels, please create
|
|
|
4eb1a6 |
"disallow-early-intel" file inside the "/etc/microcode_ctl/ucode_with_caveats"
|
|
|
4eb1a6 |
directory and run dracut -f --regenerate-all:
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
|
|
4eb1a6 |
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel
|
|
|
4eb1a6 |
dracut -f --kver 3.10.0-862.9.1
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
If you want to enforce addition of this microcode to initramfs for a specific
|
|
|
4eb1a6 |
kernel, please create "force-early-intel" file inside
|
|
|
4eb1a6 |
/lib/firmware/<kernel_version> directory and run
|
|
|
4eb1a6 |
dracut -f --kver "<kernel_version>":
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
modir -p/lib/firmware/3.10.0-862.9.1/
|
|
|
4eb1a6 |
touch /lib/firmware/3.10.0-862.9.1/force-early-intel
|
|
|
4eb1a6 |
dracut -f --kver 3.10.0-862.9.1
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
If you want to enforce addition of this microcode for all kernels, please
|
|
|
4eb1a6 |
create "force-early-intel" file inside /etc/microcode_ctl/ucode_with_caveats
|
|
|
4eb1a6 |
directory and run dracut -f --kver "<kernel_version>":
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
|
|
4eb1a6 |
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel
|
|
|
4eb1a6 |
dracut -f --regenerate-all
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
In order to override late load behaviour, the "early" part of file names should
|
|
|
4eb1a6 |
be replaced with "late".
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
|
|
|
4eb1a6 |
See /usr/share/doc/microcode_ctl/README.caveats for additional information.
|