From 579fd8d9df47f90ce684edda017bf5dc882f258c Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 10 May 2022 08:42:24 +0000 Subject: host/initramfs: install microcode --- host/initramfs/Makefile | 5 +++-- host/initramfs/default.nix | 12 ++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/host/initramfs/Makefile b/host/initramfs/Makefile index 6f8dac0..620b8be 100644 --- a/host/initramfs/Makefile +++ b/host/initramfs/Makefile @@ -11,8 +11,9 @@ CPIOFLAGS = --reproducible -R +0:+0 -H newc SCRIPTS = ../../scripts VERITYSETUP = veritysetup -build/initramfs: build/local.cpio $(PACKAGES_CPIO) - cat build/local.cpio $(PACKAGES_CPIO) | gzip -9n > $@ +build/initramfs: $(MICROCODE) build/local.cpio $(PACKAGES_CPIO) + cat $(MICROCODE) > $@ + cat build/local.cpio $(PACKAGES_CPIO) | gzip -9n >> $@ # etc/init isn't included in ETC_FILES, because it gets installed to # the root. diff --git a/host/initramfs/default.nix b/host/initramfs/default.nix index f22f9c8..1ed54fd 100644 --- a/host/initramfs/default.nix +++ b/host/initramfs/default.nix @@ -8,6 +8,7 @@ pkgs.callPackage ( { lib, stdenv, makeModulesClosure, nixos, runCommand, writeReferencesToFile , pkgsStatic, busybox, cpio, cryptsetup, linux-firmware, lvm2 +, microcodeAmd, microcodeIntel }: let @@ -63,6 +64,16 @@ let cp ${pkgsStatic.util-linuxMinimal}/bin/{findfs,lsblk} $out/bin ''; + microcode = if stdenv.hostPlatform.isx86_64 then + runCommand "microcode.cpio" { + nativeBuildInputs = [ cpio ]; + } '' + cpio -id < ${microcodeAmd}/amd-ucode.img + cpio -id < ${microcodeIntel}/intel-ucode.img + find kernel | cpio -oH newc -R +0:+0 --reproducible > $out + '' + else null; + packagesCpio = runCommand "packages.cpio" { nativeBuildInputs = [ cpio ]; storePaths = writeReferencesToFile packagesSysroot; @@ -81,6 +92,7 @@ stdenv.mkDerivation { src = cleanSource ./.; }; + MICROCODE = microcode; PACKAGES_CPIO = packagesCpio; nativeBuildInputs = [ cpio ]; -- cgit 1.4.1