From ff2838657d936e31d1b201ad45dc1d66b2300adf Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Wed, 16 Aug 2023 08:04:20 +0200
Subject: [PATCH 1/2] mxgrub: Create microcode update images and pass them to
 GRUB
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Linux kernel [documentation][1] and the distributions prepend them
to the possibly compressed initrd image manually, but then you need a
script like `lsinitramfs` to view the content, if it’s compressed.

Using separate files uses possibly not well tested GRUB code paths, but
allows us to easily handle all the files.

    $ gunzip --to-stdout -S .igz /boot/grub/initramfs.igz | cpio -i -t
    $ cpio -i --file /boot/amd-ucode.img -t
    $ cpio -i --file /boot/intel-ucode.img -t

[1]: https://docs.kernel.org/arch/x86/microcode.html
---
 mxgrub/mxgrub | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/mxgrub/mxgrub b/mxgrub/mxgrub
index a86e067..527c143 100755
--- a/mxgrub/mxgrub
+++ b/mxgrub/mxgrub
@@ -249,7 +249,7 @@ sub update_grub_cfg {
 
 	for my $label (@MARIUX) {
 		my $image=label_to_image($label);
-		$kernellist.="\tmenuentry \"$label\" --unrestricted { save_env chosen ; linux /boot/$image root=LABEL=root $KERNEL_PARAMETER ; initrd /boot/grub/initramfs.igz }\n";
+		$kernellist.="\tmenuentry \"$label\" --unrestricted { save_env chosen ; linux /boot/$image root=LABEL=root $KERNEL_PARAMETER ; initrd /boot/amd-ucode.img /boot/intel-ucode.img /boot/grub/initramfs.igz }\n";
 	}
 
 	my $GRUB_CFG_NEW=<<"EOF";
@@ -267,10 +267,10 @@ insmod all_video
 
 if [ -e /etc/local/USB.usb ]; then
 	set default="mariuxUSB"
-	menuentry "mariuxUSB" --unrestricted { save_env chosen ; linux /boot/bzImage.x86_64 root=LABEL=rootusb rootdelay=5 $KERNEL_PARAMETER ; initrd /boot/grub/initramfs.igz }
+	menuentry "mariuxUSB" --unrestricted { save_env chosen ; linux /boot/bzImage.x86_64 root=LABEL=rootusb rootdelay=5 $KERNEL_PARAMETER ; initrd /boot/amd-ucode.img /boot/intel-ucode.img /boot/grub/initramfs.igz }
 else
 
-menuentry "$MARIUX_DEFAULT" --unrestricted { set chosen="$submenu>$MARIUX_DEFAULT" ; save_env chosen ; linux /boot/bzImage.x86_64 root=LABEL=root $KERNEL_PARAMETER ; initrd /boot/grub/initramfs.igz }
+menuentry "$MARIUX_DEFAULT" --unrestricted { set chosen="$submenu>$MARIUX_DEFAULT" ; save_env chosen ; linux /boot/bzImage.x86_64 root=LABEL=root $KERNEL_PARAMETER ; initrd /boot/amd-ucode.img /boot/intel-ucode.img /boot/grub/initramfs.igz }
 
 submenu "$submenu" --unrestricted {
 $kernellist
@@ -354,6 +354,8 @@ sub cmd_update {
 }
 
 sub cmd_initramfs {
+	sys('bash','-c','TMPDIR=/scratch/local DSTDIR="$TMPDIR/kernel/x86/microcode"; mkdir -p "$DSTDIR"; cd "$DSTDIR" ; cat /lib/firmware/amd-ucode/microcode_amd*.bin > $DSTDIR/AuthenticAMD.bin ; find . | cpio -o -H newc > /boot/amd-ucode.img ; rm -rf "$TMPDIR/kernel"');
+	sys('bash','-c','TMPDIR=/scratch/local DSTDIR="$TMPDIR/kernel/x86/microcode"; mkdir -p "$DSTDIR"; cd "$DSTDIR" ; cat /lib/firmware/intel-ucode/* > $DSTDIR/GenuineIntel.bin ; find . | cpio -o -H newc > /boot/intel-ucode.img ; rm -rf "$TMPDIR/kernel"');
 	sys('bash','-c','cd /project/admin/initramfs ; find . -name ".git*" -prune -or -print | cpio -H newc -o | gzip > /boot/grub/initramfs.igz');
 }
 

From f8108a119a05ecbdaa70d110756d3ab5eba5d56f Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Fri, 18 Aug 2023 17:02:30 +0200
Subject: [PATCH 2/2] mxgrub: Improve code and implement suggestions

---
 mxgrub/mxgrub | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/mxgrub/mxgrub b/mxgrub/mxgrub
index 527c143..3b36fa0 100755
--- a/mxgrub/mxgrub
+++ b/mxgrub/mxgrub
@@ -353,9 +353,23 @@ sub cmd_update {
 	update_grub_cfg();
 }
 
+sub build_microcode {
+    my ($pattern, $image, $binname) = @_;
+    sys(<<"EOF");
+set -e
+DSTDIR=kernel/x86/microcode
+mkdir -p /scratch/local/mxgrub-build-microcode/
+cd \$_
+mkdir -p "\$DSTDIR"
+cat $pattern > "\$DSTDIR"/$binname
+find . | cpio -o -H newc > $image
+rm -rf /scratch/local/mxgrub-build-microcode/
+EOF
+}
+
 sub cmd_initramfs {
-	sys('bash','-c','TMPDIR=/scratch/local DSTDIR="$TMPDIR/kernel/x86/microcode"; mkdir -p "$DSTDIR"; cd "$DSTDIR" ; cat /lib/firmware/amd-ucode/microcode_amd*.bin > $DSTDIR/AuthenticAMD.bin ; find . | cpio -o -H newc > /boot/amd-ucode.img ; rm -rf "$TMPDIR/kernel"');
-	sys('bash','-c','TMPDIR=/scratch/local DSTDIR="$TMPDIR/kernel/x86/microcode"; mkdir -p "$DSTDIR"; cd "$DSTDIR" ; cat /lib/firmware/intel-ucode/* > $DSTDIR/GenuineIntel.bin ; find . | cpio -o -H newc > /boot/intel-ucode.img ; rm -rf "$TMPDIR/kernel"');
+	build_microcode('/lib/firmware/amd-ucode/microcode_amd*.bin', '/boot/amd-ucode.img',  'AuthenticAMD.bin');
+	build_microcode('/lib/firmware/intel-ucode/*', '/boot/intel-ucode.img',  'GenuineIntel.bin');
 	sys('bash','-c','cd /project/admin/initramfs ; find . -name ".git*" -prune -or -print | cpio -H newc -o | gzip > /boot/grub/initramfs.igz');
 }