Linux 5.19 Frowns On x86/x86_64 Late Microcode Loading - "It's Just Lottery & Broken"

A last minute change sent in on Sunday and merged prior to Linux 5.19-rc1 disables late microcode loading by default for x86/x86_64 processors over its sad state of affairs.

The change disables the default late loading of microcode support by default, renames it from "MICROCODE_OLD_INTERFACE" to "MICROCODE_LATE_LOADING", and will now warn and taint the kernel when the microcode is loaded late.

The situation is summed up as the following with the new documentation:

Loading microcode late, when the system is up and executing instructions is a tricky business and should be avoided if possible. Just the sequence of synchronizing all cores and SMT threads is one fragile dance which does not guarantee that cores might not softlock after the loading. Therefore, use this at your own risk. Late loading taints the kernel too.

In the pull request, Thomas Gleixner summed it up as, "Disable late microcode loading by default. Unless the [hardware] people get their act together and provide a required minimum version in the microcode header for making a halfways informed decision its just lottery and broken."

Best practices recommend applying CPU microcode updates at the initial boot time with early loading and baking the microcode into the initrd. Having the CPUs properly run on their latest microcode successfully is all the more important these days considering the severity of CPU bugs like Spectre speculative execution vulnerabilities and other notable issues in recent years.

The kernel message log sums up the late microcode loading as dangerous and tainting the kernel. More details within this honored pull request if interested.