From 184d2421b29410c9a2d8df727dd3fc666802d3b0 Mon Sep 17 00:00:00 2001
From: Adam Joseph <adam@westernsemico.com>
Date: Mon, 31 Oct 2022 01:54:47 -0700
Subject: [PATCH] kgpe: include microcode updates for 63xx cpus

---
 src/platform/kgpe/coreboot.config |  1 -
 src/platform/kgpe/default.nix     | 37 +++++++++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/src/platform/kgpe/coreboot.config b/src/platform/kgpe/coreboot.config
index 2dde7b3..d1211f0 100644
--- a/src/platform/kgpe/coreboot.config
+++ b/src/platform/kgpe/coreboot.config
@@ -272,7 +272,6 @@ CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y
 # CONFIG_USES_MICROCODE_HEADER_FILES is not set
 # CONFIG_CPU_MICROCODE_CBFS_GENERATE is not set
 # CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set
-CONFIG_CPU_MICROCODE_CBFS_NONE=y
 
 #
 # Northbridge
diff --git a/src/platform/kgpe/default.nix b/src/platform/kgpe/default.nix
index e870f10..5d465c3 100644
--- a/src/platform/kgpe/default.nix
+++ b/src/platform/kgpe/default.nix
@@ -1,3 +1,6 @@
+let
+  update_microcode = true;
+in
 {
   hostPlatform = (import <nixpkgs/lib>).systems.examples.gnu64;
 
@@ -5,7 +8,7 @@
 
     platform_name = "kgpe";
 
-    kernel = 
+    kernel =
       final.lib.makeOverridable (prev.kernel.override {
         config = ./linux.config;
         buildTargets = [ "bzImage" ];
@@ -15,13 +18,43 @@
         '';
       });
 
-    coreboot = final.lib.makeOverridable (prev.coreboot.override {
+    coreboot = let
+      # does include spectre mitigations (performance hit)
+      #linux-firmware = final.nixpkgsOnBuildForBuild.linux-firmware;
+      #path-within-linux-firmware = "lib/firmware/amd-ucode/microcode_amd_fam15h.bin";
+
+      # does *not* include spectre mitigations (no performance hit)
+      linux-firmware = final.nixpkgsOnBuildForBuild.fetchgit {
+        # most recent update that does *not* include spectre
+        # mitigations; needed for 63xx processors due to an exploitable
+        # NMI defect in that sieres (only)
+        url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git";
+        rev = "5f8ca0c1db6106a2d6d7e85eee778917ff03c3de";
+        branchName = "main";
+        #sparseCheckout = path-within-linux-firmware;
+        hash = "sha256-uwzz0z2+uPke8AVKb80Cy620efdRBSuwjfoIrQhepc8=";
+      };
+      path-within-linux-firmware = "amd-ucode/microcode_amd_fam15h.bin";
+    in
+      final.lib.makeOverridable (prev.coreboot.override {
       iasl = final.iasl_20180531;
       payload = "${final.kernel}/bzImage";
       fmap = ./custom.fmap;
       config = ./coreboot.config;
       coreboot-toolchain = with final.coreboot-toolchain; [ x64 i386 ];
     }).overrideAttrs (a: {
+      postConfigure = if update_microcode then ''
+        echo CONFIG_CPU_MICROCODE_MULTIPLE_FILES=y >> .config
+      '' else ''
+        echo CONFIG_CPU_MICROCODE_CBFS_NONE=y >> .config
+      '';
+      preBuild = final.lib.optionalString update_microcode ''
+        mkdir -p 3rdparty/blobs/cpu/amd/family_15h/
+        ln -sfT ${linux-firmware}/${path-within-linux-firmware} \
+          3rdparty/blobs/cpu/amd/family_15h/microcode_amd_fam15h.bin
+        mkdir -p 3rdparty/blobs/cpu/amd/family_10h-family_14h/
+        touch 3rdparty/blobs/cpu/amd/family_10h-family_14h/microcode_amd.bin
+      '';
       postInstall = (a.postInstall or "") + ''
         cp src/mainboard/asus/kgpe-d16/cmos.layout $out/
         cp src/mainboard/asus/kgpe-d16/cmos.default $out/