Bug 2024746

+++ This bug was initially created as a clone of Bug #1829601 +++

Description of problem:
grub can load multiple initramfs images for the kernel, so we can greatly simplify the microcode_ctl rpm by creating a separate initramfs image for the microcode data instead of calling dracut to rebuild images.  This will solve a number of problems including:
  * stale microcode in dracut initramfs images
  * possible corruption of initramfs images from the rebuild
  * slow installation of microcode_ctl if many initramfs images have to rebuild

The basic idea:
1. Disable early_microcode in dracut.conf
2. Generate a microcode.img cpio archive with just the microcode data
3. Update grub config to load both the microcode.img and initramfs.img

Proof-of-concept:

#!/bin/bash
set -x
dracut --force --no-early-microcode
mkdir /tmp/ucode
pushd /tmp/ucode
echo 1 > early_cpio
mkdir -p kernel/x86/microcode
CPU=$(lscpu | grep -e CPU.family: -e Model: -e Stepping: |
              awk '{printf("%02x\n", $NF)}' | sed ':a;N;s/\n/-/;ta')
cp $(rpm -ql microcode_ctl | grep $CPU) \
   kernel/x86/microcode/GenuineIntel.bin
find . -depth -print0 | cpio -o0ca > /boot/microcode.img
if ! grep -q microcode.img /boot/loader/entries/*$(uname -r).conf ; then
   sed -i 's@^initrd@initrd /microcode.img@' \
       /boot/loader/entries/*$(uname -r).conf
fi
popd
rm -fr /tmp/ucode



This proof-of-concept will need to be modified to take into account blacklisted microcodes such as 06-4f-01, but the general idea works:

[root@localhost ~]# uname -r
4.18.0-193.el8.x86_64

[root@localhost ~]# ./ucode.sh 
+ dracut --force --no-early-microcode
+ mkdir /tmp/ucode
+ pushd /tmp/ucode
/tmp/ucode ~
+ echo 1
+ mkdir -p kernel/x86/microcode
++ grep -e CPU.family: -e Model: -e Stepping:
++ awk '{printf("%02x\n", $NF)}'
++ sed ':a;N;s/\n/-/;ta'
++ lscpu
+ CPU=06-3a-09
++ rpm -ql microcode_ctl
++ grep 06-3a-09
+ cp /usr/share/microcode_ctl/ucode_with_caveats/intel/intel-ucode/06-3a-09 kernel/x86/microcode/GenuineIntel.bin
+ find . -depth -print0
+ cpio -o0ca
30 blocks
++ uname -r
+ grep -q microcode.img /boot/loader/entries/27f9c9713df84e30b1d04ff61926bfc7-4.18.0-193.el8.x86_64.conf
++ uname -r
+ sed -i 's@^initrd@initrd /microcode.img@' /boot/loader/entries/27f9c9713df84e30b1d04ff61926bfc7-4.18.0-193.el8.x86_64.conf
+ popd
~
+ rm -fr /tmp/ucode

[root@localhost ~]# grep initrd /boot/loader/entries/27f9c9713df84e30b1d04ff61926bfc7-4.18.0-193.el8.x86_64.conf
initrd /microcode.img /initramfs-4.18.0-193.el8.x86_64.img $tuned_initrd

[root@localhost ~]# lsinitrd /boot/initramfs-4.18.0-193.el8.x86_64.img | grep -e microcode -e GenuineIntel.bin
Arguments: --force --no-early-microcode
microcode_ctl-fw_dir_override

[root@localhost ~]# reboot
...

[root@localhost ~]# uptime
 16:51:30 up 1 min,  1 user,  load average: 0.64, 0.34, 0.13

[root@localhost ~]# journalctl --dmesg --no-hostname --output short-monotonic --grep microcode
-- Logs begin at Wed 2020-04-29 12:50:09 EDT, end at Wed 2020-04-29 16:50:45 EDT. --
[    0.000000] kernel: microcode: microcode updated early to revision 0x21, date = 2019-02-13
[    2.143464] kernel: microcode: sig=0x306a9, pf=0x10, revision=0x21
[    2.148961] kernel: microcode: Microcode Update Driver: v2.2.