Description Philipp Hahn 2019-06-24 13:34:14 CEST

Intel (and AMD) CPUs have several architectural flaws, which were patched by several microcode updates in the past:
- Spectre
- Meltdown
- Foreshadow / L1 Terminal Fault
- Microarchitectural Data Sampling

We already have updated the microcode-update-packages in UCS,
patched the Linux kernel to use it,
shipped updated Qemu packages allowing to pass through those new features,
and finally shipped an updated libvirt to enable it per VM.

Enabling new microcode features is a backward incompatible change, which is is visible to the VM and modifies the CPU save state: VM with those features enabled MUST NOT be migrated to hosts missing the updated packages.
As such those features are not enabled by default and must be enabled manually.

UVMM needs to be extended to at least allow configuring those features.
As the set of features depends on the exact CPU model, Bug #49695 needs to be addressed first.