Posted on 01/04/2022 3:37:59 PM PST by ShadowAce
Last year, several security vulnerabilities were discovered, making it difficult for system administrators to patch the systems without downtime quickly.
What if some improvements can be made to update some critical components for security/performance improvements without rebooting a system?
Intel aims to achieve that with its new PFRUT (Platform Firmware Runtime Update and Telemetry) driver.
While Linux Kernel 5.16 is due later this weekend, Intel aims to merge this new addition with the upcoming Linux Kernel 5.17 stable release.
But, what exactly is it?
With PFRUT driver, specific components (or the system firmware) can be updated while the system is running without needing to reboot.
Initially, Intel preferred to call it a “Seamless Update” solution. However, with the recent commit for Linux Kernel added to the Linux power management’s “linux-next” branch, they might be sticking to a vendor-neutral name, pfrut_driver.
If you are curious, the “linux-next” branch means that those changes will make their way to the next Linux Kernel 5.17 stable release.
In technical terms, the commit explains the change as follows:
The user is expected to provide the EFI capsule, and pass it to the driver by writing the capsule to a device special file. The capsule is transferred by the driver to the platform firmware with the help of an ACPI _DSM method under the special ACPI Platform Firmware Runtime Update device (INTC1080), and the actual firmware update is carried out by the low-level Management Mode code in the platform firmware
This should eliminate any downtime, as one would typically expect with an essential update to firmware addressing any security and performance improvements. And, system firmware updates can be easily applied directly through the operating system (Linux, here).
The telemetry part of the driver exists to “retrieve log messages from MM for monitoring
and the root cause of issues,” as highlighted in one of the PDFs detailing how this works.
Note that this is only possible with a Linux system and an Intel chip on board.
The addition of this ability should come in incredibly handy, considering it is not ideal to wait for a task to complete when you need to patch the system firmware to defend against a security issue.
Primarily, the improvement is tailored to benefit server-specific hardware.
The official Intel documentation states it is meant for systems with high service level agreements (SLAs) requiring a minimal number of reboots.
However, this should be useful for a specific group of desktop users with enterprise-grade systems.
While this may not be something essential for desktop Linux distros, it could be an exciting start to something that improves the user experience. Specifically for users keen to keep their system firmware updated without severe interruptions to their active work.
This should also introduce the possibility of more types of updates that can be handled by the operating system instead of the motherboard when it comes to BIOS or UEFI.
Not just limited to the support for Linux desktop users, one would need to have server-grade hardware configured for your desktop.
This is limited to Linux systems, but this should also be possible for Windows and other operating systems soon.
Man that is too bad it is just for servers. But that is already kind of a cool thing about Linux, You can install and run apps on the fly without needing to reboot. Most anyway.
Firmware runtime updates?
Sounds secure to me.
I don’t get it. Why buy an imitation Linux when you could have the real thing free?
Good point.
Sounds like a security breach right there.
I’m no software/hardware expert, but know enough to be dangerous, and that was exactly my reaction.
…more PFRUT patches on the way too.
” But that is already kind of a cool thing about Linux, You can install and run apps on the fly without needing to reboot. “
I can do that on my W-10 and android systems.
All Linux uses the same Kernel and it is free. They are going to add this into the newest stable kernel.
Yeah but it has always been built into Linux from what I understand. Not till lately with MS. And Android is Linux.
“Not till lately with MS.”
2012
Well, that is lately for old farts... :)
Sounds like the definition of downtime changes. A lot of overhead.
I bowl with them on fish stick Friday.
.
I think you are confusing system updates with apps. Windows has enabled installation of most all programs for as long as i remember without reboots, and you can reboot explorer.exe for some of the rare few that need a reboot (or after editing the registry). Look at see the over 200 tweaks you can do with the free and well used Ultimate Windows Tweaker 4 for Windows 10, and also the list of Winaero Tweaker features)
I do not know of any Linux utilities that are comparable to them, but for me it does not warrant the loss of time to attempt to configure a Linux distro (I have tried dozens) to be even close to comparable to this customized Windows. Thank God for such tools and competition that makes good ones better.
With PFRUT driver, specific components (or the system firmware) can be updated while the system is running without needing to reboot.
—
Meals on wheels for malware, hacks, scams and other malicious attacks, but a revenue booster for makers of software to prevent that.
#Firmware runtime updates?
#Sounds secure to me.
That was my first thought when I saw this reported last week. Not something that I’m particularly interested in.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.