microcode_ctl/SOURCES/06-8c-01_readme

Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
had reports of system hangs when a microcode update, that was included
since microcode-20201110 update, was applied[1].  In order to address this,
microcode update had been disabled by default on these systems.  The revision
0x88 seems to have fixed the aforementioned issue, hence it is enabled
by default (but can be disabled explicitly; see below).

[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44

For the reference, SHA1 checksums of 06-8c-01 microcode files containing
microcode revisions in question are listed below:
 * 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
 * 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
 * 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
 * 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f

Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version.  For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
 * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
   CVE-2020-8696 (Vector Register Leakage-Active),
   CVE-2020-8698 (Fast Forward Store Predictor):
   https://access.redhat.com/articles/5569051
 * CVE-2020-24489 (VT-d-related Privilege Escalation),
   CVE-2020-24511 (Improper Isolation of Shared Resources),
   CVE-2020-24512 (Observable Timing Discrepancy),
   CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
   https://access.redhat.com/articles/6101171
 * CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
   https://access.redhat.com/articles/6716541
 * CVE-2022-21123 (Shared Buffers Data Read):
   https://access.redhat.com/articles/6963124

The information regarding disabling microcode update is provided below.

To disable 06-8c-01 microcode updates for a specific kernel
version, please create a file "disallow-intel-06-8c-01" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
directory where microcode is available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated, for example:

    touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
    /usr/libexec/microcode_ctl/update_ucode
    dracut -f --kver 3.10.0-862.9.1

To avoid addition of this microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:

    mkdir -p /etc/microcode_ctl/ucode_with_caveats
    touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
    /usr/libexec/microcode_ctl/update_ucode
    dracut -f --regenerate-all

Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00			`Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)`
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`had reports of system hangs when a microcode update, that was included`
			`since microcode-20201110 update, was applied[1]. In order to address this,`
			`microcode update had been disabled by default on these systems. The revision`
			`0x88 seems to have fixed the aforementioned issue, hence it is enabled`
			`by default (but can be disabled explicitly; see below).`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00
			`[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44`

import microcode_ctl-20210216-1.20210525.1.el8_4 2021-06-02 12:12:50 +00:00			`For the reference, SHA1 checksums of 06-8c-01 microcode files containing`
			`microcode revisions in question are listed below:`
			`* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04`
			`* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290`
import microcode_ctl-20210608-1.20220204.1.el8_5 2022-02-11 05:30:42 +00:00			`* 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e`
import microcode_ctl-20220510-1.el8 2022-06-23 17:27:29 +00:00			`* 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f`
import microcode_ctl-20210216-1.20210525.1.el8_4 2021-06-02 12:12:50 +00:00
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00			`Please contact your system vendor for a BIOS/firmware update that contains`
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`the latest microcode version. For the information regarding microcode versions`
			`required for mitigating specific side-channel cache attacks, please refer`
			`to the following knowledge base articles:`
			`* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),`
			`CVE-2020-8696 (Vector Register Leakage-Active),`
			`CVE-2020-8698 (Fast Forward Store Predictor):`
			`https://access.redhat.com/articles/5569051`
			`* CVE-2020-24489 (VT-d-related Privilege Escalation),`
			`CVE-2020-24511 (Improper Isolation of Shared Resources),`
			`CVE-2020-24512 (Observable Timing Discrepancy),`
			`CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):`
			`https://access.redhat.com/articles/6101171`
import microcode_ctl-20220207-1.el8 2022-02-16 04:20:42 +00:00			`* CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):`
			`https://access.redhat.com/articles/6716541`
import microcode_ctl-20220510-1.el8 2022-06-23 17:27:29 +00:00			`* CVE-2022-21123 (Shared Buffers Data Read):`
			`https://access.redhat.com/articles/6963124`
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00
			`The information regarding disabling microcode update is provided below.`

			`To disable 06-8c-01 microcode updates for a specific kernel`
			`version, please create a file "disallow-intel-06-8c-01" inside`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00			`/lib/firmware/<kernel_version> directory, run`
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware`
			`directory where microcode is available for late microcode update, and run`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00			`"dracut -f --kver <kernel_version>", so initramfs for this kernel version`
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`is regenerated, for example:`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00			`/usr/libexec/microcode_ctl/update_ucode`
			`dracut -f --kver 3.10.0-862.9.1`

import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`To avoid addition of this microcode for all kernels, please create file`
			`"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run`
			`"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,`
			`and "dracut -f --regenerate-all" for early microcode updates:`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00
			`mkdir -p /etc/microcode_ctl/ucode_with_caveats`
import microcode_ctl-20210608-1.el8 2021-07-24 06:19:08 +00:00			`touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01`
import microcode_ctl-20201112-1.el8 2020-11-16 06:09:24 +00:00			`/usr/libexec/microcode_ctl/update_ucode`
			`dracut -f --regenerate-all`

			`Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional`
			`information.`