diff --git a/.gitignore b/.gitignore index 2db0108..dde48d9 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,6 @@ SOURCES/06-2d-07 SOURCES/06-4e-03 SOURCES/06-55-04 SOURCES/06-5e-03 -SOURCES/06-8c-01 SOURCES/microcode-20190918.tar.gz SOURCES/microcode-20191115.tar.gz -SOURCES/microcode-20210216.tar.gz +SOURCES/microcode-20210525.tar.gz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 46dfad3..779ae02 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -2,7 +2,6 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03 2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03 -2204a6dee1688980cd228268fdf4b6ed5904fe04 SOURCES/06-8c-01 bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz -26608161d98c3d0c965fc41856520434b14c000d SOURCES/microcode-20210216.tar.gz +000cb9ab3260786611f3481bf82d3c32506e91ae SOURCES/microcode-20210525.tar.gz diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme index 49373e2..655aeb4 100644 --- a/SOURCES/06-4e-03_readme +++ b/SOURCES/06-4e-03_readme @@ -13,6 +13,7 @@ microcode revisions in question are listed below: * 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e * 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c * 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366 + * 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme index cdec2c2..c719501 100644 --- a/SOURCES/06-55-04_readme +++ b/SOURCES/06-55-04_readme @@ -19,6 +19,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967 * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 + * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme index 9e21ac0..1de9002 100644 --- a/SOURCES/06-5e-03_readme +++ b/SOURCES/06-5e-03_readme @@ -13,6 +13,7 @@ microcode revisions in question are listed below: * 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a * 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7 * 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c + * 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions diff --git a/SOURCES/06-8c-01_readme b/SOURCES/06-8c-01_readme index 16afb9b..05b1ab1 100644 --- a/SOURCES/06-8c-01_readme +++ b/SOURCES/06-8c-01_readme @@ -5,6 +5,11 @@ microcode update has been disabled by default on these systems. [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 +For the reference, SHA1 checksums of 06-8c-01 microcode files containing +microcode revisions in question are listed below: + * 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04 + * 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290 + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. diff --git a/SOURCES/06-8e-9e-0x-0xca_readme b/SOURCES/06-8e-9e-0x-0xca_readme index cef8e9b..22f47dd 100644 --- a/SOURCES/06-8e-9e-0x-0xca_readme +++ b/SOURCES/06-8e-9e-0x-0xca_readme @@ -82,6 +82,16 @@ in question: * 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542 * 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c + * 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d + * 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8 + * 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac + * 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3 + * 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668 + * 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4 + * 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c + * 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4 + * 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer diff --git a/SOURCES/06-8e-9e-0x-dell_readme b/SOURCES/06-8e-9e-0x-dell_readme index 94b9bb6..0f12fee 100644 --- a/SOURCES/06-8e-9e-0x-dell_readme +++ b/SOURCES/06-8e-9e-0x-dell_readme @@ -82,6 +82,16 @@ in question: * 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542 * 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c + * 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d + * 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8 + * 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac + * 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3 + * 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668 + * 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4 + * 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c + * 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4 + * 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a + Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer diff --git a/SOURCES/README b/SOURCES/README index 8878252..193ee9a 100644 --- a/SOURCES/README +++ b/SOURCES/README @@ -22,6 +22,30 @@ microcode files and their usage. * SECURITY.intel-ucode "security.md" file from the Intel x86 CPU microcode archive. * SUMMARY.intel-ucode - Information about supplied microcode files extracted from their headers. + Information about supplied microcode files extracted from their headers, + in a table form. Columns have the following meaning: + * "Path": path to the microcode file under one of the following directories: + * /usr/share/microcode_ctl/ucode_with_caveats/intel + * /usr/share/microcode_ctl/ucode_with_caveats + * /usr/share/microcode_ctl + * /lib/firmware + * /etc/firmware + * "Offset": offset of the microcode blob within the micocode file in bytes. + * "Ext. Offset": offset of the extended signature header within + the microcode file in bytes. + * "Data Size": size of microcode data in bytes. 0 means 2000 bytes. + * "Total Size": size of microcode blob in bytes, incuding headers. + 0 means 2048 bytes. + * "CPUID": CPU ID signature (in format returned by the CPUID instruction). + * "Platform ID Mask": mask of suitable Platform IDs (provided in bits + 52..50 of MSR 0x17). + * "Revision": microcode revision. + * "Date": microcode creation date. + * "Checksum": sum (in base 1<< 32) of all 32-bit values comprising + the microcode (from Offset up to Offset + Total Size). + * "Codenames": list of known CPU codenames associated with the CPUID + and Platform ID Mask combination. + Please refer to README.cavets, section "Microcode file structure" + for additional information regarding microcode header fields. * caveats - Directory that contains readme files for specific caveats. + Directory that contains readme files for each specific caveat. diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats index d18c2a5..9b01dec 100644 --- a/SOURCES/README.caveats +++ b/SOURCES/README.caveats @@ -89,6 +89,75 @@ installation or removal of a kernel RPM in order to provide microcode files for newly installed kernels and cleanup symlinks for the uninstalled ones. +Microcode file structure +------------------------ +Intel x86 CPU microcode file (that is, one that can be directly consumed +by the CPU/kernel, and not its text representation such as used in microcode.dat +files) is a bundle of concatenated microcode blobs. Each blob has a header, +payload, and an optional additional data, as follows (for additional information +please refer to "Intel® 64 and IA-32 Architectures Software Developer’s Manual" +[1], Volume 3A, Section 9.11.1 "Microcode Update"): + * Header (48 bytes) + * Header version (unsigned 32-bit integer): version number of the update + header. Must be 0x1. + * Microcode revision (signed 32-bit integer) + * Microcode date (unsigned 32-bit integer): encoded as BCD in mmddyyyy format + (0x03141592 is 1592-03-14 in ISO 8601) + * CPU signature (unsigned 32-bit integer): CPU ID, as provided + by the CPUID (EAX = 0x1) instruction in the EAX register: + * bits 31..28: reserved + * bits 27..20: "Extended Family", summed with the Family field value + * bits 19..16: "Extended Model", bits 7..4 of the CPU model + * bits 15..14: reserved + * bits 13..12: "Processor Type", non-zero value (other than the "primary + processor") so far used only for the Deschutes (Pentium II) CPU family, + with the processor type of 1, to signify it is an Overdrive processor: + CPUID 0x1632. + * bits 11..08: Family, summed with the Extended Family field value + * bits 07..04: Model (bits 3..0) + * bits 03..00: Stepping + In short, microcode file with Family-Model-Stepping of uv-wx-0z corresponds + to CPUID 0x0TUw0Vxz, where uv = TU + V, with V usually being 0xF when + uv >= 16; with Family being 6 on most of recent Intel CPUs this transforms + into 0x000w06xz. Please also refer to README.intel-ucode, section "About + Processor Signature, Family, Model, Stepping and Platform ID" + for additional information. + * Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) of all + the 32-bit integers comprising the microcode amounts to 0. + * Loader version (unsigned 32-bit integer): 0x1. + * Platform ID mask (unsigned 32-bit integer): lower 8 bits indicate the set + of possible values of bits 52..50 of MSR 0x17 ("Platform ID"). In old + (up to Pentium II) microcode blobs the mask may be zero. + * Data size (unsigned 32-bit integer): size of the Payload in bytes, + has to be divisible by 4. 0 means 2000. + * Total size (unsigned 32-bit integer): total microcode blob size (including + header and extended header), has to be divisible by 1024. 0 means 2048. + * Reserved (12 bytes). + * Payload + * Additional data (optional, 20 + 12 * n bytes) + * Extended signature table header (20 bytes) + * Extended signature count (unsigned 32-bit integer) + * Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) + of all the 32-bit integers comprising the extender signature table + amounts to 0. + * Reserved (12 bytes). + * Extended signature (12 bytes each) + * CPU signature (unsigned 32-bit integer): see the description of the CPU + signature field in the Header above. + * Platform ID mask (unsigned 32-bit integer): see the description + of the Platform ID mask field in the Header above. + * Checksum (unsigned 32-bit integer): correct if sum (in base 1<< 32) + of all the 32-bit integers comprising the Header (with CPU signature + and Platform ID mask fields replaced with the values from this signature) + and the Payload amounts to 0. Note that since External signature table + header has its own checksum, sum of all its 32-bit values amounts to 0, + so the Checksum in the Header and in the Extended signature will be + the same if the values of CPU signature and Platform ID mask fields + are the same, + +[1] https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html + + Caveat configuration -------------------- There is a directory for each caveat under @@ -156,10 +225,6 @@ separated by white space. Currently, the following options are supported: configuration. Argument for the argument is a list of stages ("early", "late") for which the caveat should be disable. The configuration option can be provided multiple times in a configuration file. - * "blacklist" is a marker for a start of list of blacklisted model names, - one model name per line. The model name of the running CPU (as reported - in /proc/cpuinfo) is compared against the names in the provided list, and, - if there is a match, caveat check fails. * "pci_config_val" performs check for specific values in selected parts of configuration space of specified PCI devices. If "-m" option is not specified, then the actual check is skipped, and the check returns diff --git a/SOURCES/check_caveats b/SOURCES/check_caveats index ee8db57..7612e69 100755 --- a/SOURCES/check_caveats +++ b/SOURCES/check_caveats @@ -165,7 +165,7 @@ check_pci_config_val() local checked=0 matched=0 path='' local dev_path dev_vid dev_did dev_val local opts="${1:-}" - local match_model="${2:0}" + local match_model="${2:-0}" set -- $1 while [ "$#" -gt 0 ]; do @@ -288,7 +288,7 @@ check_dmi_val() { local key= val= mode='success-equal' nm_mode='success' local opts="${1:-}" opt= opt_= - local match_model="${2:0}" + local match_model="${2:-0}" local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor " local success=1 @@ -341,7 +341,7 @@ check_dmi_val() exit } - file_val="$(cat "/sys/devices/virtual/dmi/id/${key}")" + file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")" [ "x${val}" = "x${file_val}" ] || success=0 @@ -386,6 +386,12 @@ get_mc_path() AuthenticAMD) echo "amd-ucode/$2" ;; + *) + # We actually only support Intel ucode, but things may break + # if nothing is printed (input would be gotten from stdin + # otherwise). + echo "invalid" + ;; esac } @@ -394,8 +400,12 @@ get_mc_ver() /bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo } +# fail [CHECK_ONLY] fail() { + check_only="${1:-0}" + [ 0 = "$check_only" ] || return + ret=1 fail_cfgs="$fail_cfgs $cfg" @@ -467,34 +477,44 @@ else stage="late" fi - -for cfg in $(echo "${configs}"); do - dir="$MC_CAVEATS_DATA_DIR/$cfg" +# check_caveat CFG [CHECK_ONLY] +# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs, +# skip_cfgs if CHECK_ONLY is set to 0 (default). +# Return value: +# 0 - check is successful +# 1 - check has been failed +# 2 - configuration has been skipped +check_caveat() { + local cfg="$1" + local check_only="${2:-0}" + local dir="$MC_CAVEATS_DATA_DIR/$cfg" # We add cfg to the skip list first and then, if we do not skip it, # we remove the configuration from the list. - skip_cfgs="$skip_cfgs $cfg" + [ 0 != "$check_only" ] || skip_cfgs="$skip_cfgs $cfg" [ -r "${dir}/readme" ] || { debug "File 'readme' in ${dir} is not found, skipping" - continue + return 2 } [ -r "${dir}/config" ] || { debug "File 'config' in ${dir} is not found, skipping" - continue + return 2 } - cfg_model= - cfg_vendor= - cfg_path= - cfg_kvers= - cfg_kvers_early= - cfg_blacklist= - cfg_mc_min_ver_late= - cfg_disable= - cfg_pci= - cfg_dmi= + local cfg_model= + local cfg_vendor= + local cfg_path= + local cfg_kvers= + local cfg_kvers_early= + local cfg_mc_min_ver_late= + local cfg_disable= + local cfg_pci= + local cfg_dmi= + + local key + local value while read -r key value; do case "$key" in @@ -519,13 +539,6 @@ for cfg in $(echo "${configs}"); do disable) cfg_disable="$cfg_disable $value " ;; - blacklist) - cfg_blacklist=1 - # "blacklist" is special: it stops entity parsing, - # and the rest of file is a list of blacklisted model - # names. - break - ;; pci_config_val) cfg_pci="$cfg_pci $value" @@ -544,12 +557,7 @@ for cfg in $(echo "${configs}"); do esac done < "${dir}/config" - [ -z "${cfg_blacklist}" ] || \ - cfg_blacklist=$(/bin/sed -n '/^blacklist$/,$p' "${dir}/config" | - /usr/bin/tail -n +2) - debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'" - debug "${cfg}: blacklist '$cfg_blacklist'" # Check for override files in the following order: # - disallow early/late specific caveat for specific kernel @@ -570,10 +578,10 @@ for cfg in $(echo "${configs}"); do # - force early/late everyhting # - disallow everything # - force everyhting - ignore_cfg=0 - force_cfg=0 - override_file="" - overrides=" + local ignore_cfg=0 + local force_cfg=0 + local override_file="" + local overrides=" 0:$FW_DIR/$kver/disallow-$stage-$cfg 1:$FW_DIR/$kver/force-$stage-$cfg 0:$FW_DIR/$kver/disallow-$cfg @@ -590,6 +598,9 @@ for cfg in $(echo "${configs}"); do 1:$CFG_DIR/force-$stage 0:$CFG_DIR/disallow 1:$CFG_DIR/force" + local o + local o_force + local override_file for o in $(echo "$overrides"); do o_force=${o%%:*} override_file=${o#$o_force:} @@ -608,7 +619,7 @@ for cfg in $(echo "${configs}"); do [ 0 -eq "$ignore_cfg" ] || { debug "Configuration \"$cfg\" is ignored due to presence of" \ "\"$override_file\"." - continue + return 2 } # Check model if model filter is enabled @@ -617,11 +628,13 @@ for cfg in $(echo "${configs}"); do debug "Current CPU model '$cpu_model' doesn't" \ "match configuration CPU model '$cfg_model'," \ "skipping" - continue + return 2 } fi # Check paths if model filter is enabled + local cpu_mc_path + local cfg_mc_present if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \ "$cpu_vendor" "${cpu_model#* }")" @@ -640,7 +653,7 @@ for cfg in $(echo "${configs}"); do [ 1 = "$cfg_mc_present" ] || { debug "No matching microcode files in '$cfg_path'" \ "for CPU model '$cpu_model', skipping" - continue + return 2 } fi @@ -650,30 +663,34 @@ for cfg in $(echo "${configs}"); do debug "Current CPU vendor '$cpu_vendor' doesn't" \ "match configuration CPU vendor '$cfg_vendor'," \ "skipping" - continue + return 2 } fi # Check configuration files - ret_cfgs="$ret_cfgs $cfg" - ret_paths="$ret_paths $cfg_path" - skip_cfgs="${skip_cfgs% $cfg}" + [ 0 != "$check_only" ] || { + ret_cfgs="$ret_cfgs $cfg" + ret_paths="$ret_paths $cfg_path" + skip_cfgs="${skip_cfgs% $cfg}" + } [ 0 -eq "$force_cfg" ] || { debug "Checks for configuration \"$cfg\" are ignored due to" \ "presence of \"$override_file\"." - ok_cfgs="$ok_cfgs $cfg" - ok_paths="$ok_paths $cfg_path" + [ 0 != "$check_only" ] || { + ok_cfgs="$ok_cfgs $cfg" + ok_paths="$ok_paths $cfg_path" + } - continue + return 0 } [ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || { debug "${cfg}: caveat is disabled in configuration" - fail - continue + fail "$check_only" + return 1 } # Check late load kernel version @@ -681,8 +698,8 @@ for cfg in $(echo "${configs}"); do check_kver "$kver" $cfg_kvers || { debug "${cfg}: late load kernel version check for" \ " '$kver' against '$cfg_kvers' failed" - fail - continue + fail "$check_only" + return 1 } fi @@ -691,17 +708,8 @@ for cfg in $(echo "${configs}"); do check_kver "$kver" $cfg_kvers_early || { debug "${cfg}: early load kernel version check for" \ "'$kver' against '$cfg_kvers_early' failed" - fail - continue - } - fi - - # Check model blacklist - if [ -n "$cfg_blacklist" ]; then - echo "$cfg_blacklist" | /bin/grep -vqFx "${cpu_model_name}" || { - debug "${cfg}: model '${cpu_model_name}' is blacklisted" - fail - continue + fail "$check_only" + return 1 } fi @@ -714,8 +722,8 @@ for cfg in $(echo "${configs}"); do debug "${cfg}: CPU microcode version $cpu_mc_ver" \ "failed check (should be at least" \ "${cfg_mc_min_ver_late})" - fail - continue + fail "$check_only" + return 1 } fi @@ -736,8 +744,8 @@ for cfg in $(echo "${configs}"); do [ -z "${pci_line#* }" ] || { debug "PCI configuration word check '${pci_line#* }'" \ "failed (with return code ${pci_line%% *})" - fail - continue + fail "$check_only" + return 1 } fi @@ -759,13 +767,21 @@ for cfg in $(echo "${configs}"); do [ -z "${dmi_line#* }" ] || { debug "DMI data check '${dmi_line#* }'" \ "failed (with return code ${dmi_line%% *})" - fail - continue + fail "$check_only" + return 1 } fi - ok_cfgs="$ok_cfgs $cfg" - ok_paths="$ok_paths $cfg_path" + [ 0 != "$check_only" ] || { + ok_cfgs="$ok_cfgs $cfg" + ok_paths="$ok_paths $cfg_path" + } + + return 0 +} + +for cfg in $(echo "${configs}"); do + check_caveat "$cfg" || : done [ 0 -eq "$print_disclaimers" ] || exit 0 diff --git a/SOURCES/codenames.list b/SOURCES/codenames.list index be1f3d2..8dd68ab 100644 --- a/SOURCES/codenames.list +++ b/SOURCES/codenames.list @@ -242,6 +242,7 @@ Server;;Skylake;B1;97;50653;SKX;SP;Xeon Scalable; Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX; Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable; Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx; +Server;;Cascade Lake;A0;b7;50655;CLX;SP;Xeon Scalable Gen2; Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2; Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;; Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2; @@ -262,11 +263,17 @@ Server;;Skylake;N0,R0,S0;36;506e3;SKL;Xeon E3;Xeon E3 v5; SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx; SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272 Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile; +Server;;Ice Lake;C0;87;606a5;ICX;SP;Xeon Scalable Gen3; +Server;;Ice Lake;D0;87;606a6;ICX;SP;Xeon Scalable Gen3; SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100 SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile; -Server;;Knights Mill;A0;08;80650;KNM;;Xeon hi 72x5;Xeon Phi 7235, 7285, 7295 +Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295 +SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB; +SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB; Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile; +Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile; +Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile; Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile; Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile; Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile; @@ -277,6 +284,7 @@ Mobile;;Comet Lake;V0;94;806ec;CML;U 4+2;Core Gen10 Mobile; Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile; +SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E; Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7; Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile; Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6; @@ -292,11 +300,13 @@ Server;;Coffee Lake;P0;22;906ec;CFL;Xeon E;Xeon E; Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop; Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile; Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E; +SOC;;Jasper Lake;A0,A1;01;906c0;JSL;;Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105; Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile; Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop; Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop; Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile; Mobile;;Comet Lake;K0;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile; +Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11; SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology; # sources: diff --git a/SOURCES/gen_updates2.py b/SOURCES/gen_updates2.py index c5e7a8f..51056f9 100755 --- a/SOURCES/gen_updates2.py +++ b/SOURCES/gen_updates2.py @@ -3,6 +3,7 @@ import argparse import errno +import fnmatch import io import itertools import os @@ -10,6 +11,7 @@ import re import shutil import struct import sys +import tarfile import tempfile from subprocess import PIPE, Popen, STDOUT @@ -34,6 +36,7 @@ except: log_level = 0 print_date = False +file_glob = ["*??-??-??", "*microcode*.dat"] def log_status(msg, level=0): @@ -96,13 +99,15 @@ def file_walk(args, yield_dirs=False): def cpuid_fname(c): + # Note that the Extended Family is summed up with the Family, + # while the Extended Model is concatenated with the Model. return "%02x-%02x-%02x" % ( - ((c >> 16) & 0xff0) + ((c >> 8) & 0xf), + ((c >> 20) & 0xff) + ((c >> 8) & 0xf), ((c >> 12) & 0xf0) + ((c >> 4) & 0xf), c & 0xf) -def read_revs_dir(path, src=None, ret=None): +def read_revs_dir(path, args, src=None, ret=None): if ret is None: ret = [] @@ -156,18 +161,24 @@ def read_revs_dir(path, src=None, ret=None): while cur_offs < offs + hdr[8] \ and ext_sig_cnt <= ext_tbl[0]: ext_sig = struct.unpack("III", f.read(12)) - ret.append({"path": rp, "src": src or path, - "cpuid": ext_sig[0], "pf": ext_sig[1], - "rev": hdr[1], "date": hdr[2], - "offs": offs, "ext_offs": cur_offs, - "cksum": hdr[4], - "ext_cksum": ext_sig[2], - "data_size": hdr[7], - "total_size": hdr[8]}) + ignore = args.ignore_ext_dups and \ + (ext_sig[0] == hdr[3]) + if not ignore: + ret.append({"path": rp, "src": src or path, + "cpuid": ext_sig[0], + "pf": ext_sig[1], + "rev": hdr[1], "date": hdr[2], + "offs": offs, "ext_offs": cur_offs, + "cksum": hdr[4], + "ext_cksum": ext_sig[2], + "data_size": hdr[7], + "total_size": hdr[8]}) log_status(("Got ext sig %#x/%#x for " + - "%s:%#x:%#x/%#x") % - (ext_sig[0], ext_sig[1], rp, offs, - hdr[3], hdr[6]), level=2) + "%s:%#x:%#x/%#x%s") % + (ext_sig[0], ext_sig[1], + rp, offs, hdr[3], hdr[6], + " (ignored)" if ignore else ""), + level=2) cur_offs += 12 ext_sig_cnt += 1 @@ -180,7 +191,7 @@ def read_revs_dir(path, src=None, ret=None): return ret -def read_revs_rpm(path, ret=None): +def read_revs_rpm(path, args, ret=None): if ret is None: ret = [] @@ -191,7 +202,7 @@ def read_revs_rpm(path, ret=None): rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE, close_fds=True) - cpio = Popen(args=["cpio", "-idmv", "*??-??-??", "*microcode*.dat"], + cpio = Popen(args=["cpio", "-idmv"] + file_glob, cwd=dir_tmp, stdin=rpm2cpio.stdout, stdout=PIPE, stderr=STDOUT) out, cpio_stderr = cpio.communicate() @@ -210,20 +221,58 @@ def read_revs_rpm(path, ret=None): log_info("cpio stderr:\n%s" % cpio_stderr, level=3) if rpm2cpio_ret == 0 and cpio_ret == 0: - ret = read_revs_dir(dir_tmp, path) + ret = read_revs_dir(dir_tmp, args, path) shutil.rmtree(dir_tmp) return ret -def read_revs(path, ret=None): +def read_revs_tar(path, args, ret=None): + if ret is None: + ret = [] + + dir_tmp = tempfile.mkdtemp() + + log_status("Trying to extract files from tarball \"%s\"..." % path, + level=1) + + try: + with tarfile.open(path, "r:*") as tar: + for ti in tar: + if any(fnmatch.fnmatchcase(ti.name, p) for p in file_glob): + d = os.path.normpath(os.path.join("/", + os.path.dirname(ti.name))) + # For now, strip exactl one level + d = os.path.join(*(d.split(os.path.sep)[2:])) + n = os.path.join(d, os.path.basename(ti.name)) + + if not os.path.exists(d): + os.makedirs(d) + t = tar.extractfile(ti) + with open(n, "wb") as f: + shutil.copyfileobj(t, f) + t.close() + + ret = read_revs_dir(dir_tmp, args, path) + except Exception as err: + log_error("Error while reading \"%s\" as a tarball: \"%s\"" % + (path, str(err))) + + shutil.rmtree(dir_tmp) + + return ret + + +def read_revs(path, args, ret=None): if ret is None: ret = [] if os.path.isdir(path): - return read_revs_dir(path, ret) + return read_revs_dir(path, args, ret) + elif tarfile.is_tarfile(path): + return read_revs_tar(path, args, ret) else: - return read_revs_rpm(path, ret) + return read_revs_rpm(path, args, ret) def gen_mc_map(mc_data, merge=False, merge_path=False): @@ -307,7 +356,8 @@ class mcnm: MCNM_CODENAME = 4 -def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV): +def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True, + segment=False): if not isinstance(mc, dict): mc = mc_from_mc_key(mc) sig = mc["cpuid"] @@ -350,6 +400,9 @@ def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV): else: cname = c["codename"] + if segment: + cname = c["segment"] + " " + cname + if cname not in suffices: suffices[cname] = set() if "variant" in c and c["variant"]: @@ -361,28 +414,28 @@ def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV): steppings[cname] |= set(c["stepping"]) for cname in sorted(steppings.keys()): - cname_str = cname + cname_res = [cname] if len(suffices[cname]): - cname_str += "-" + "/".join(sorted(suffices[cname])) + cname_res[0] += "-" + "/".join(sorted(suffices[cname])) if len(steppings[cname]): - cname_str += " " + "/".join(sorted(steppings[cname])) - res.append(cname_str) + cname_res.append("/".join(sorted(steppings[cname]))) + res.append(" ".join(cname_res) if stringify else cname_res) - return ", ".join(res) or None + return (", ".join(res) or None) if stringify else res def mc_from_mc_key(k): return dict(zip(("path", "cpuid", "pf"), k)) -def mc_path(mc, pf_sfx=True, midword=None, cmap=None): +def mc_path(mc, pf_sfx=True, midword=None, cmap=None, cname_segment=False): if not isinstance(mc, dict): mc = mc_from_mc_key(mc) path = mc_stripped_path(mc) if mc["path"] is not None else None cpuid_fn = cpuid_fname(mc["cpuid"]) fname = os.path.basename(mc["path"] or cpuid_fn) midword = "" if midword is None else " " + midword - cname = get_mc_cnames(mc, cmap) + cname = get_mc_cnames(mc, cmap, segment=cname_segment) cname_str = " (" + cname + ")" if cname else "" if pf_sfx: @@ -492,22 +545,22 @@ def mc_rev(mc, date=None): return "%#x" % rev -def print_changelog(clog, cmap, args): - for e, old, new in sorted(clog): +def print_changelog_rpm(clog, cmap, args): + for e, old, new in clog: + mc_str = mc_path(new if e == ChangeLogEntry.ADDED else old, + midword="microcode", + cmap=cmap, cname_segment=args.segment) + if e == ChangeLogEntry.ADDED: - print("Addition of %s at revision %s" % - (mc_path(new, midword="microcode", cmap=cmap), mc_rev(new))) + print("Addition of %s at revision %s" % (mc_str, mc_rev(new))) elif e == ChangeLogEntry.REMOVED: - print("Removal of %s at revision %s" % - (mc_path(old, midword="microcode", cmap=cmap), mc_rev(old))) + print("Removal of %s at revision %s" % (mc_str, mc_rev(old))) elif e == ChangeLogEntry.UPDATED: print("Update of %s from revision %s up to %s" % - (mc_path(old, midword="microcode", cmap=cmap), - mc_rev(old), mc_rev(new))) + (mc_str, mc_rev(old), mc_rev(new))) elif e == ChangeLogEntry.DOWNGRADED: print("Downgrade of %s from revision %s down to %s" % - (mc_path(old, midword="microcode", cmap=cmap), - mc_rev(old), mc_rev(new))) + (mc_str, mc_rev(old), mc_rev(new))) elif e == ChangeLogEntry.OTHER: print("Other change in %s:" % old["path"]) print(" old: %#x/%#x: rev %s (offs %#x)" % @@ -516,6 +569,70 @@ def print_changelog(clog, cmap, args): (new["cpuid"], new["pf"], mc_rev(new), new["offs"])) +def print_changelog_intel(clog, cmap, args): + def clog_sort_key(x): + res = str(x[0]) + + if x[0] != ChangeLogEntry.ADDED: + res += "%08x%02x" % (x[1]["cpuid"], x[1]["pf"]) + else: + res += "0" * 10 + + if x[0] != ChangeLogEntry.REMOVED: + res += "%08x%02x" % (x[2]["cpuid"], x[2]["pf"]) + else: + res += "0" * 10 + + return res + + sorted_clog = sorted(clog, key=clog_sort_key) + sections = (("New Platforms", (ChangeLogEntry.ADDED, )), + ("Updated Platforms", (ChangeLogEntry.UPDATED, + ChangeLogEntry.DOWNGRADED)), + ("Removed Platforms", (ChangeLogEntry.REMOVED, ))) + + def print_line(e, old, new, types): + if e not in types: + return + + if not print_line.hdr: + print(""" +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:---------""") + print_line.hdr = True + + mc = new if e == ChangeLogEntry.ADDED else old + cnames = get_mc_cnames(mc, cmap, stringify=False, + segment=args.segment) or (("???", ""), ) + for cn in cnames: + cname = cn[0] + stepping = cn[1] if len(cn) > 1 else "" + print("| %-14s | %-8s | %8s/%02x | %8s | %8s | %s" % + (cname, + stepping, + cpuid_fname(mc["cpuid"]), mc["pf"], + ("%08x" % old["rev"]) if e != ChangeLogEntry.ADDED else "", + ("%08x" % new["rev"]) if e != ChangeLogEntry.REMOVED else "", + get_mc_cnames(mc, cmap, mode=mcnm.MCNM_FAMILIES, + segment=args.segment) or "")) + + for h, types in sections: + print("\n### %s" % h) + print_line.hdr = False + for e, old, new in sorted_clog: + print_line(e, old, new, types) + + +def print_changelog(clog, cmap, args): + if args.format == "rpm": + print_changelog_rpm(clog, cmap, args) + elif args.format == "intel": + print_changelog_intel(clog, cmap, args) + else: + log_error(("unknown changelog format: \"%s\". " + + "Supported formats are: rpm, intel.") % args.format) + + class TableStyles: TS_CSV = 0 TS_FANCY = 1 @@ -552,9 +669,9 @@ def print_summary(revs, cmap, args): header = [] if args.header: - header.append(["Path", "Offset", "Ext. Offset", "CPUID", - "Platform ID Mask", "Revision", "Date", "Checksum", - "Codenames"] + + header.append(["Path", "Offset", "Ext. Offset", "Data Size", + "Total Size", "CPUID", "Platform ID Mask", "Revision", + "Date", "Checksum", "Codenames"] + (["Models"] if args.models else [])) tbl = [] for k in sorted(m.keys()): @@ -562,14 +679,19 @@ def print_summary(revs, cmap, args): tbl.append([mc_stripped_path(mc), "0x%x" % mc["offs"], "0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-", + "0x%05x" % mc["data_size"], + "0x%05x" % mc["total_size"], "0x%05x" % mc["cpuid"], "0x%02x" % mc["pf"], mc_rev(mc, date=False), mc_date(mc), - "0x%08x" % mc["cksum"], - get_mc_cnames(mc, cmap, cnames_mode) or ""] + + "0x%08x" % (mc["ext_cksum"] + if "ext_cksum" in mc else mc["cksum"]), + get_mc_cnames(mc, cmap, cnames_mode, + segment=args.segment) or ""] + ([get_mc_cnames(mc, cmap, - mcnm.MCNM_FAMILIES_MODELS)] + mcnm.MCNM_FAMILIES_MODELS, + segment=args.segment)] if args.models else [])) print_table(tbl, header, style=TableStyles.TS_FANCY) @@ -685,7 +807,7 @@ def print_discrepancies(rev_map, deps, cmap, args): if print_out and print_date: if args.models: - out.append(get_mc_cnames(s, cmap) or "") + out.append(get_mc_cnames(s, cmap, segment=args.segment) or "") tbl.append(out) print_table(tbl, header, style=TableStyles.TS_FANCY) @@ -694,7 +816,7 @@ def print_discrepancies(rev_map, deps, cmap, args): def cmd_summary(args): revs = [] for p in args.filelist: - revs = read_revs(p, ret=revs) + revs = read_revs(p, args, ret=revs) codenames_map = read_codenames_file(args.codenames) @@ -708,8 +830,8 @@ def cmd_changelog(args): base_path = args.filelist[0] upd_path = args.filelist[1] - base = read_revs(base_path) - upd = read_revs(upd_path) + base = read_revs(base_path, args) + upd = read_revs(upd_path, args) print_changelog(gen_changelog(base, upd), codenames_map, args) @@ -750,7 +872,7 @@ def cmd_discrepancies(args): (orig_path, dep)) return 1 deps.append((path, name, deps[dep][0] if dep is not None else None)) - rev_map[path] = gen_fn_map(read_revs(path), merge=args.merge, + rev_map[path] = gen_fn_map(read_revs(path, args), merge=args.merge, merge_path=True) print_discrepancies(rev_map, deps, codenames_map, args) @@ -766,6 +888,22 @@ def parse_cli(): help="Code names file") root_parser.add_argument("-v", "--verbose", action="count", default=0, help="Increase output verbosity") + root_parser.add_argument("-E", "--no-ignore-ext-duplicates", + action="store_const", dest="ignore_ext_dups", + default=False, const=False, + help="Do not ignore duplicates of the main " + + "signature in the extended signature header") + root_parser.add_argument("-e", "--ignore-ext-duplicates", + action="store_const", dest="ignore_ext_dups", + const=True, + help="Ignore duplicates of the main signature " + + "in the extended signature header") + root_parser.add_argument("-t", "--print-segment", action="store_const", + dest="segment", const=True, + help="Print model segment") + root_parser.add_argument("-T", "--no-print-segment", action="store_const", + dest="segment", const=False, default=False, + help="Do not print model segment") cmdparsers = root_parser.add_subparsers(title="Commands", help="main gen_updates commands") @@ -794,6 +932,8 @@ def parse_cli(): parser_c = cmdparsers.add_parser("changelog", help="Generate changelog") + parser_c.add_argument("-F", "--format", choices=["rpm", "intel"], + default="rpm", help="Changelog format") parser_c.add_argument("filelist", nargs=2, help="RPMs/directories to compare") parser_c.set_defaults(func=cmd_changelog) @@ -840,6 +980,10 @@ def parse_cli(): if not hasattr(args, "func"): root_parser.print_help() return None + + global log_level + log_level = args.verbose + return args diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 09226d7..e4326d2 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20210216 +%define intel_ucode_version 20210525 %global debug_package %{nil} %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats @@ -12,12 +12,13 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl -Version: %{intel_ucode_version} -Release: 1%{?dist} +Version: 20210216 +Release: 1.%{intel_ucode_version}.1%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files -Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz +#Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz +Source0: microcode-%{intel_ucode_version}.tar.gz # (Pre-MDS) revision 0x714 of 06-2d-07 microcode Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 @@ -33,11 +34,6 @@ Source5: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi Source6: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20190918.tar.gz # microcode-20191115 release,containing revision 0xca of 06-[89]e-0X microcode Source7: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20191115.tar.gz -# microcode-20201118 has removed 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode update -# at revision 0x68; it is, however, may still be useful for some[1], so it is -# to be preserved in a caveat. -# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/39 -Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20201112/intel-ucode/06-8c-01 # systemd unit @@ -122,9 +118,9 @@ Source181: 06-8c-01_config Source182: 06-8c-01_disclaimer # "Provides:" RPM tags generator -Source1000: gen_provides.sh -Source1001: codenames.list -Source1002: gen_updates2.py +Source1000: gen_provides.sh +Source1001: codenames.list +Source1002: gen_updates2.py ExclusiveArch: %{ix86} x86_64 BuildRequires: systemd-units @@ -182,7 +178,7 @@ tar xvvf "%{SOURCE7}" --wildcards --strip-components=2 \ popd # Moving 06-8c-01 microcode to intel-ucode-with-caveats -cp "%{SOURCE8}" intel-ucode-with-caveats/ +mv intel-ucode/06-8c-01 intel-ucode-with-caveats/ : @@ -548,6 +544,109 @@ rm -rf %{buildroot} %changelog +* Thu May 27 2021 Eugene Syromiatnikov - 4:20210216-1.20210525.1 +- Update Intel CPU microcode to microcode-20210525 release, addresses + CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513 + (#1962663, #1962713, #1962733, #1962679): + - Addition of 06-55-05/0xb7 (CLX-SP A0) microcode at revision 0x3000010; + - Addition of 06-6a-05/0x87 (ICX-SP C0) microcode at revision 0xc0002f0; + - Addition of 06-6a-06/0x87 (ICX-SP D0) microcode at revision 0xd0002a0; + - Addition of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; + - Addition of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04) + at revision 0xb00000f; + - Addition of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05) + at revision 0xb00000f; + - Addition of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f; + - Addition of 06-8c-02/0xc2 (TGL-R C0) microcode at revision 0x16; + - Addition of 06-8d-01/0xc2 (TGL-H R0) microcode at revision 0x2c; + - Addition of 06-96-01/0x01 (EHL B1) microcode at revision 0x11; + - Addition of 06-9c-00/0x01 (JSL A0/A1) microcode at revision 0x1d; + - Addition of 06-a7-01/0x02 (RKL-S B0) microcode at revision 0x40; + - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in + intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xe2 up to 0xea; + - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in + intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb000038 up + to 0xb00003e; + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a0a up + to 0x2006b06; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in + intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xe2 up to 0xea; + - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in + intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x68 up to 0x88; + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xde up + to 0xea; + - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xde up + to 0xea; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xe0 up + to 0xea; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xde up + to 0xea; + - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) + microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from + revision 0xde up to 0xea; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xde up + to 0xea; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xde up + to 0xea; + - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xde up + to 0xea; + - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xde up + to 0xea; + - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xde up + to 0xea; + - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode + from revision 0x44 up to 0x46; + - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x16 up + to 0x19; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000159 + up to 0x100015b; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003006 + up to 0x4003102; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5003006 up to 0x5003102; + - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x700001e + up to 0x7002302; + - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision + 0x7000019 up to 0x700001b; + - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000017 + up to 0xf000019; + - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision + 0xe00000f up to 0xe000012; + - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x40 up + to 0x44; + - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x1e up + to 0x20; + - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x2e up + to 0x34; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x34 up + to 0x36; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x18 up + to 0x1a; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa0 + up to 0xa6; + - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x28 up + to 0x2a; + - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xe0 up + to 0xea; + - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xe0 + up to 0xea; + - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xe0 + up to 0xec; + - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe0 + up to 0xe8; + - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode from revision + 0xe0 up to 0xea. + * Wed Feb 17 2021 Eugene Syromiatnikov - 4:20210216-1 - Update Intel CPU microcode to microcode-20210216 release (#1902884): - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in