import microcode_ctl-20210216-1.20210608.1.el8_4
This commit is contained in:
parent
d869867268
commit
3033a4c08c
2
.gitignore
vendored
2
.gitignore
vendored
@ -4,4 +4,4 @@ SOURCES/06-55-04
|
|||||||
SOURCES/06-5e-03
|
SOURCES/06-5e-03
|
||||||
SOURCES/microcode-20190918.tar.gz
|
SOURCES/microcode-20190918.tar.gz
|
||||||
SOURCES/microcode-20191115.tar.gz
|
SOURCES/microcode-20191115.tar.gz
|
||||||
SOURCES/microcode-20210525.tar.gz
|
SOURCES/microcode-20210608.tar.gz
|
||||||
|
@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
|
|||||||
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
|
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
|
||||||
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
|
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
|
||||||
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
|
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
|
||||||
000cb9ab3260786611f3481bf82d3c32506e91ae SOURCES/microcode-20210525.tar.gz
|
68f7344d874d50f4c8d836f01abc497707d0baa2 SOURCES/microcode-20210608.tar.gz
|
||||||
|
@ -1,13 +1,3 @@
|
|||||||
model GenuineIntel 06-2d-07
|
model GenuineIntel 06-2d-07
|
||||||
path intel-ucode/06-2d-07
|
path intel-ucode/06-2d-07
|
||||||
## The "kernel_early" statements are carried over from the intel caveat config
|
dependency required intel
|
||||||
## in order to avoid enabling this newer microcode on these problematic kernels;
|
|
||||||
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
|
|
||||||
## (That also means that this caveat has to be enforced separately on these
|
|
||||||
## kernels.)
|
|
||||||
kernel_early 4.10.0
|
|
||||||
kernel_early 3.10.0-930
|
|
||||||
kernel_early 3.10.0-862.14.1
|
|
||||||
kernel_early 3.10.0-693.38.1
|
|
||||||
kernel_early 3.10.0-514.57.1
|
|
||||||
kernel_early 3.10.0-327.73.1
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
model GenuineIntel 06-4e-03
|
model GenuineIntel 06-4e-03
|
||||||
path intel-ucode/06-4e-03
|
path intel-ucode/06-4e-03
|
||||||
|
dependency required intel
|
||||||
disable early late
|
disable early late
|
||||||
|
@ -41,6 +41,11 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
|
||||||
The information regarding enforcing microcode update is provided below.
|
The information regarding enforcing microcode update is provided below.
|
||||||
|
|
||||||
|
@ -11,11 +11,5 @@ kernel 2.6.32-573.58.1
|
|||||||
kernel 2.6.32-504.71.1
|
kernel 2.6.32-504.71.1
|
||||||
kernel 2.6.32-431.90.1
|
kernel 2.6.32-431.90.1
|
||||||
kernel 2.6.32-358.90.1
|
kernel 2.6.32-358.90.1
|
||||||
kernel_early 4.10.0
|
dependency required intel skip=success match-model-mode=off
|
||||||
kernel_early 3.10.0-930
|
|
||||||
kernel_early 3.10.0-862.14.1
|
|
||||||
kernel_early 3.10.0-693.38.1
|
|
||||||
kernel_early 3.10.0-514.57.1
|
|
||||||
kernel_early 3.10.0-327.73.1
|
|
||||||
mc_min_ver_late 0xb000019
|
|
||||||
disable early late
|
disable early late
|
||||||
|
@ -28,6 +28,11 @@ to the following knowledge base articles:
|
|||||||
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
("Microarchitectural Data Sampling"):
|
("Microarchitectural Data Sampling"):
|
||||||
https://access.redhat.com/articles/4138151
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
|
||||||
The information regarding enforcing microcode load is provided below.
|
The information regarding enforcing microcode load is provided below.
|
||||||
|
|
||||||
|
@ -9,14 +9,4 @@ path intel-ucode/06-55-04
|
|||||||
## are provided for speeding up the search only, VID:DID is the real selector.
|
## are provided for speeding up the search only, VID:DID is the real selector.
|
||||||
## Commented out since revision 0x2006906 seems to fix the issue.
|
## Commented out since revision 0x2006906 seems to fix the issue.
|
||||||
#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
|
#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
|
||||||
## The "kernel_early" statements are carried over from the intel caveat config
|
dependency required intel
|
||||||
## in order to avoid enabling this newer microcode on these problematic kernels;
|
|
||||||
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
|
|
||||||
## (That also means that this caveat has to be enforced separately on these
|
|
||||||
## kernels.)
|
|
||||||
kernel_early 4.10.0
|
|
||||||
kernel_early 3.10.0-930
|
|
||||||
kernel_early 3.10.0-862.14.1
|
|
||||||
kernel_early 3.10.0-693.38.1
|
|
||||||
kernel_early 3.10.0-514.57.1
|
|
||||||
kernel_early 3.10.0-327.73.1
|
|
||||||
|
@ -47,6 +47,11 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
|
||||||
The information regarding disabling microcode update is provided below.
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
model GenuineIntel 06-5e-03
|
model GenuineIntel 06-5e-03
|
||||||
path intel-ucode/06-5e-03
|
path intel-ucode/06-5e-03
|
||||||
disable early late
|
dependency required intel
|
||||||
|
@ -1,12 +1,15 @@
|
|||||||
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
||||||
stepping 3) have reports of possible system hangs when revision 0xdc
|
stepping 3) had reports of possible system hangs when revision 0xdc
|
||||||
of microcode, that is included in microcode-20200609 update to address
|
of microcode, that is included in microcode-20200609 update to address
|
||||||
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, is applied[1]. In order
|
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order
|
||||||
to address this, microcode update to the newer revision has been disabled
|
to address this, microcode updates to the newer revision had been disabled
|
||||||
by default on these systems, and the previously published microcode revision
|
by default on these systems, and the previously published microcode revision
|
||||||
0xd6 is used by default for the OS-driven microcode update.
|
0xd6 was used by default for the OS-driven microcode update. The revision
|
||||||
|
0xea seems[2] to have fixed the aforementioned issue, hence it is enabled
|
||||||
|
by default (but can be disabled explicitly; see below).
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
||||||
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
|
||||||
|
|
||||||
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
|
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
|
||||||
microcode revisions in question are listed below:
|
microcode revisions in question are listed below:
|
||||||
@ -41,32 +44,33 @@ to the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
|
||||||
The information regarding enforcing microcode update is provided below.
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
To enforce usage of the latest 06-5e-03 microcode revision for a specific kernel
|
To prevent usage of the latest 06-5e-03 microcode revision for a specific kernel
|
||||||
version, please create a file "force-intel-06-5e-03" inside
|
version, please create a file "disallow-intel-06-5e-03" inside
|
||||||
/lib/firmware/<kernel_version> directory, run
|
/lib/firmware/<kernel_version> directory, run
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
"/usr/libexec/microcode_ctl/update_ucode" to remove it to firmware directory
|
||||||
where microcode will be available for late microcode update, and run
|
where microcode is available for late microcode update, and run
|
||||||
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
is regenerated and the microcode can be loaded early, for example:
|
is regenerated, for example:
|
||||||
|
|
||||||
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-5e-03
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-5e-03
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
After that, it is possible to perform a late microcode update by executing
|
To avoid addition of the latest microcode for all kernels, please create file
|
||||||
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03", run
|
||||||
"/sys/devices/system/cpu/microcode/reload" directly.
|
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for early microcode updates:
|
||||||
To enforce addition of this microcode for all kernels, please create file
|
|
||||||
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03", run
|
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
|
||||||
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
|
||||||
|
|
||||||
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --regenerate-all
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
model GenuineIntel 06-8c-01
|
model GenuineIntel 06-8c-01
|
||||||
path intel-ucode/06-8c-01
|
path intel-ucode/06-8c-01
|
||||||
disable early late
|
dependency required intel skip=success match-model-mode=off
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
|
Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
|
||||||
have reports of system hangs when a microcode update, that is included
|
had reports of system hangs when a microcode update, that was included
|
||||||
since microcode-20201110 update, is applied[1]. In order to address this,
|
since microcode-20201110 update, was applied[1]. In order to address this,
|
||||||
microcode update has been disabled by default on these systems.
|
microcode update had been disabled by default on these systems. The revision
|
||||||
|
0x88 seems to have fixed the aforementioned issue, hence it is enabled
|
||||||
|
by default (but can be disabled explicitly; see below).
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
||||||
|
|
||||||
@ -11,33 +13,40 @@ microcode revisions in question are listed below:
|
|||||||
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
|
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
|
||||||
|
|
||||||
Please contact your system vendor for a BIOS/firmware update that contains
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
the latest microcode version.
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
|
||||||
The information regarding enforcing microcode update is provided below.
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
To enforce usage of the latest 06-8c-01 microcode revision for a specific kernel
|
To disable 06-8c-01 microcode updates for a specific kernel
|
||||||
version, please create a file "force-intel-06-8c-01" inside
|
version, please create a file "disallow-intel-06-8c-01" inside
|
||||||
/lib/firmware/<kernel_version> directory, run
|
/lib/firmware/<kernel_version> directory, run
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
|
||||||
where microcode will be available for late microcode update, and run
|
directory where microcode is available for late microcode update, and run
|
||||||
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
is regenerated and the microcode can be loaded early, for example:
|
is regenerated, for example:
|
||||||
|
|
||||||
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-8c-01
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
After that, it is possible to perform a late microcode update by executing
|
To avoid addition of this microcode for all kernels, please create file
|
||||||
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
|
||||||
"/sys/devices/system/cpu/microcode/reload" directly.
|
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for early microcode updates:
|
||||||
To enforce addition of this microcode for all kernels, please create file
|
|
||||||
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-8c-01", run
|
|
||||||
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
|
||||||
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
|
||||||
|
|
||||||
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-8c-01
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
dracut -f --regenerate-all
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
path intel-ucode/*
|
path intel-ucode/*
|
||||||
vendor GenuineIntel
|
vendor GenuineIntel
|
||||||
dmi mode=fail-equal key=bios_vendor val="Dell Inc."
|
dmi mode=fail-equal key=bios_vendor val="Dell Inc."
|
||||||
|
dependency required intel
|
||||||
disable early late
|
disable early late
|
||||||
|
@ -4,14 +4,4 @@ vendor GenuineIntel
|
|||||||
## in cases where no model filter is used is too broad, hence
|
## in cases where no model filter is used is too broad, hence
|
||||||
## no-model-mode=success.
|
## no-model-mode=success.
|
||||||
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
|
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
|
||||||
## The "kernel_early" statements are carried over from the intel caveat config
|
dependency required intel
|
||||||
## in order to avoid enabling this newer microcode on these problematic kernels;
|
|
||||||
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
|
|
||||||
## (That also means that this caveat has to be enforced separately on these
|
|
||||||
## kernels.)
|
|
||||||
kernel_early 4.10.0
|
|
||||||
kernel_early 3.10.0-930
|
|
||||||
kernel_early 3.10.0-862.14.1
|
|
||||||
kernel_early 3.10.0-693.38.1
|
|
||||||
kernel_early 3.10.0-514.57.1
|
|
||||||
kernel_early 3.10.0-327.73.1
|
|
||||||
|
@ -269,8 +269,9 @@ separated by white space. Currently, the following options are supported:
|
|||||||
it fails (in accordance with "mode=success-all" semantics). This check fails
|
it fails (in accordance with "mode=success-all" semantics). This check fails
|
||||||
if "-m" option is not specified.
|
if "-m" option is not specified.
|
||||||
* "dmi" performs checks for specific values available in DMI sysfs files
|
* "dmi" performs checks for specific values available in DMI sysfs files
|
||||||
(present under /sys/devices/virtual/dmi/id/). The check fails if file
|
(present under /sys/devices/virtual/dmi/id/). The check (when it is actually
|
||||||
is not readable. If "-m" option is specified, then the actual check
|
performed; see a not about "no-model-mode" below) fails if one of the files
|
||||||
|
is not readable. If "-m" option is not specified, then the actual check
|
||||||
is skipped, and the check returns value in accordance with "no-model-mode"
|
is skipped, and the check returns value in accordance with "no-model-mode"
|
||||||
parameter value (see below). Check arguments are a white-space-separated
|
parameter value (see below). Check arguments are a white-space-separated
|
||||||
list of "key=value" pairs. The following keys are supported:
|
list of "key=value" pairs. The following keys are supported:
|
||||||
@ -280,17 +281,30 @@ separated by white space. Currently, the following options are supported:
|
|||||||
chassis_type, chassis_vendor, chassis_version, product_family,
|
chassis_type, chassis_vendor, chassis_version, product_family,
|
||||||
product_name, product_serial, product_uuid, product_version, sys_vendor.
|
product_name, product_serial, product_uuid, product_version, sys_vendor.
|
||||||
Default is empty string.
|
Default is empty string.
|
||||||
* "val" - a string to match DMI data against. Can be enclosed in single
|
* "val" - a string to match DMI data present in "key" against.
|
||||||
or double quotes. Default is empty string.
|
Can be enclosed in single or double quotes. Default is empty string.
|
||||||
* "mode" - check mode, the way matches are interpreted:
|
* "keyval" - a pair of "key" and "val" values (with semantics described
|
||||||
|
above), separated with either "=", ":", "!=", or "!:" characters. Enables
|
||||||
|
providing of multiple key-value pairs by means of supplying multiple
|
||||||
|
keyval= parameters. The exclamation sign ("!") character in separator
|
||||||
|
enables negated matching (so, non-equality of the value in DMI "key" file
|
||||||
|
and the value of "val" is). The match considered successful when all
|
||||||
|
the key/val (non-)equalities are in effect. This parameter works
|
||||||
|
in addition to the pair provided in "key" and "val" parameters
|
||||||
|
(but allows to avoid using them). Default is empty.
|
||||||
|
* "mode" - check mode, the way successful matches are interpreted:
|
||||||
* "success-equal" - returns 0 if the value present in the file
|
* "success-equal" - returns 0 if the value present in the file
|
||||||
with the name supplied via the "key" parameter file under
|
with the name supplied via the "key" parameter file under
|
||||||
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
||||||
of "val" parameter, otherwise 1.
|
of "val" parameter and all the pairs provided in "keyval" parameters
|
||||||
* "success-equal" - returns 1 if the value present in the file
|
are equal and non-equal in accordance with their definition,
|
||||||
|
otherwise 1.
|
||||||
|
* "fail-equal" - returns 1 if the value present in the file
|
||||||
with the name supplied via the "key" parameter file under
|
with the name supplied via the "key" parameter file under
|
||||||
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
|
||||||
of "val" parameter, otherwise 0.
|
of "val" parameter and all the pairs provided in "keyval" parameters
|
||||||
|
are equal and non-equal in accordance with their definition,
|
||||||
|
otherwise 0.
|
||||||
Default is "success-any".
|
Default is "success-any".
|
||||||
* "no-model-mode" - return value if model filter ("-m" option)
|
* "no-model-mode" - return value if model filter ("-m" option)
|
||||||
is not enabled:
|
is not enabled:
|
||||||
@ -302,6 +316,61 @@ separated by white space. Currently, the following options are supported:
|
|||||||
It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
|
It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
|
||||||
content is "Dell Inc." (without quotes). It succeeds if "-m" option
|
content is "Dell Inc." (without quotes). It succeeds if "-m" option
|
||||||
is not enabled.
|
is not enabled.
|
||||||
|
Another example:
|
||||||
|
dmi mode=fail-equal keyval="sys_vendor=Amazon EC2" keyval="product_name=u-18tb1.metal"
|
||||||
|
dmi mode=fail-equal keyval="sys_vendor=Lenovo" keyval="product_name=ThinkSystem SR950"
|
||||||
|
It blocks the caveat from using when either both
|
||||||
|
/sys/devices/virtual/dmi/id/sys_vendor contains the string "Amazon EC2"
|
||||||
|
and /sys/devices/virtual/dmi/id/product_name contains the string
|
||||||
|
"u-18tb1.metal" or both /sys/devices/virtual/dmi/id/sys_vendor contains
|
||||||
|
the string "Lenovo" and /sys/devices/virtual/dmi/id/product_name contains
|
||||||
|
the string "ThinkSystem SR950", but enables caveat loading for other products
|
||||||
|
with the aforementioned /sys/devices/virtual/dmi/id/sys_vendor values,
|
||||||
|
for example.
|
||||||
|
* "dependency" allows conditional enablement of a caveat based on the check
|
||||||
|
status of some other caveat(s). It has the following format:
|
||||||
|
dependency DEPENDENCY_TYPE DEPENDENCY_NAME [OPTION...]
|
||||||
|
where DEPENDENCY_NAME is the configuration to be checked, OPTIONs
|
||||||
|
are per-DEPENDENCY_TYPE, and the only DEPENDENCY_TYPE that is supported
|
||||||
|
currently is "required".
|
||||||
|
Options for the "required" dependency type:
|
||||||
|
* "match-model-mode" - whether model matching mode ("-m" option)
|
||||||
|
has to be used for the nested configuration check. Possible values:
|
||||||
|
* "on" - model-matching mode is always used during the nested check;
|
||||||
|
* "off" - model-matching mode is never used during the nested check;
|
||||||
|
* "same" - used the same model-matching mode as it is now.
|
||||||
|
Default is "same".
|
||||||
|
* "skip" - controls result of the check when the nested check indicated
|
||||||
|
skipping of the configuration.
|
||||||
|
* "fail" - the dependent check fails;
|
||||||
|
* "success" - the dependent check succeeds;
|
||||||
|
* "skip" - the dependent check indicates that the configuration
|
||||||
|
is to be skipped.
|
||||||
|
Default is "skip".
|
||||||
|
* "force-skip" - controls result of the check when the nested check
|
||||||
|
indicated skipping of the configuration caused by the presence
|
||||||
|
of an override file (see "check_caveats script" section for details).
|
||||||
|
* "fail" - the dependent check fails;
|
||||||
|
* "success" - the dependent check succeeds;
|
||||||
|
* "skip" - the dependent check indicates that the configuration
|
||||||
|
is to be skipped.
|
||||||
|
Default is "skip".
|
||||||
|
* "nesting-too-deep" - as a measure against dependency loop, configuration
|
||||||
|
checking logic implements nesting limit on dependency checks (currently
|
||||||
|
set at 8). This option controls the behaviour of the check
|
||||||
|
when the nested check cannot be performed due to this limit.
|
||||||
|
* "fail" - the dependent check fails;
|
||||||
|
* "success" - the dependent check succeeds;
|
||||||
|
* "skip" - the dependent check indicates that the configuration
|
||||||
|
is to be skipped.
|
||||||
|
Default is "fail".
|
||||||
|
An example of a check:
|
||||||
|
dependency required intel skip=success match-model-mode=off
|
||||||
|
It checks "intel" caveat configuration (see the "Early microcode load
|
||||||
|
inside a virtual machine" section) with model-matching mode being disabled,
|
||||||
|
treats skipping of the configuration as a success (unless the configuration
|
||||||
|
is forced to be skipped, in that case the dependent configuration
|
||||||
|
is to be skipped as well).
|
||||||
|
|
||||||
|
|
||||||
check_caveats script
|
check_caveats script
|
||||||
@ -538,6 +607,8 @@ Caveat name: intel-06-4f-01
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-4f-01.
|
Affected microcode: intel-ucode/06-4f-01.
|
||||||
|
|
||||||
|
Dependencies: intel
|
||||||
|
|
||||||
Mitigation: microcode loading is disabled for the affected CPU model.
|
Mitigation: microcode loading is disabled for the affected CPU model.
|
||||||
|
|
||||||
Minimum versions of the kernel package that contain the aforementioned patch
|
Minimum versions of the kernel package that contain the aforementioned patch
|
||||||
@ -566,6 +637,8 @@ Caveat name: intel
|
|||||||
|
|
||||||
Affected microcode: all.
|
Affected microcode: all.
|
||||||
|
|
||||||
|
Dependencies: (none)
|
||||||
|
|
||||||
Mitigation: early microcode loading is disabled for all CPU models on kernels
|
Mitigation: early microcode loading is disabled for all CPU models on kernels
|
||||||
without the fix.
|
without the fix.
|
||||||
|
|
||||||
@ -602,6 +675,8 @@ Caveat name: intel-06-2d-07
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-2d-07.
|
Affected microcode: intel-ucode/06-2d-07.
|
||||||
|
|
||||||
|
Dependencies: intel
|
||||||
|
|
||||||
Mitigation: None; the latest revision of the microcode file is used by default;
|
Mitigation: None; the latest revision of the microcode file is used by default;
|
||||||
previously published microcode revision 0x714 is still available as a fallback
|
previously published microcode revision 0x714 is still available as a fallback
|
||||||
as part of "intel" caveat.
|
as part of "intel" caveat.
|
||||||
@ -631,35 +706,64 @@ Caveat name: intel-06-55-04
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-55-04.
|
Affected microcode: intel-ucode/06-55-04.
|
||||||
|
|
||||||
|
Dependencies: intel
|
||||||
|
|
||||||
Mitigation: None; the latest revision of the microcode file is used by default;
|
Mitigation: None; the latest revision of the microcode file is used by default;
|
||||||
previously published microcode revision 0x2000064 is still available
|
previously published microcode revision 0x2000064 is still available
|
||||||
as a fallback as part of "intel" caveat.
|
as a fallback as part of "intel" caveat.
|
||||||
|
|
||||||
|
|
||||||
Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats
|
Intel Skylake-U/Y caveat
|
||||||
----------------------------------------
|
------------------------
|
||||||
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3;
|
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
|
||||||
and SKL-H/S/Xeon E3 v5, family 6, model 94, stepping 3) have reports of system
|
have reports of system hangs when revision 0xdc of microcode, that is included
|
||||||
hangs when revision 0xdc of microcode, that is included in microcode-20200609
|
in microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
|
||||||
update to address CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549,
|
and CVE-2020-0549, is applied[1]. In order to address this, microcode update
|
||||||
is applied[1][2]. In order to address this, microcode update to the newer
|
to the newer revision has been disabled by default on these systems,
|
||||||
revision has been disabled by default on these systems, and the previously
|
and the previously published microcode revision 0xd6 is used instead; the newer
|
||||||
published microcode revision 0xd6 is used instead; the newer microcode files,
|
microcode files, however, are still shipped as part of microcode_ctl package
|
||||||
however, are still shipped as part of microcode_ctl package and can be used
|
and can be used for performing a microcode update if they are enforced
|
||||||
for performing a microcode update if they are enforced via the aforementioned
|
via the aforementioned overrides. (See the sections "check_caveats script"
|
||||||
overrides. (See the sections "check_caveats script" and "reload_microcode
|
and "reload_microcode script" for details.)
|
||||||
script" for details.)
|
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
||||||
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
|
||||||
|
|
||||||
Caveat names: intel-06-4e-03, intel-06-5e-03
|
Caveat name: intel-06-4e-03
|
||||||
|
|
||||||
Affected microcode: intel-ucode/06-4e-03, intel-ucode/06-5e-03.
|
Affected microcode: intel-ucode/06-4e-03
|
||||||
|
|
||||||
|
Dependencies: intel
|
||||||
|
|
||||||
Mitigation: previously published microcode revision 0xd6 is used by default.
|
Mitigation: previously published microcode revision 0xd6 is used by default.
|
||||||
|
|
||||||
|
|
||||||
|
Intel Skylake-H/S/Xeon E3 v5 caveat
|
||||||
|
-----------------------------------
|
||||||
|
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
||||||
|
stepping 3) had reports of system hangs when revision 0xdc of microcode,
|
||||||
|
that is included in microcode-20200609 update to address CVE-2020-0543,
|
||||||
|
CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order to address this,
|
||||||
|
microcode update to the newer revision had been disabled by default on these
|
||||||
|
systems, and the previously published microcode revision 0xd6 was used instead.
|
||||||
|
The revision 0xea seems[2] to have fixed the aforementioned issue, hence
|
||||||
|
the latest microcode revision usage it is enabled by default,
|
||||||
|
but can be disabled explicitly via the aforementioned overrides. (See
|
||||||
|
the sections "check_caveats script" and "reload_microcode script" for details.)
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
||||||
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
|
||||||
|
|
||||||
|
Caveat names: intel-06-5e-03
|
||||||
|
|
||||||
|
Affected microcode: intel-ucode/06-5e-03.
|
||||||
|
|
||||||
|
Dependencies: intel
|
||||||
|
|
||||||
|
Mitigation: None; the latest revision of the microcode file is used by default;
|
||||||
|
previously published microcode revision 0xd6 is still available as a fallback
|
||||||
|
as part of "intel" caveat.
|
||||||
|
|
||||||
|
|
||||||
Dell caveats
|
Dell caveats
|
||||||
------------
|
------------
|
||||||
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
||||||
@ -688,6 +792,8 @@ Affected microcode: intel-ucode/06-8e-09, intel-ucode/06-8e-0a,
|
|||||||
intel-ucode/06-9e-0b, intel-ucode/06-9e-0c,
|
intel-ucode/06-9e-0b, intel-ucode/06-9e-0c,
|
||||||
intel-ucode/06-9e-0d.
|
intel-ucode/06-9e-0d.
|
||||||
|
|
||||||
|
Dependencies: intel
|
||||||
|
|
||||||
Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
|
Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
|
||||||
by default if /sys/devices/virtual/dmi/id/bios_vendor reports
|
by default if /sys/devices/virtual/dmi/id/bios_vendor reports
|
||||||
"Dell Inc."; otherwise, the latest microcode revision is used.
|
"Dell Inc."; otherwise, the latest microcode revision is used.
|
||||||
@ -698,12 +804,12 @@ Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
|
|||||||
Intel Tiger Lake-UP3/UP4 caveat
|
Intel Tiger Lake-UP3/UP4 caveat
|
||||||
-------------------------------
|
-------------------------------
|
||||||
Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140,
|
Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140,
|
||||||
stepping 1) have reports of system hangs when a microcode update,
|
stepping 1) had reports of system hangs when a microcode update,
|
||||||
that is included since microcode-20201110 release, is applied[1].
|
that was included since microcode-20201110 release, was applied[1].
|
||||||
In order to address this, microcode update to a newer revision has been disabled
|
In order to address this, microcode update to a newer revision had been disabled
|
||||||
by default on these systems; the newer microcode file, however, is still shipped
|
by default on these systems. The revision 0x88 seems to have fixed
|
||||||
as a part of microcode_ctl package and can be used for performing a microcode
|
the aforementioned issue, hence it is enabled by default; however, it is still
|
||||||
update if it is enforced via the aforementioned overrides. (See the sections
|
can be disabled via the aforementioned overrides. (See the sections
|
||||||
"check_caveats script" and "reload_microcode script" for details.)
|
"check_caveats script" and "reload_microcode script" for details.)
|
||||||
|
|
||||||
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
||||||
@ -712,7 +818,9 @@ Caveat names: intel-06-8c-01
|
|||||||
|
|
||||||
Affected microcode: intel-ucode/06-8c-01.
|
Affected microcode: intel-ucode/06-8c-01.
|
||||||
|
|
||||||
Mitigation: microcode loading is disabled for the affected CPU model.
|
Dependencies: intel
|
||||||
|
|
||||||
|
Mitigation: None; the latest revision of the microcode file is used by default.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -747,3 +855,8 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
|
|||||||
CVE-2020-8696 (Vector Register Leakage-Active),
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
CVE-2020-8698 (Fast Forward Store Predictor):
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
https://access.redhat.com/articles/5569051
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
@ -9,6 +9,8 @@
|
|||||||
: ${FW_DIR=/lib/firmware}
|
: ${FW_DIR=/lib/firmware}
|
||||||
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
|
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
|
||||||
|
|
||||||
|
MAX_NESTING_LEVEL=8
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
|
echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
|
||||||
echo ' [-m] [-v]'
|
echo ' [-m] [-v]'
|
||||||
@ -261,7 +263,7 @@ check_pci_config_val()
|
|||||||
# It is needed for filtering by BIOS vendor name that is available in DMI data
|
# It is needed for filtering by BIOS vendor name that is available in DMI data
|
||||||
#
|
#
|
||||||
# $1 - params in config file, space-separated, in key=value form:
|
# $1 - params in config file, space-separated, in key=value form:
|
||||||
# key= - DMI value to check. Can be one of the following: bios_date,
|
# key= - DMI data record to check. Can be one of the following: bios_date,
|
||||||
# bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
|
# bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
|
||||||
# board_vendor, board_version, chassis_asset_tag, chassis_serial,
|
# board_vendor, board_version, chassis_asset_tag, chassis_serial,
|
||||||
# chassis_type, chassis_vendor, chassis_version, product_family,
|
# chassis_type, chassis_vendor, chassis_version, product_family,
|
||||||
@ -269,24 +271,31 @@ check_pci_config_val()
|
|||||||
# sys_vendor.
|
# sys_vendor.
|
||||||
# val= - a string to match DMI data against. Can be enclosed in single
|
# val= - a string to match DMI data against. Can be enclosed in single
|
||||||
# or double quotes.
|
# or double quotes.
|
||||||
|
# keyval= - a string of format "KEY(!)?[=:]VAL" (so, one of "KEY=VAL",
|
||||||
|
# "KEY!=VAL", "KEY:VAL", "KEY!:VAL") that allows providing
|
||||||
|
# a key-value pair in a single parameter. It is possible to provide
|
||||||
|
# multiple keyval= parameters. "!" before :/= means negated match.
|
||||||
|
# The action supplied in the mode= parameter is executed upon
|
||||||
|
# successful (non-)matching of all the keyval pairs (as well
|
||||||
|
# as the pair provided in a pair of key= and val= parameters).
|
||||||
# mode=success-equal [ success-equal, fail-equal ] - matching mode:
|
# mode=success-equal [ success-equal, fail-equal ] - matching mode:
|
||||||
# success-equal: Returns 0 if the value present in the corresponding file
|
# success-equal: Returns 0 if the all values present in the corresponding
|
||||||
# under /sys/devices/virtual/dmi/id/<key> is equal
|
# files under /sys/devices/virtual/dmi/id/<KEY> are equal
|
||||||
# to the value supplied as a value of "val" parameter,
|
# (or not equal in case of a keyval= with negated match)
|
||||||
# otherwise 1.
|
# to the respective values supplied as the values
|
||||||
# fail-equal: Returns 1 if the value present in the corresponding file
|
# of the keyval= parameters or the pair of key= vand val=
|
||||||
# under /sys/devices/virtual/dmi/id/<key> is equal
|
# parameters, otherwise 1.
|
||||||
# to the value supplied as a value of "val" parameter,
|
# fail-equal: Returns 1 if all the values present in DMI files in sysfs
|
||||||
# otherwise 0.
|
# match (as described above), otherwise 0.
|
||||||
# no-model-mode=success [ success, fail ] - return value if model filter
|
# no-model-mode=success [ success, fail ] - return value if model filter
|
||||||
# is not enabled:
|
# is not enabled:
|
||||||
# success: Return 0.
|
# success: Return 0.
|
||||||
# fail: Return 1.
|
# fail: Return 1.
|
||||||
# $2 - whether model filter is engaged (if it is not '1', just return the result
|
# $2 - whether model filter is engaged (if it is not '1', just return the result
|
||||||
# based on "mode" value that assumes that the check has failed).
|
# based on "no-model-mode" value).
|
||||||
check_dmi_val()
|
check_dmi_val()
|
||||||
{
|
{
|
||||||
local key= val= mode='success-equal' nm_mode='success'
|
local key= val= keyval= keyvals= mode='success-equal' nm_mode='success'
|
||||||
local opts="${1:-}" opt= opt_=
|
local opts="${1:-}" opt= opt_=
|
||||||
local match_model="${2:-0}"
|
local match_model="${2:-0}"
|
||||||
|
|
||||||
@ -305,21 +314,44 @@ check_dmi_val()
|
|||||||
# Handle possible quoting
|
# Handle possible quoting
|
||||||
[ "x${opt#val=}" = "x${opt}" ] || {
|
[ "x${opt#val=}" = "x${opt}" ] || {
|
||||||
case "${opt#val=}" in
|
case "${opt#val=}" in
|
||||||
[']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val=\'${val}\'" ;;
|
[\']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val='${val}'" ;;
|
||||||
["]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
|
[\"]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
|
||||||
*) val="${opt#val=}" ;;
|
*) val="${opt#val=}" ;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
[ "x${opt#keyval=}" = "x${opt}" ] || {
|
||||||
|
case "${opt#keyval=}" in
|
||||||
|
[\']*)
|
||||||
|
opt_="${opts#keyval=\'}"
|
||||||
|
keyval="${opt_%%\'*}"
|
||||||
|
opt="keyval='${keyval}'"
|
||||||
|
keyvals="${keyvals}
|
||||||
|
${keyval}"
|
||||||
|
;;
|
||||||
|
[\"]*)
|
||||||
|
opt_="${opts#keyval=\"}"
|
||||||
|
keyval="${opt_%%\"*}"
|
||||||
|
opt="keyval=\"${keyval}\""
|
||||||
|
keyvals="${keyvals}
|
||||||
|
${keyval}"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
keyvals="${keyvals}
|
||||||
|
${opt#keyval=}"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
opts="${opts#"${opt}"}"
|
opts="${opts#"${opt}"}"
|
||||||
continue
|
continue
|
||||||
done
|
done
|
||||||
|
|
||||||
# Check key for validity
|
[ -z "$key" -a -z "$val" ] || keyvals="${key}=${val}${keyvals}"
|
||||||
[ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
|
|
||||||
debug "Invalid \"key\" parameter value: \"${key}\""
|
[ -n "x${keyvals}" ] || {
|
||||||
|
debug "Neither key=, val=, nor keyval= parameters were privoded"
|
||||||
echo 2
|
echo 2
|
||||||
exit
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
[ 1 = "$match_model" ] || {
|
[ 1 = "$match_model" ] || {
|
||||||
@ -332,23 +364,171 @@ check_dmi_val()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
exit
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
[ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
|
|
||||||
debug "Can't access /sys/devices/virtual/dmi/id/${key}"
|
|
||||||
echo 3
|
|
||||||
exit
|
|
||||||
}
|
|
||||||
|
|
||||||
file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")"
|
|
||||||
|
|
||||||
[ "x${val}" = "x${file_val}" ] || success=0
|
|
||||||
|
|
||||||
case "$mode" in
|
case "$mode" in
|
||||||
success-equal) echo "$((1 - $success))" ;;
|
success-equal|fail-equal) ;;
|
||||||
fail-equal) echo "${success}" ;;
|
*) debug "Invalid mode value: \"${nm_mode}\""; echo 2; return ;;
|
||||||
*) debug "Invalid mode value: \"${nm_mode}\""; echo 2 ;;
|
esac
|
||||||
|
|
||||||
|
printf "%s\n" "${keyvals}" | (
|
||||||
|
while read l; do
|
||||||
|
[ -n "$l" ] || continue
|
||||||
|
key="${l%%[=:]*}"
|
||||||
|
val="${l#${key}[=:]}"
|
||||||
|
|
||||||
|
cmp="="
|
||||||
|
[ "x${key%!}" = "x${key}" ] || {
|
||||||
|
cmp="!="
|
||||||
|
key="${key%!}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check key for validity
|
||||||
|
[ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
|
||||||
|
debug "Invalid \"key\" parameter value: \"${key}\""
|
||||||
|
echo 2
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
[ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
|
||||||
|
debug "Can't access /sys/devices/virtual/dmi/id/${key}"
|
||||||
|
echo 3
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")"
|
||||||
|
|
||||||
|
[ "x${val}" "${cmp}" "x${file_val}" ] || {
|
||||||
|
case "$mode" in
|
||||||
|
success-equal) echo 1 ;;
|
||||||
|
fail-equal) echo 0 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
done
|
||||||
|
|
||||||
|
case "$mode" in
|
||||||
|
success-equal) echo 0 ;;
|
||||||
|
fail-equal) echo 1 ;;
|
||||||
|
esac
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
# check_dependency CURLEVEL DEP_TYPE DEP_NAME OPTS
|
||||||
|
# DEP_TYPE:
|
||||||
|
# required - caveat can be enabled only if dependency is enabled
|
||||||
|
# (is not forcefully disabled and meets caveat conditions)
|
||||||
|
# OPTS:
|
||||||
|
# match-model-mode=same [ on, off, same ] - what mode matching mode is to be used for dependency
|
||||||
|
# skip=skip [ fail, skip, success ]
|
||||||
|
# force-skip=skip [ fail, skip, success ]
|
||||||
|
# nesting-too-deep=fail [ fail, skip, success ]
|
||||||
|
# Return values:
|
||||||
|
# 0 - success
|
||||||
|
# 1 - fail
|
||||||
|
# 2 - skip
|
||||||
|
# 9 - error
|
||||||
|
check_dependency()
|
||||||
|
{
|
||||||
|
local cur_level="$1"
|
||||||
|
local dep_type="$2"
|
||||||
|
local dep_name="$3"
|
||||||
|
local match_model_mode=same old_match_model="${match_model}"
|
||||||
|
local skip=skip
|
||||||
|
local force_skip=skip
|
||||||
|
local nesting_too_deep=fail
|
||||||
|
|
||||||
|
local check="Dependency check for ${dep_type} ${dep_name}"
|
||||||
|
|
||||||
|
set -- ${4:-}
|
||||||
|
while [ "$#" -gt 0 ]; do
|
||||||
|
[ "x${1#match-model-mode=}" = "x${1}" ] || match_model_mode="${1#match-model-mode=}"
|
||||||
|
[ "x${1#skip=}" = "x${1}" ] || skip="${1#skip=}"
|
||||||
|
[ "x${1#force-skip=}" = "x${1}" ] || force_skip="${1#force-skip=}"
|
||||||
|
[ "x${1#nesting-too-deep=}" = "x${1}" ] || nesting_too_deep="${1#nesting-too-deep=}"
|
||||||
|
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
case "${dep_type}" in
|
||||||
|
required)
|
||||||
|
[ "x${dep_name%/*}" = "x${dep_name}" ] || {
|
||||||
|
debug "${check} error: dependency name (${dep_name})" \
|
||||||
|
"cannot contain slashes"
|
||||||
|
echo 9
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
[ "${MAX_NESTING_LEVEL}" -ge "$cur_level" ] || {
|
||||||
|
local reason="nesting level is too deep (${cur_level}) and nesting-too-deep='${nesting_too_deep}'"
|
||||||
|
|
||||||
|
case "$nesting_too_deep" in
|
||||||
|
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
|
||||||
|
fail) debug "${check} failed: ${reason}"; echo 1 ;;
|
||||||
|
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
|
||||||
|
*) debug "${check} error: invalid" \
|
||||||
|
"nesting-too-deep mode" \
|
||||||
|
"(${nesting_too_deep})"; echo 9 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
case "${match_model_mode}" in
|
||||||
|
same) ;;
|
||||||
|
on) match_model=1 ;;
|
||||||
|
off) match_model=0 ;;
|
||||||
|
*)
|
||||||
|
debug "${check} error: invalid match-model-mode" \
|
||||||
|
"(${match_model_mode})"
|
||||||
|
echo 9
|
||||||
|
return
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
local result=0
|
||||||
|
debug "${check}: calling check_caveat '${dep_name}'" \
|
||||||
|
"'$(($cur_level + 1))' match_model=${match_model}"
|
||||||
|
check_caveat "${dep_name}" "$(($cur_level + 1))" > /dev/null || result="$?"
|
||||||
|
|
||||||
|
match_model="${old_match_model}"
|
||||||
|
|
||||||
|
case "${result}" in
|
||||||
|
0) debug "${check} succeeded: result=${result}"; echo "${result}" ;;
|
||||||
|
1) debug "${check} failed: result=${result}"; echo "${result}" ;;
|
||||||
|
2)
|
||||||
|
local reason="result=${result} and skip='${skip}'"
|
||||||
|
|
||||||
|
case "${skip}" in
|
||||||
|
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
|
||||||
|
fail) debug "${check} failed: ${reason}"; echo 1 ;;
|
||||||
|
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
|
||||||
|
*) debug "${check} error: unexpected skip=" \
|
||||||
|
"setting (${skip})"; echo 9 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
3)
|
||||||
|
local reason="result=${result} and force_skip='${force_skip}'"
|
||||||
|
|
||||||
|
case "${force_skip}" in
|
||||||
|
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
|
||||||
|
fail) debug "${check} failed: ${reason}"; echo 1 ;;
|
||||||
|
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
|
||||||
|
*) debug "${check} error: unexpected force-skip=" \
|
||||||
|
"setting (${skip})"; echo 9 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
debug "${check} error: unexpected check_caveat result" \
|
||||||
|
"(${result})"; echo 9 ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
debug "${check} error: unknown dependency type '${dep_type}'"
|
||||||
|
echo 9
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -400,23 +580,6 @@ get_mc_ver()
|
|||||||
/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
|
/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
|
||||||
}
|
}
|
||||||
|
|
||||||
# fail [CHECK_ONLY]
|
|
||||||
fail()
|
|
||||||
{
|
|
||||||
check_only="${1:-0}"
|
|
||||||
[ 0 = "$check_only" ] || return
|
|
||||||
|
|
||||||
ret=1
|
|
||||||
|
|
||||||
fail_cfgs="$fail_cfgs $cfg"
|
|
||||||
fail_paths="$fail_paths $cfg_path"
|
|
||||||
|
|
||||||
[ 0 -eq "$print_disclaimers" ] || [ ! -e "${dir}/disclaimer" ] \
|
|
||||||
|| /bin/cat "${dir}/disclaimer"
|
|
||||||
}
|
|
||||||
|
|
||||||
#check_kver "$@"
|
|
||||||
#get_model_name
|
|
||||||
|
|
||||||
match_model=0
|
match_model=0
|
||||||
configs=
|
configs=
|
||||||
@ -477,22 +640,21 @@ else
|
|||||||
stage="late"
|
stage="late"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check_caveat CFG [CHECK_ONLY]
|
# check_caveat CFG [CHECK_LEVEL]
|
||||||
# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs,
|
# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs,
|
||||||
# skip_cfgs if CHECK_ONLY is set to 0 (default).
|
# skip_cfgs if CHECK_LEVEL is set to 0 (default).
|
||||||
|
# CHECK_LEVEL is used for recursive configuration dependency checks,
|
||||||
|
# and indicates nesting level.
|
||||||
# Return value:
|
# Return value:
|
||||||
# 0 - check is successful
|
# 0 - check is successful
|
||||||
# 1 - check has been failed
|
# 1 - check has been failed
|
||||||
# 2 - configuration has been skipped
|
# 2 - configuration has been skipped
|
||||||
|
# 3 - configuration has been skipped due to presence of an override file
|
||||||
check_caveat() {
|
check_caveat() {
|
||||||
local cfg="$1"
|
local cfg="$1"
|
||||||
local check_only="${2:-0}"
|
local check_level="${2:-0}"
|
||||||
local dir="$MC_CAVEATS_DATA_DIR/$cfg"
|
local dir="$MC_CAVEATS_DATA_DIR/$cfg"
|
||||||
|
|
||||||
# We add cfg to the skip list first and then, if we do not skip it,
|
|
||||||
# we remove the configuration from the list.
|
|
||||||
[ 0 != "$check_only" ] || skip_cfgs="$skip_cfgs $cfg"
|
|
||||||
|
|
||||||
[ -r "${dir}/readme" ] || {
|
[ -r "${dir}/readme" ] || {
|
||||||
debug "File 'readme' in ${dir} is not found, skipping"
|
debug "File 'readme' in ${dir} is not found, skipping"
|
||||||
return 2
|
return 2
|
||||||
@ -512,6 +674,7 @@ check_caveat() {
|
|||||||
local cfg_disable=
|
local cfg_disable=
|
||||||
local cfg_pci=
|
local cfg_pci=
|
||||||
local cfg_dmi=
|
local cfg_dmi=
|
||||||
|
local cfg_dependency=
|
||||||
|
|
||||||
local key
|
local key
|
||||||
local value
|
local value
|
||||||
@ -547,6 +710,10 @@ check_caveat() {
|
|||||||
cfg_dmi="$cfg_dmi
|
cfg_dmi="$cfg_dmi
|
||||||
$value"
|
$value"
|
||||||
;;
|
;;
|
||||||
|
dependency)
|
||||||
|
cfg_dependency="$cfg_dependency
|
||||||
|
$value"
|
||||||
|
;;
|
||||||
'#'*|'')
|
'#'*|'')
|
||||||
continue
|
continue
|
||||||
;;
|
;;
|
||||||
@ -558,6 +725,7 @@ check_caveat() {
|
|||||||
done < "${dir}/config"
|
done < "${dir}/config"
|
||||||
|
|
||||||
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
|
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
|
||||||
|
echo "$cfg_path"
|
||||||
|
|
||||||
# Check for override files in the following order:
|
# Check for override files in the following order:
|
||||||
# - disallow early/late specific caveat for specific kernel
|
# - disallow early/late specific caveat for specific kernel
|
||||||
@ -619,7 +787,7 @@ check_caveat() {
|
|||||||
[ 0 -eq "$ignore_cfg" ] || {
|
[ 0 -eq "$ignore_cfg" ] || {
|
||||||
debug "Configuration \"$cfg\" is ignored due to presence of" \
|
debug "Configuration \"$cfg\" is ignored due to presence of" \
|
||||||
"\"$override_file\"."
|
"\"$override_file\"."
|
||||||
return 2
|
return 3
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check model if model filter is enabled
|
# Check model if model filter is enabled
|
||||||
@ -667,29 +835,51 @@ check_caveat() {
|
|||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check configuration files
|
# Has to be performed before dependency checks
|
||||||
|
|
||||||
[ 0 != "$check_only" ] || {
|
|
||||||
ret_cfgs="$ret_cfgs $cfg"
|
|
||||||
ret_paths="$ret_paths $cfg_path"
|
|
||||||
skip_cfgs="${skip_cfgs% $cfg}"
|
|
||||||
}
|
|
||||||
|
|
||||||
[ 0 -eq "$force_cfg" ] || {
|
[ 0 -eq "$force_cfg" ] || {
|
||||||
debug "Checks for configuration \"$cfg\" are ignored due to" \
|
debug "Checks for configuration \"$cfg\" are ignored due to" \
|
||||||
"presence of \"$override_file\"."
|
"presence of \"$override_file\"."
|
||||||
|
|
||||||
[ 0 != "$check_only" ] || {
|
|
||||||
ok_cfgs="$ok_cfgs $cfg"
|
|
||||||
ok_paths="$ok_paths $cfg_path"
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Check dependencies
|
||||||
|
# It has to be performed here (before adding configuration
|
||||||
|
# to $ret_cfgs/$ret_paths) since it may be skipped.
|
||||||
|
if [ -n "$cfg_dependency" ]; then
|
||||||
|
dep_line="$(printf "%s\n" "$cfg_dependency" | \
|
||||||
|
while read -r dep_type dep_name dep_opts
|
||||||
|
do
|
||||||
|
[ -n "$dep_type" ] || continue
|
||||||
|
dep_res=$(check_dependency "$check_level" \
|
||||||
|
"$dep_type" \
|
||||||
|
"$dep_name" \
|
||||||
|
"$dep_opts")
|
||||||
|
[ 0 != "$dep_res" ] || continue
|
||||||
|
echo "$dep_res $dep_type $dep_name $dep_opts"
|
||||||
|
break
|
||||||
|
done
|
||||||
|
echo "0 ")"
|
||||||
|
|
||||||
|
case "${dep_line%% *}" in
|
||||||
|
0) ;;
|
||||||
|
2)
|
||||||
|
debug "Dependency check '${dep_line#* }'" \
|
||||||
|
"induced configuration skip"
|
||||||
|
return 2
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
debug "Dependency check '${dep_line#* }'" \
|
||||||
|
"failed (with return code ${dep_line%% *})"
|
||||||
|
return 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check configuration files
|
||||||
|
|
||||||
[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
|
[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
|
||||||
debug "${cfg}: caveat is disabled in configuration"
|
debug "${cfg}: caveat is disabled in configuration"
|
||||||
fail "$check_only"
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -698,7 +888,6 @@ check_caveat() {
|
|||||||
check_kver "$kver" $cfg_kvers || {
|
check_kver "$kver" $cfg_kvers || {
|
||||||
debug "${cfg}: late load kernel version check for" \
|
debug "${cfg}: late load kernel version check for" \
|
||||||
" '$kver' against '$cfg_kvers' failed"
|
" '$kver' against '$cfg_kvers' failed"
|
||||||
fail "$check_only"
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
@ -708,7 +897,6 @@ check_caveat() {
|
|||||||
check_kver "$kver" $cfg_kvers_early || {
|
check_kver "$kver" $cfg_kvers_early || {
|
||||||
debug "${cfg}: early load kernel version check for" \
|
debug "${cfg}: early load kernel version check for" \
|
||||||
"'$kver' against '$cfg_kvers_early' failed"
|
"'$kver' against '$cfg_kvers_early' failed"
|
||||||
fail "$check_only"
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
@ -722,7 +910,6 @@ check_caveat() {
|
|||||||
debug "${cfg}: CPU microcode version $cpu_mc_ver" \
|
debug "${cfg}: CPU microcode version $cpu_mc_ver" \
|
||||||
"failed check (should be at least" \
|
"failed check (should be at least" \
|
||||||
"${cfg_mc_min_ver_late})"
|
"${cfg_mc_min_ver_late})"
|
||||||
fail "$check_only"
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
@ -744,14 +931,14 @@ check_caveat() {
|
|||||||
[ -z "${pci_line#* }" ] || {
|
[ -z "${pci_line#* }" ] || {
|
||||||
debug "PCI configuration word check '${pci_line#* }'" \
|
debug "PCI configuration word check '${pci_line#* }'" \
|
||||||
"failed (with return code ${pci_line%% *})"
|
"failed (with return code ${pci_line%% *})"
|
||||||
fail "$check_only"
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check DMI data if model filter is enabled
|
# Check DMI data if model filter is enabled
|
||||||
# Note that the model filter check is done inside check_pci_config_val
|
# Note that the model filter check is done inside check_dmi_val
|
||||||
# based on the 'mode=' parameter.
|
# (which returns the value of 'no-model-mode=' parameter
|
||||||
|
# if it is disenaged).
|
||||||
if [ -n "$cfg_dmi" ]; then
|
if [ -n "$cfg_dmi" ]; then
|
||||||
dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
|
dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
|
||||||
do
|
do
|
||||||
@ -767,21 +954,43 @@ check_caveat() {
|
|||||||
[ -z "${dmi_line#* }" ] || {
|
[ -z "${dmi_line#* }" ] || {
|
||||||
debug "DMI data check '${dmi_line#* }'" \
|
debug "DMI data check '${dmi_line#* }'" \
|
||||||
"failed (with return code ${dmi_line%% *})"
|
"failed (with return code ${dmi_line%% *})"
|
||||||
fail "$check_only"
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ 0 != "$check_only" ] || {
|
|
||||||
ok_cfgs="$ok_cfgs $cfg"
|
|
||||||
ok_paths="$ok_paths $cfg_path"
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
for cfg in $(echo "${configs}"); do
|
for cfg in $(echo "${configs}"); do
|
||||||
check_caveat "$cfg" || :
|
if cfg_path=$(check_caveat "$cfg"; exit "$?")
|
||||||
|
then
|
||||||
|
ret_cfgs="$ret_cfgs $cfg"
|
||||||
|
ret_paths="$ret_paths $cfg_path"
|
||||||
|
ok_cfgs="$ok_cfgs $cfg"
|
||||||
|
ok_paths="$ok_paths $cfg_path"
|
||||||
|
else
|
||||||
|
case "$?" in
|
||||||
|
1)
|
||||||
|
ret=1
|
||||||
|
|
||||||
|
ret_cfgs="$ret_cfgs $cfg"
|
||||||
|
ret_paths="$ret_paths $cfg_path"
|
||||||
|
fail_cfgs="$fail_cfgs $cfg"
|
||||||
|
fail_paths="$fail_paths $cfg_path"
|
||||||
|
|
||||||
|
[ 0 -eq "$print_disclaimers" ] \
|
||||||
|
|| [ ! -e "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer" ] \
|
||||||
|
|| /bin/cat "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer"
|
||||||
|
;;
|
||||||
|
2|3)
|
||||||
|
skip_cfgs="$skip_cfgs $cfg";
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
debug "Unexpected check_caveat return code '$?'" \
|
||||||
|
"for config '$cfg'"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
[ 0 -eq "$print_disclaimers" ] || exit 0
|
[ 0 -eq "$print_disclaimers" ] || exit 0
|
||||||
|
@ -305,7 +305,7 @@ Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile;
|
|||||||
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
|
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
|
||||||
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
|
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
|
||||||
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
|
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
|
||||||
Mobile;;Comet Lake;K0;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
|
Mobile;;Comet Lake;K1;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
|
||||||
Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11;
|
Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11;
|
||||||
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
|
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
%define intel_ucode_version 20210525
|
%define intel_ucode_version 20210608
|
||||||
%global debug_package %{nil}
|
%global debug_package %{nil}
|
||||||
|
|
||||||
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
|
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
|
||||||
@ -17,8 +17,7 @@ Release: 1.%{intel_ucode_version}.1%{?dist}
|
|||||||
Epoch: 4
|
Epoch: 4
|
||||||
License: CC0 and Redistributable, no modification permitted
|
License: CC0 and Redistributable, no modification permitted
|
||||||
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
|
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
|
||||||
#Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
|
Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
|
||||||
Source0: microcode-%{intel_ucode_version}.tar.gz
|
|
||||||
|
|
||||||
# (Pre-MDS) revision 0x714 of 06-2d-07 microcode
|
# (Pre-MDS) revision 0x714 of 06-2d-07 microcode
|
||||||
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
|
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
|
||||||
@ -113,6 +112,7 @@ Source171: 06-8e-9e-0x-dell_config
|
|||||||
Source172: 06-8e-9e-0x-dell_disclaimer
|
Source172: 06-8e-9e-0x-dell_disclaimer
|
||||||
|
|
||||||
# TGL-UP3/UP4 (CPUID 06-8c-01) hangs
|
# TGL-UP3/UP4 (CPUID 06-8c-01) hangs
|
||||||
|
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
||||||
Source180: 06-8c-01_readme
|
Source180: 06-8c-01_readme
|
||||||
Source181: 06-8c-01_config
|
Source181: 06-8c-01_config
|
||||||
Source182: 06-8c-01_disclaimer
|
Source182: 06-8c-01_disclaimer
|
||||||
@ -544,6 +544,17 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 22 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1.20210608.1
|
||||||
|
- Update Intel CPU microcode to microcode-20210608 release:
|
||||||
|
- Fixes in releasenote.md file.
|
||||||
|
|
||||||
|
* Thu Jul 22 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1.20210525.2
|
||||||
|
- Make intel-06-2d-07, intel-06-4e-03, intel-06-4f-01, intel-06-55-04,
|
||||||
|
intel-06-5e-03, intel-06-8c-01, intel-06-8e-9e-0x-0xca,
|
||||||
|
and intel-06-8e-9e-0x-dell caveats dependent on intel caveat.
|
||||||
|
- Enable 06-8c-01 microcode update by default (#1972328).
|
||||||
|
- Enable 06-5e-03 microcode update by default (#1972325).
|
||||||
|
|
||||||
* Thu May 27 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1.20210525.1
|
* Thu May 27 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1.20210525.1
|
||||||
- Update Intel CPU microcode to microcode-20210525 release, addresses
|
- Update Intel CPU microcode to microcode-20210525 release, addresses
|
||||||
CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513
|
CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513
|
||||||
|
Loading…
Reference in New Issue
Block a user