rpms
/
microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import microcode_ctl-20210216-1.el8

This commit is contained in:
CentOS Sources 2021-02-18 06:11:36 +00:00 committed by Andrew Lukoshko
parent 65fa6af4ac
commit a96ab2f5be
8 changed files with 34 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -1,10 +1,8 @@
SOURCES/06-2d-07
SOURCES/06-4e-03
SOURCES/06-55-04
SOURCES/06-55-04.20190918
SOURCES/06-55-06
SOURCES/06-55-07
SOURCES/06-5e-03
SOURCES/06-8c-01
SOURCES/microcode-20190918.tar.gz
SOURCES/microcode-20191115.tar.gz
SOURCES/microcode-20201112.tar.gz
SOURCES/microcode-20210216.tar.gz

8
.microcode_ctl.metadata
View File

@ -1,10 +1,8 @@
bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
5f18f985f6d5ad369b5f6549b7f3ee55acaef967 SOURCES/06-55-04
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04.20190918
8affd949151a0badd3f71e23cf9ad668d4c1d82f SOURCES/06-55-06
a7121c5f49753cc783f82135e268bc4efe85d4be SOURCES/06-55-07
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
2204a6dee1688980cd228268fdf4b6ed5904fe04 SOURCES/06-8c-01
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
010507b8a7ca0b5c4a01cd1f8a6adae5f0fd316d SOURCES/microcode-20201112.tar.gz
26608161d98c3d0c965fc41856520434b14c000d SOURCES/microcode-20210216.tar.gz

6
SOURCES/06-55-04_readme
View File

@ -10,12 +10,7 @@ Since revision 0x2006906 (included with the microcode-20200609 release)
it is reported that the issue is no longer present, so the newer microcode
revision is enabled by default now (but can be disabled explicitly; see below).
Revision 0x2006a08 (included since the microcode-20201110 release) exhibits
a different issue on some systems, so it is controlled by 06-55-0x-ipu-2020.2
caveat; please refer to [2] for details.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
[2] /usr/share/doc/microcode_ctl/caveats/06-55-0x-ipu-2020.2_readme
For the reference, SHA1 checksums of 06-55-04 microcode files containing
microcode revisions in question are listed below:
@ -23,6 +18,7 @@ microcode revisions in question are listed below:
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions

20
SOURCES/06-55-0x-ipu-2020.2_config
View File

@ -1,20 +0,0 @@
path intel-ucode/*
vendor GenuineIntel
## It is deemed that blocking the SKX/CLX microcode update on all hardware
## in cases where no model filter is used is too broad, hence
## no-model-mode=success.
## https://bugzilla.redhat.com/1902884 https://bugzilla.redhat.com/1905111
dmi mode=fail-equal no-model-mode=success key=product_name val="Superdome Flex"
## https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/45
dmi mode=fail-equal no-model-mode=success key=product_name val="SYS-2029TP-HTR/X11DPT-PS"
## The "kernel_early" statements are carried over from the intel caveat config
## in order to avoid enabling this newer microcode on these problematic kernels;
## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme
## (That also means that this caveat has to be enforced separately on these
## kernels.)
kernel_early 4.10.0
kernel_early 3.10.0-930
kernel_early 3.10.0-862.14.1
kernel_early 3.10.0-693.38.1
kernel_early 3.10.0-514.57.1
kernel_early 3.10.0-327.73.1

6
SOURCES/06-55-0x-ipu-2020.2_disclaimer
View File

@ -1,6 +0,0 @@
Latest microcode updates for Intel Skylake/Cascade Lake Scalable Platform CPUs
(family 6, model 85, steppings 4, 6, and 7; CPUID 0x50654/0x50656/0x50657)
are disabled on some systems as these updates may cause system instability;
microcode from the previous microcode-20200609 release is used instead.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-0x-ipu-2020.2_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

83
SOURCES/06-55-0x-ipu-2020.2_readme
View File

@ -1,83 +0,0 @@
Latest microcode updates for Intel Skylake/Cascade Lake Scalable Platform CPUs
(family 6, model 85, steppings 4, 6, and 7; CPUID 0x50654/0x50656/0x50657)
may cause system instability on some systems, namely, HPE Superdome Flex
and Supermicro systems, when an update is performed with the resivions
that come with microcode-20201110 release, so the previously released microcode
(with revisions 0x2006906, 0x4001f01, and 0x5002f01, respectively)
from microcode-20200609 release are used on these systems by default instead
for the OS-driven microcode update.
For the reference, SHA1 checksums of the relevant microcode files containing
microcode revisions in question are listed below:
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-06, revision 0x4004f01: 8affd949151a0badd3f71e23cf9ad668d4c1d82f
* 06-55-06, revision 0x4003003: b187866d2570f90ea69f434c2b012a8c88d85f43
* 06-55-07, revision 0x5002f01: a7121c5f49753cc783f82135e268bc4efe85d4be
* 06-55-07, revision 0x5003003: 74e129b108e676f0286742f609b2c1fa65d73db1
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
The information regarding enforcing microcode update is provided below.
To enforce usage of the latest microcode revision for a specific kernel
version, please create a file "force-intel-06-55-0x-ipu-2020.2" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
where microcode will be available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated and the microcode can be loaded early, for example:
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-55-0x-ipu-2020.2
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
After that, it is possible to perform a late microcode update by executing
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
"/sys/devices/system/cpu/microcode/reload" directly.
To disallow usage of the latest microcode revision for a specific kernel
version, please create a file "disallow-intel-06-55-0x-ipu-2020.2" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>",
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-0x-ipu-2020.2
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To enforce addition of this microcode for all kernels, please create a file
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-0x-ipu-2020.2", run
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
and "dracut -f --regenerate-all" for enabling early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-0x-ipu-2020.2
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
To disallow usage of the latest microcode revision for all kernels, please
create a file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-0x-ipu-2020.2",
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-0x-ipu-2020.2
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

27
SOURCES/README.caveats
View File

@ -560,11 +560,6 @@ to enable ability to disable it in case such a need arises. (See the sections
"check_caveats script" and "reload_microcode script" for details regarding
caveats mechanism operation.)
Revision 0x2006a08 (included since the microcode-20201110 release) exhibits
a different issue on some systems, so it is controlled by 06-55-0x-ipu-2020.2
caveat; please refer to the "Intel Skylake-SP and Cascade Lake-SP
microcode-20201110 caveats" section for details.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
Caveat name: intel-06-55-04
@ -576,28 +571,6 @@ previously published microcode revision 0x2000064 is still available
as a fallback as part of "intel" caveat.
Intel Skylake-SP and Cascade Lake-SP microcode-20201110 caveats
---------------------------------------------------------------
Latest microcode updates for Intel Skylake/Cascade Lake Scalable Platform CPUs
(family 6, model 85, steppings 4, 6, and 7; CPUID 0x50654/0x50656/0x50657)
may cause system instability on some systems (there were reports for HPE
Superdome Flex and Supermicro systems[1]) with the resivions that come
with microcode-20201110 release, so the previously released microcode
(with revisions 0x2006906, 0x4001f01, and 0x5002f01, respectively)
from microcode-20200609 release are used by default instead for the OS-driven
microcode update.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/45
Caveat name: intel-06-55-0x-ipu-2020.2
Affected microcode: intel-ucode/06-55-04, intel-ucode/06-55-06,
intel-ucode/06-55-07
Mitigation: previously published microcode files (revision 0x2006906 for 06-55-04,
0x4002f01 for 06-55-06, 0x5002f01 for 06-55-07) are used by default.
Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats
----------------------------------------
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3;

68
SPECS/microcode_ctl.spec
View File

@ -1,4 +1,4 @@
%define intel_ucode_version 20201112
%define intel_ucode_version 20210216
%global debug_package %{nil}
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@ -13,7 +13,7 @@
Summary: CPU microcode updates for Intel x86 processors
Name: microcode_ctl
Version: %{intel_ucode_version}
Release: 2%{?dist}
Release: 1%{?dist}
Epoch: 4
License: CC0 and Redistributable, no modification permitted
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
@ -23,7 +23,7 @@ Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
# (Pre-20191112) revision 0x2000064 of 06-55-04 microcode
Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04#/06-55-04.20190918
Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04
# (Pre-20200609) revision 0xd6 of 06-4e-03/06-5e-03 microcode
Source4: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-4e-03
@ -33,16 +33,15 @@ Source5: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi
Source6: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20190918.tar.gz
# microcode-20191115 release,containing revision 0xca of 06-[89]e-0X microcode
Source7: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20191115.tar.gz
# microcode-20201118 has removed 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode update
# at revision 0x68; it is, however, may still be useful for some[1], so it is
# to be preserved in a caveat.
# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/39
Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20201112/intel-ucode/06-8c-01
# (Pre-20201110) revision 0x2006906 of 06-55-04/0xb7 microcode
Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200609/intel-ucode/06-55-04
# (Pre-20201110) revision 0x4002f01 of 06-55-06/0xbf microcode
Source9: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200609/intel-ucode/06-55-06
# (Pre-20201110) revision 0x5002f01 of 06-55-07/0xbf microcode
Source10: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200609/intel-ucode/06-55-07
# systemd unit
Source15: microcode.service
Source10: microcode.service
# dracut-related stuff
Source20: 01-microcode.conf
@ -82,7 +81,6 @@ Source122: 06-2d-07_disclaimer
# SKL-SP/W/X (CPUID 0x50654) post-20191112 hangs
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
# It is still preerved due to https://bugzilla.redhat.com/1908432
Source130: 06-55-04_readme
Source131: 06-55-04_config
Source132: 06-55-04_disclaimer
@ -123,14 +121,6 @@ Source180: 06-8c-01_readme
Source181: 06-8c-01_config
Source182: 06-8c-01_disclaimer
# SKX-SP/CLX-SP (CPUID 0x50654/0x50656/0x50657)
# IPU 2020.2 HPE Superdome issue
# https://bugzilla.redhat.com/show_bug.cgi?id=1902884
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/45
Source190: 06-55-0x-ipu-2020.2_readme
Source191: 06-55-0x-ipu-2020.2_config
Source192: 06-55-0x-ipu-2020.2_disclaimer
# "Provides:" RPM tags generator
Source1000: gen_provides.sh
Source1001: codenames.list
@ -167,16 +157,9 @@ is no longer used for microcode upload and, as a result, no longer provided.
mv intel-ucode/06-2d-07 intel-ucode-with-caveats/
cp "%{SOURCE2}" intel-ucode/
# replacing SKX/CLX (CPUID 0x50654/0x50656/0x50657) microcode with pre-20201110
# versions
# placing this caveat because the older 06-55-04 one in order to preserve
# mv/cp command pattern
mv intel-ucode/06-55-0[467] intel-ucode-with-caveats/
cp "%{SOURCE8}" "%{SOURCE9}" "%{SOURCE10}" intel-ucode/
# replacing SKL-SP/W/X (CPUID 0x50654) microcode with pre-20191112 version
mv intel-ucode/06-55-04 intel-ucode-with-caveats/06-55-04.20200609
cp "%{SOURCE3}" intel-ucode/06-55-04
mv intel-ucode/06-55-04 intel-ucode-with-caveats/
cp "%{SOURCE3}" intel-ucode/
# replacing SKL-U/Y (CPUID 0x4063e) microcode with pre-20200609 version
mv intel-ucode/06-4e-03 intel-ucode-with-caveats/
@ -199,7 +182,7 @@ tar xvvf "%{SOURCE7}" --wildcards --strip-components=2 \
popd
# Moving 06-8c-01 microcode to intel-ucode-with-caveats
mv intel-ucode/06-8c-01 intel-ucode-with-caveats/
cp "%{SOURCE8}" intel-ucode-with-caveats/
:
@ -211,7 +194,7 @@ install -m 755 -d \
# systemd unit
install -m 755 -d "%{buildroot}/%{_unitdir}"
install -m 644 "%{SOURCE15}" -t "%{buildroot}/%{_unitdir}/"
install -m 644 "%{SOURCE10}" -t "%{buildroot}/%{_unitdir}/"
# dracut
%define dracut_mod_dir "%{buildroot}/%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override"
@ -250,7 +233,7 @@ install -m 644 releasenote.md \
# caveats
install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \
"%{SOURCE140}" "%{SOURCE150}" "%{SOURCE160}" "%{SOURCE170}" \
"%{SOURCE180}" "%{SOURCE190}" \
"%{SOURCE180}" \
-t "%{buildroot}/%{_pkgdocdir}/caveats/"
@ -283,7 +266,7 @@ install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer"
# SKL-SP caveat
%define skl_sp_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/
install -m 755 -d "%{skl_sp_inst_dir}/intel-ucode"
install -m 644 intel-ucode-with-caveats/06-55-04.20200609 "%{skl_sp_inst_dir}/intel-ucode/06-55-04"
install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_sp_inst_dir}/intel-ucode/"
install -m 644 "%{SOURCE130}" "%{skl_sp_inst_dir}/readme"
install -m 644 "%{SOURCE131}" "%{skl_sp_inst_dir}/config"
install -m 644 "%{SOURCE132}" "%{skl_sp_inst_dir}/disclaimer"
@ -328,14 +311,6 @@ install -m 644 "%{SOURCE180}" "%{tgl_inst_dir}/readme"
install -m 644 "%{SOURCE181}" "%{tgl_inst_dir}/config"
install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
# SKX-SP/CLX-SP HPE Superdome caveat
%define skx_clx_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-0x-ipu-2020.2/
install -m 755 -d "%{skx_clx_inst_dir}/intel-ucode"
install -m 644 intel-ucode-with-caveats/06-55-0[467] -t "%{skx_clx_inst_dir}/intel-ucode/"
install -m 644 "%{SOURCE190}" "%{skx_clx_inst_dir}/readme"
install -m 644 "%{SOURCE191}" "%{skx_clx_inst_dir}/config"
install -m 644 "%{SOURCE192}" "%{skx_clx_inst_dir}/disclaimer"
# SUMMARY.intel-ucode generation
# It is to be done only after file population, so, it is here,
# at the end of the install stage
@ -573,6 +548,19 @@ rm -rf %{buildroot}
%changelog
* Wed Feb 17 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1
- Update Intel CPU microcode to microcode-20210216 release (#1902884):
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a08 up
to 0x2006a0a;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003003
up to 0x4003006;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5003003 up to 0x5003006.
* Wed Feb 17 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20201112-3
- Remove 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats.
* Tue Dec 01 2020 Eugene Syromiatnikov <esyr@redhat.com> - 4:20201112-2
- Do not use "grep -q" in a pipe in check_caveats (#1902021).
- Add 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats