diff --git a/.gitignore b/.gitignore index 8fd26a6..2db0108 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,8 @@ SOURCES/06-2d-07 SOURCES/06-4e-03 SOURCES/06-55-04 -SOURCES/06-55-04.20190918 -SOURCES/06-55-06 -SOURCES/06-55-07 SOURCES/06-5e-03 +SOURCES/06-8c-01 SOURCES/microcode-20190918.tar.gz SOURCES/microcode-20191115.tar.gz -SOURCES/microcode-20201112.tar.gz +SOURCES/microcode-20210216.tar.gz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 75a40e3..46dfad3 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -1,10 +1,8 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03 -5f18f985f6d5ad369b5f6549b7f3ee55acaef967 SOURCES/06-55-04 -2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04.20190918 -8affd949151a0badd3f71e23cf9ad668d4c1d82f SOURCES/06-55-06 -a7121c5f49753cc783f82135e268bc4efe85d4be SOURCES/06-55-07 +2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03 +2204a6dee1688980cd228268fdf4b6ed5904fe04 SOURCES/06-8c-01 bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz -010507b8a7ca0b5c4a01cd1f8a6adae5f0fd316d SOURCES/microcode-20201112.tar.gz +26608161d98c3d0c965fc41856520434b14c000d SOURCES/microcode-20210216.tar.gz diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme index 822e7a0..cdec2c2 100644 --- a/SOURCES/06-55-04_readme +++ b/SOURCES/06-55-04_readme @@ -10,12 +10,7 @@ Since revision 0x2006906 (included with the microcode-20200609 release) it is reported that the issue is no longer present, so the newer microcode revision is enabled by default now (but can be disabled explicitly; see below). -Revision 0x2006a08 (included since the microcode-20201110 release) exhibits -a different issue on some systems, so it is controlled by 06-55-0x-ipu-2020.2 -caveat; please refer to [2] for details. - [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 -[2] /usr/share/doc/microcode_ctl/caveats/06-55-0x-ipu-2020.2_readme For the reference, SHA1 checksums of 06-55-04 microcode files containing microcode revisions in question are listed below: @@ -23,6 +18,7 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23 * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967 * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 + * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions diff --git a/SOURCES/06-55-0x-ipu-2020.2_config b/SOURCES/06-55-0x-ipu-2020.2_config deleted file mode 100644 index 80aa372..0000000 --- a/SOURCES/06-55-0x-ipu-2020.2_config +++ /dev/null @@ -1,20 +0,0 @@ -path intel-ucode/* -vendor GenuineIntel -## It is deemed that blocking the SKX/CLX microcode update on all hardware -## in cases where no model filter is used is too broad, hence -## no-model-mode=success. -## https://bugzilla.redhat.com/1902884 https://bugzilla.redhat.com/1905111 -dmi mode=fail-equal no-model-mode=success key=product_name val="Superdome Flex" -## https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/45 -dmi mode=fail-equal no-model-mode=success key=product_name val="SYS-2029TP-HTR/X11DPT-PS" -## The "kernel_early" statements are carried over from the intel caveat config -## in order to avoid enabling this newer microcode on these problematic kernels; -## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme -## (That also means that this caveat has to be enforced separately on these -## kernels.) -kernel_early 4.10.0 -kernel_early 3.10.0-930 -kernel_early 3.10.0-862.14.1 -kernel_early 3.10.0-693.38.1 -kernel_early 3.10.0-514.57.1 -kernel_early 3.10.0-327.73.1 diff --git a/SOURCES/06-55-0x-ipu-2020.2_disclaimer b/SOURCES/06-55-0x-ipu-2020.2_disclaimer deleted file mode 100644 index 788f089..0000000 --- a/SOURCES/06-55-0x-ipu-2020.2_disclaimer +++ /dev/null @@ -1,6 +0,0 @@ -Latest microcode updates for Intel Skylake/Cascade Lake Scalable Platform CPUs -(family 6, model 85, steppings 4, 6, and 7; CPUID 0x50654/0x50656/0x50657) -are disabled on some systems as these updates may cause system instability; -microcode from the previous microcode-20200609 release is used instead. -Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-0x-ipu-2020.2_readme -and /usr/share/doc/microcode_ctl/README.caveats for details. diff --git a/SOURCES/06-55-0x-ipu-2020.2_readme b/SOURCES/06-55-0x-ipu-2020.2_readme deleted file mode 100644 index 11324a7..0000000 --- a/SOURCES/06-55-0x-ipu-2020.2_readme +++ /dev/null @@ -1,83 +0,0 @@ -Latest microcode updates for Intel Skylake/Cascade Lake Scalable Platform CPUs -(family 6, model 85, steppings 4, 6, and 7; CPUID 0x50654/0x50656/0x50657) -may cause system instability on some systems, namely, HPE Superdome Flex -and Supermicro systems, when an update is performed with the resivions -that come with microcode-20201110 release, so the previously released microcode -(with revisions 0x2006906, 0x4001f01, and 0x5002f01, respectively) -from microcode-20200609 release are used on these systems by default instead -for the OS-driven microcode update. - -For the reference, SHA1 checksums of the relevant microcode files containing -microcode revisions in question are listed below: - * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967 - * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 - - * 06-55-06, revision 0x4004f01: 8affd949151a0badd3f71e23cf9ad668d4c1d82f - * 06-55-06, revision 0x4003003: b187866d2570f90ea69f434c2b012a8c88d85f43 - - * 06-55-07, revision 0x5002f01: a7121c5f49753cc783f82135e268bc4efe85d4be - * 06-55-07, revision 0x5003003: 74e129b108e676f0286742f609b2c1fa65d73db1 - -Please contact your system vendor for a BIOS/firmware update that contains -the latest microcode version. For the information regarding microcode versions -required for mitigating specific side-channel cache attacks, please refer -to the following knowledge base articles: - * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), - CVE-2020-8696 (Vector Register Leakage-Active), - CVE-2020-8698 (Fast Forward Store Predictor): - https://access.redhat.com/articles/5569051 - -The information regarding enforcing microcode update is provided below. - -To enforce usage of the latest microcode revision for a specific kernel -version, please create a file "force-intel-06-55-0x-ipu-2020.2" inside -/lib/firmware/ directory, run -"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory -where microcode will be available for late microcode update, and run -"dracut -f --kver ", so initramfs for this kernel version -is regenerated and the microcode can be loaded early, for example: - - touch /lib/firmware/3.10.0-862.9.1/force-intel-06-55-0x-ipu-2020.2 - /usr/libexec/microcode_ctl/update_ucode - dracut -f --kver 3.10.0-862.9.1 - -After that, it is possible to perform a late microcode update by executing -"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to -"/sys/devices/system/cpu/microcode/reload" directly. - -To disallow usage of the latest microcode revision for a specific kernel -version, please create a file "disallow-intel-06-55-0x-ipu-2020.2" inside -/lib/firmware/ directory, run -"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory -used for late microcode updates, and run "dracut -f --kver ", -so initramfs for this kernel version is regenerated, for example: - - touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-0x-ipu-2020.2 - /usr/libexec/microcode_ctl/update_ucode - dracut -f --kver 3.10.0-862.9.1 - -To enforce addition of this microcode for all kernels, please create a file -"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-0x-ipu-2020.2", run -"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates, -and "dracut -f --regenerate-all" for enabling early microcode updates: - - mkdir -p /etc/microcode_ctl/ucode_with_caveats - touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-0x-ipu-2020.2 - /usr/libexec/microcode_ctl/update_ucode - dracut -f --regenerate-all - -To disallow usage of the latest microcode revision for all kernels, please -create a file -"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-0x-ipu-2020.2", -run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories -used for late microcode updates, and run "dracut -f --regenerate-all" -so initramfs images get regenerated, for example: - - mkdir -p /etc/microcode_ctl/ucode_with_caveats - touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-0x-ipu-2020.2 - /usr/libexec/microcode_ctl/update_ucode - dracut -f --regenerate-all - - -Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional -information. diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats index b177eed..d18c2a5 100644 --- a/SOURCES/README.caveats +++ b/SOURCES/README.caveats @@ -560,11 +560,6 @@ to enable ability to disable it in case such a need arises. (See the sections "check_caveats script" and "reload_microcode script" for details regarding caveats mechanism operation.) -Revision 0x2006a08 (included since the microcode-20201110 release) exhibits -a different issue on some systems, so it is controlled by 06-55-0x-ipu-2020.2 -caveat; please refer to the "Intel Skylake-SP and Cascade Lake-SP -microcode-20201110 caveats" section for details. - [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 Caveat name: intel-06-55-04 @@ -576,28 +571,6 @@ previously published microcode revision 0x2000064 is still available as a fallback as part of "intel" caveat. -Intel Skylake-SP and Cascade Lake-SP microcode-20201110 caveats ---------------------------------------------------------------- -Latest microcode updates for Intel Skylake/Cascade Lake Scalable Platform CPUs -(family 6, model 85, steppings 4, 6, and 7; CPUID 0x50654/0x50656/0x50657) -may cause system instability on some systems (there were reports for HPE -Superdome Flex and Supermicro systems[1]) with the resivions that come -with microcode-20201110 release, so the previously released microcode -(with revisions 0x2006906, 0x4001f01, and 0x5002f01, respectively) -from microcode-20200609 release are used by default instead for the OS-driven -microcode update. - -[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/45 - -Caveat name: intel-06-55-0x-ipu-2020.2 - -Affected microcode: intel-ucode/06-55-04, intel-ucode/06-55-06, - intel-ucode/06-55-07 - -Mitigation: previously published microcode files (revision 0x2006906 for 06-55-04, - 0x4002f01 for 06-55-06, 0x5002f01 for 06-55-07) are used by default. - - Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats ---------------------------------------- Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3; diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index ae65361..09226d7 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20201112 +%define intel_ucode_version 20210216 %global debug_package %{nil} %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats @@ -13,7 +13,7 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl Version: %{intel_ucode_version} -Release: 2%{?dist} +Release: 1%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files @@ -23,7 +23,7 @@ Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 # (Pre-20191112) revision 0x2000064 of 06-55-04 microcode -Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04#/06-55-04.20190918 +Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04 # (Pre-20200609) revision 0xd6 of 06-4e-03/06-5e-03 microcode Source4: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-4e-03 @@ -33,16 +33,15 @@ Source5: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi Source6: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20190918.tar.gz # microcode-20191115 release,containing revision 0xca of 06-[89]e-0X microcode Source7: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20191115.tar.gz +# microcode-20201118 has removed 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode update +# at revision 0x68; it is, however, may still be useful for some[1], so it is +# to be preserved in a caveat. +# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/39 +Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20201112/intel-ucode/06-8c-01 -# (Pre-20201110) revision 0x2006906 of 06-55-04/0xb7 microcode -Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200609/intel-ucode/06-55-04 -# (Pre-20201110) revision 0x4002f01 of 06-55-06/0xbf microcode -Source9: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200609/intel-ucode/06-55-06 -# (Pre-20201110) revision 0x5002f01 of 06-55-07/0xbf microcode -Source10: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200609/intel-ucode/06-55-07 # systemd unit -Source15: microcode.service +Source10: microcode.service # dracut-related stuff Source20: 01-microcode.conf @@ -82,7 +81,6 @@ Source122: 06-2d-07_disclaimer # SKL-SP/W/X (CPUID 0x50654) post-20191112 hangs # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 -# It is still preerved due to https://bugzilla.redhat.com/1908432 Source130: 06-55-04_readme Source131: 06-55-04_config Source132: 06-55-04_disclaimer @@ -123,14 +121,6 @@ Source180: 06-8c-01_readme Source181: 06-8c-01_config Source182: 06-8c-01_disclaimer -# SKX-SP/CLX-SP (CPUID 0x50654/0x50656/0x50657) -# IPU 2020.2 HPE Superdome issue -# https://bugzilla.redhat.com/show_bug.cgi?id=1902884 -# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/45 -Source190: 06-55-0x-ipu-2020.2_readme -Source191: 06-55-0x-ipu-2020.2_config -Source192: 06-55-0x-ipu-2020.2_disclaimer - # "Provides:" RPM tags generator Source1000: gen_provides.sh Source1001: codenames.list @@ -167,16 +157,9 @@ is no longer used for microcode upload and, as a result, no longer provided. mv intel-ucode/06-2d-07 intel-ucode-with-caveats/ cp "%{SOURCE2}" intel-ucode/ -# replacing SKX/CLX (CPUID 0x50654/0x50656/0x50657) microcode with pre-20201110 -# versions -# placing this caveat because the older 06-55-04 one in order to preserve -# mv/cp command pattern -mv intel-ucode/06-55-0[467] intel-ucode-with-caveats/ -cp "%{SOURCE8}" "%{SOURCE9}" "%{SOURCE10}" intel-ucode/ - # replacing SKL-SP/W/X (CPUID 0x50654) microcode with pre-20191112 version -mv intel-ucode/06-55-04 intel-ucode-with-caveats/06-55-04.20200609 -cp "%{SOURCE3}" intel-ucode/06-55-04 +mv intel-ucode/06-55-04 intel-ucode-with-caveats/ +cp "%{SOURCE3}" intel-ucode/ # replacing SKL-U/Y (CPUID 0x4063e) microcode with pre-20200609 version mv intel-ucode/06-4e-03 intel-ucode-with-caveats/ @@ -199,7 +182,7 @@ tar xvvf "%{SOURCE7}" --wildcards --strip-components=2 \ popd # Moving 06-8c-01 microcode to intel-ucode-with-caveats -mv intel-ucode/06-8c-01 intel-ucode-with-caveats/ +cp "%{SOURCE8}" intel-ucode-with-caveats/ : @@ -211,7 +194,7 @@ install -m 755 -d \ # systemd unit install -m 755 -d "%{buildroot}/%{_unitdir}" -install -m 644 "%{SOURCE15}" -t "%{buildroot}/%{_unitdir}/" +install -m 644 "%{SOURCE10}" -t "%{buildroot}/%{_unitdir}/" # dracut %define dracut_mod_dir "%{buildroot}/%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override" @@ -250,7 +233,7 @@ install -m 644 releasenote.md \ # caveats install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \ "%{SOURCE140}" "%{SOURCE150}" "%{SOURCE160}" "%{SOURCE170}" \ - "%{SOURCE180}" "%{SOURCE190}" \ + "%{SOURCE180}" \ -t "%{buildroot}/%{_pkgdocdir}/caveats/" @@ -283,7 +266,7 @@ install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer" # SKL-SP caveat %define skl_sp_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/ install -m 755 -d "%{skl_sp_inst_dir}/intel-ucode" -install -m 644 intel-ucode-with-caveats/06-55-04.20200609 "%{skl_sp_inst_dir}/intel-ucode/06-55-04" +install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_sp_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE130}" "%{skl_sp_inst_dir}/readme" install -m 644 "%{SOURCE131}" "%{skl_sp_inst_dir}/config" install -m 644 "%{SOURCE132}" "%{skl_sp_inst_dir}/disclaimer" @@ -328,14 +311,6 @@ install -m 644 "%{SOURCE180}" "%{tgl_inst_dir}/readme" install -m 644 "%{SOURCE181}" "%{tgl_inst_dir}/config" install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer" -# SKX-SP/CLX-SP HPE Superdome caveat -%define skx_clx_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-0x-ipu-2020.2/ -install -m 755 -d "%{skx_clx_inst_dir}/intel-ucode" -install -m 644 intel-ucode-with-caveats/06-55-0[467] -t "%{skx_clx_inst_dir}/intel-ucode/" -install -m 644 "%{SOURCE190}" "%{skx_clx_inst_dir}/readme" -install -m 644 "%{SOURCE191}" "%{skx_clx_inst_dir}/config" -install -m 644 "%{SOURCE192}" "%{skx_clx_inst_dir}/disclaimer" - # SUMMARY.intel-ucode generation # It is to be done only after file population, so, it is here, # at the end of the install stage @@ -573,6 +548,19 @@ rm -rf %{buildroot} %changelog +* Wed Feb 17 2021 Eugene Syromiatnikov - 4:20210216-1 +- Update Intel CPU microcode to microcode-20210216 release (#1902884): + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a08 up + to 0x2006a0a; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003003 + up to 0x4003006; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5003003 up to 0x5003006. + +* Wed Feb 17 2021 Eugene Syromiatnikov - 4:20201112-3 +- Remove 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats. + * Tue Dec 01 2020 Eugene Syromiatnikov - 4:20201112-2 - Do not use "grep -q" in a pipe in check_caveats (#1902021). - Add 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats