import microcode_ctl-20210216-1.20210525.1.el8_4

This commit is contained in:
CentOS Sources 2021-06-08 20:48:54 -04:00 committed by Andrew Lukoshko
parent b47e1efe5b
commit d869867268
14 changed files with 524 additions and 140 deletions

3
.gitignore vendored
View File

@ -2,7 +2,6 @@ SOURCES/06-2d-07
SOURCES/06-4e-03 SOURCES/06-4e-03
SOURCES/06-55-04 SOURCES/06-55-04
SOURCES/06-5e-03 SOURCES/06-5e-03
SOURCES/06-8c-01
SOURCES/microcode-20190918.tar.gz SOURCES/microcode-20190918.tar.gz
SOURCES/microcode-20191115.tar.gz SOURCES/microcode-20191115.tar.gz
SOURCES/microcode-20210216.tar.gz SOURCES/microcode-20210525.tar.gz

View File

@ -2,7 +2,6 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03 06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04 2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
2204a6dee1688980cd228268fdf4b6ed5904fe04 SOURCES/06-8c-01
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
26608161d98c3d0c965fc41856520434b14c000d SOURCES/microcode-20210216.tar.gz 000cb9ab3260786611f3481bf82d3c32506e91ae SOURCES/microcode-20210525.tar.gz

View File

@ -13,6 +13,7 @@ microcode revisions in question are listed below:
* 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e * 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c * 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366 * 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
* 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55
Please contact your system vendor for a BIOS/firmware update that contains Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions the latest microcode version. For the information regarding microcode versions

View File

@ -19,6 +19,7 @@ microcode revisions in question are listed below:
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967 * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
Please contact your system vendor for a BIOS/firmware update that contains Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions the latest microcode version. For the information regarding microcode versions

View File

@ -13,6 +13,7 @@ microcode revisions in question are listed below:
* 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a * 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7 * 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c * 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
* 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8
Please contact your system vendor for a BIOS/firmware update that contains Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions the latest microcode version. For the information regarding microcode versions

View File

@ -5,6 +5,11 @@ microcode update has been disabled by default on these systems.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
For the reference, SHA1 checksums of 06-8c-01 microcode files containing
microcode revisions in question are listed below:
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
Please contact your system vendor for a BIOS/firmware update that contains Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. the latest microcode version.

View File

@ -82,6 +82,16 @@ in question:
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542 * 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c * 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
Please contact your system vendor for a BIOS/firmware update that contains Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer required for mitigating specific side-channel cache attacks, please refer

View File

@ -82,6 +82,16 @@ in question:
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542 * 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c * 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
Please contact your system vendor for a BIOS/firmware update that contains Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer required for mitigating specific side-channel cache attacks, please refer

View File

@ -22,6 +22,30 @@ microcode files and their usage.
* SECURITY.intel-ucode * SECURITY.intel-ucode
"security.md" file from the Intel x86 CPU microcode archive. "security.md" file from the Intel x86 CPU microcode archive.
* SUMMARY.intel-ucode * SUMMARY.intel-ucode
Information about supplied microcode files extracted from their headers. Information about supplied microcode files extracted from their headers,
in a table form. Columns have the following meaning:
* "Path": path to the microcode file under one of the following directories:
* /usr/share/microcode_ctl/ucode_with_caveats/intel
* /usr/share/microcode_ctl/ucode_with_caveats
* /usr/share/microcode_ctl
* /lib/firmware
* /etc/firmware
* "Offset": offset of the microcode blob within the micocode file in bytes.
* "Ext. Offset": offset of the extended signature header within
the microcode file in bytes.
* "Data Size": size of microcode data in bytes. 0 means 2000 bytes.
* "Total Size": size of microcode blob in bytes, incuding headers.
0 means 2048 bytes.
* "CPUID": CPU ID signature (in format returned by the CPUID instruction).
* "Platform ID Mask": mask of suitable Platform IDs (provided in bits
52..50 of MSR 0x17).
* "Revision": microcode revision.
* "Date": microcode creation date.
* "Checksum": sum (in base 1<< 32) of all 32-bit values comprising
the microcode (from Offset up to Offset + Total Size).
* "Codenames": list of known CPU codenames associated with the CPUID
and Platform ID Mask combination.
Please refer to README.cavets, section "Microcode file structure"
for additional information regarding microcode header fields.
* caveats * caveats
Directory that contains readme files for specific caveats. Directory that contains readme files for each specific caveat.

View File

@ -89,6 +89,75 @@ installation or removal of a kernel RPM in order to provide microcode files
for newly installed kernels and cleanup symlinks for the uninstalled ones. for newly installed kernels and cleanup symlinks for the uninstalled ones.
Microcode file structure
------------------------
Intel x86 CPU microcode file (that is, one that can be directly consumed
by the CPU/kernel, and not its text representation such as used in microcode.dat
files) is a bundle of concatenated microcode blobs. Each blob has a header,
payload, and an optional additional data, as follows (for additional information
please refer to "Intel® 64 and IA-32 Architectures Software Developers Manual"
[1], Volume 3A, Section 9.11.1 "Microcode Update"):
* Header (48 bytes)
* Header version (unsigned 32-bit integer): version number of the update
header. Must be 0x1.
* Microcode revision (signed 32-bit integer)
* Microcode date (unsigned 32-bit integer): encoded as BCD in mmddyyyy format
(0x03141592 is 1592-03-14 in ISO 8601)
* CPU signature (unsigned 32-bit integer): CPU ID, as provided
by the CPUID (EAX = 0x1) instruction in the EAX register:
* bits 31..28: reserved
* bits 27..20: "Extended Family", summed with the Family field value
* bits 19..16: "Extended Model", bits 7..4 of the CPU model
* bits 15..14: reserved
* bits 13..12: "Processor Type", non-zero value (other than the "primary
processor") so far used only for the Deschutes (Pentium II) CPU family,
with the processor type of 1, to signify it is an Overdrive processor:
CPUID 0x1632.
* bits 11..08: Family, summed with the Extended Family field value
* bits 07..04: Model (bits 3..0)
* bits 03..00: Stepping
In short, microcode file with Family-Model-Stepping of uv-wx-0z corresponds
to CPUID 0x0TUw0Vxz, where uv = TU + V, with V usually being 0xF when
uv >= 16; with Family being 6 on most of recent Intel CPUs this transforms
into 0x000w06xz. Please also refer to README.intel-ucode, section "About
Processor Signature, Family, Model, Stepping and Platform ID"
for additional information.
* Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) of all
the 32-bit integers comprising the microcode amounts to 0.
* Loader version (unsigned 32-bit integer): 0x1.
* Platform ID mask (unsigned 32-bit integer): lower 8 bits indicate the set
of possible values of bits 52..50 of MSR 0x17 ("Platform ID"). In old
(up to Pentium II) microcode blobs the mask may be zero.
* Data size (unsigned 32-bit integer): size of the Payload in bytes,
has to be divisible by 4. 0 means 2000.
* Total size (unsigned 32-bit integer): total microcode blob size (including
header and extended header), has to be divisible by 1024. 0 means 2048.
* Reserved (12 bytes).
* Payload
* Additional data (optional, 20 + 12 * n bytes)
* Extended signature table header (20 bytes)
* Extended signature count (unsigned 32-bit integer)
* Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32)
of all the 32-bit integers comprising the extender signature table
amounts to 0.
* Reserved (12 bytes).
* Extended signature (12 bytes each)
* CPU signature (unsigned 32-bit integer): see the description of the CPU
signature field in the Header above.
* Platform ID mask (unsigned 32-bit integer): see the description
of the Platform ID mask field in the Header above.
* Checksum (unsigned 32-bit integer): correct if sum (in base 1<< 32)
of all the 32-bit integers comprising the Header (with CPU signature
and Platform ID mask fields replaced with the values from this signature)
and the Payload amounts to 0. Note that since External signature table
header has its own checksum, sum of all its 32-bit values amounts to 0,
so the Checksum in the Header and in the Extended signature will be
the same if the values of CPU signature and Platform ID mask fields
are the same,
[1] https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html
Caveat configuration Caveat configuration
-------------------- --------------------
There is a directory for each caveat under There is a directory for each caveat under
@ -156,10 +225,6 @@ separated by white space. Currently, the following options are supported:
configuration. Argument for the argument is a list of stages ("early", configuration. Argument for the argument is a list of stages ("early",
"late") for which the caveat should be disable. The configuration option "late") for which the caveat should be disable. The configuration option
can be provided multiple times in a configuration file. can be provided multiple times in a configuration file.
* "blacklist" is a marker for a start of list of blacklisted model names,
one model name per line. The model name of the running CPU (as reported
in /proc/cpuinfo) is compared against the names in the provided list, and,
if there is a match, caveat check fails.
* "pci_config_val" performs check for specific values in selected parts * "pci_config_val" performs check for specific values in selected parts
of configuration space of specified PCI devices. If "-m" option of configuration space of specified PCI devices. If "-m" option
is not specified, then the actual check is skipped, and the check returns is not specified, then the actual check is skipped, and the check returns

View File

@ -165,7 +165,7 @@ check_pci_config_val()
local checked=0 matched=0 path='' local checked=0 matched=0 path=''
local dev_path dev_vid dev_did dev_val local dev_path dev_vid dev_did dev_val
local opts="${1:-}" local opts="${1:-}"
local match_model="${2:0}" local match_model="${2:-0}"
set -- $1 set -- $1
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
@ -288,7 +288,7 @@ check_dmi_val()
{ {
local key= val= mode='success-equal' nm_mode='success' local key= val= mode='success-equal' nm_mode='success'
local opts="${1:-}" opt= opt_= local opts="${1:-}" opt= opt_=
local match_model="${2:0}" local match_model="${2:-0}"
local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor " local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor "
local success=1 local success=1
@ -341,7 +341,7 @@ check_dmi_val()
exit exit
} }
file_val="$(cat "/sys/devices/virtual/dmi/id/${key}")" file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")"
[ "x${val}" = "x${file_val}" ] || success=0 [ "x${val}" = "x${file_val}" ] || success=0
@ -386,6 +386,12 @@ get_mc_path()
AuthenticAMD) AuthenticAMD)
echo "amd-ucode/$2" echo "amd-ucode/$2"
;; ;;
*)
# We actually only support Intel ucode, but things may break
# if nothing is printed (input would be gotten from stdin
# otherwise).
echo "invalid"
;;
esac esac
} }
@ -394,8 +400,12 @@ get_mc_ver()
/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo /bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
} }
# fail [CHECK_ONLY]
fail() fail()
{ {
check_only="${1:-0}"
[ 0 = "$check_only" ] || return
ret=1 ret=1
fail_cfgs="$fail_cfgs $cfg" fail_cfgs="$fail_cfgs $cfg"
@ -467,34 +477,44 @@ else
stage="late" stage="late"
fi fi
# check_caveat CFG [CHECK_ONLY]
for cfg in $(echo "${configs}"); do # changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs,
dir="$MC_CAVEATS_DATA_DIR/$cfg" # skip_cfgs if CHECK_ONLY is set to 0 (default).
# Return value:
# 0 - check is successful
# 1 - check has been failed
# 2 - configuration has been skipped
check_caveat() {
local cfg="$1"
local check_only="${2:-0}"
local dir="$MC_CAVEATS_DATA_DIR/$cfg"
# We add cfg to the skip list first and then, if we do not skip it, # We add cfg to the skip list first and then, if we do not skip it,
# we remove the configuration from the list. # we remove the configuration from the list.
skip_cfgs="$skip_cfgs $cfg" [ 0 != "$check_only" ] || skip_cfgs="$skip_cfgs $cfg"
[ -r "${dir}/readme" ] || { [ -r "${dir}/readme" ] || {
debug "File 'readme' in ${dir} is not found, skipping" debug "File 'readme' in ${dir} is not found, skipping"
continue return 2
} }
[ -r "${dir}/config" ] || { [ -r "${dir}/config" ] || {
debug "File 'config' in ${dir} is not found, skipping" debug "File 'config' in ${dir} is not found, skipping"
continue return 2
} }
cfg_model= local cfg_model=
cfg_vendor= local cfg_vendor=
cfg_path= local cfg_path=
cfg_kvers= local cfg_kvers=
cfg_kvers_early= local cfg_kvers_early=
cfg_blacklist= local cfg_mc_min_ver_late=
cfg_mc_min_ver_late= local cfg_disable=
cfg_disable= local cfg_pci=
cfg_pci= local cfg_dmi=
cfg_dmi=
local key
local value
while read -r key value; do while read -r key value; do
case "$key" in case "$key" in
@ -519,13 +539,6 @@ for cfg in $(echo "${configs}"); do
disable) disable)
cfg_disable="$cfg_disable $value " cfg_disable="$cfg_disable $value "
;; ;;
blacklist)
cfg_blacklist=1
# "blacklist" is special: it stops entity parsing,
# and the rest of file is a list of blacklisted model
# names.
break
;;
pci_config_val) pci_config_val)
cfg_pci="$cfg_pci cfg_pci="$cfg_pci
$value" $value"
@ -544,12 +557,7 @@ for cfg in $(echo "${configs}"); do
esac esac
done < "${dir}/config" done < "${dir}/config"
[ -z "${cfg_blacklist}" ] || \
cfg_blacklist=$(/bin/sed -n '/^blacklist$/,$p' "${dir}/config" |
/usr/bin/tail -n +2)
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'" debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
debug "${cfg}: blacklist '$cfg_blacklist'"
# Check for override files in the following order: # Check for override files in the following order:
# - disallow early/late specific caveat for specific kernel # - disallow early/late specific caveat for specific kernel
@ -570,10 +578,10 @@ for cfg in $(echo "${configs}"); do
# - force early/late everyhting # - force early/late everyhting
# - disallow everything # - disallow everything
# - force everyhting # - force everyhting
ignore_cfg=0 local ignore_cfg=0
force_cfg=0 local force_cfg=0
override_file="" local override_file=""
overrides=" local overrides="
0:$FW_DIR/$kver/disallow-$stage-$cfg 0:$FW_DIR/$kver/disallow-$stage-$cfg
1:$FW_DIR/$kver/force-$stage-$cfg 1:$FW_DIR/$kver/force-$stage-$cfg
0:$FW_DIR/$kver/disallow-$cfg 0:$FW_DIR/$kver/disallow-$cfg
@ -590,6 +598,9 @@ for cfg in $(echo "${configs}"); do
1:$CFG_DIR/force-$stage 1:$CFG_DIR/force-$stage
0:$CFG_DIR/disallow 0:$CFG_DIR/disallow
1:$CFG_DIR/force" 1:$CFG_DIR/force"
local o
local o_force
local override_file
for o in $(echo "$overrides"); do for o in $(echo "$overrides"); do
o_force=${o%%:*} o_force=${o%%:*}
override_file=${o#$o_force:} override_file=${o#$o_force:}
@ -608,7 +619,7 @@ for cfg in $(echo "${configs}"); do
[ 0 -eq "$ignore_cfg" ] || { [ 0 -eq "$ignore_cfg" ] || {
debug "Configuration \"$cfg\" is ignored due to presence of" \ debug "Configuration \"$cfg\" is ignored due to presence of" \
"\"$override_file\"." "\"$override_file\"."
continue return 2
} }
# Check model if model filter is enabled # Check model if model filter is enabled
@ -617,11 +628,13 @@ for cfg in $(echo "${configs}"); do
debug "Current CPU model '$cpu_model' doesn't" \ debug "Current CPU model '$cpu_model' doesn't" \
"match configuration CPU model '$cfg_model'," \ "match configuration CPU model '$cfg_model'," \
"skipping" "skipping"
continue return 2
} }
fi fi
# Check paths if model filter is enabled # Check paths if model filter is enabled
local cpu_mc_path
local cfg_mc_present
if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then
cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \ cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \
"$cpu_vendor" "${cpu_model#* }")" "$cpu_vendor" "${cpu_model#* }")"
@ -640,7 +653,7 @@ for cfg in $(echo "${configs}"); do
[ 1 = "$cfg_mc_present" ] || { [ 1 = "$cfg_mc_present" ] || {
debug "No matching microcode files in '$cfg_path'" \ debug "No matching microcode files in '$cfg_path'" \
"for CPU model '$cpu_model', skipping" "for CPU model '$cpu_model', skipping"
continue return 2
} }
fi fi
@ -650,30 +663,34 @@ for cfg in $(echo "${configs}"); do
debug "Current CPU vendor '$cpu_vendor' doesn't" \ debug "Current CPU vendor '$cpu_vendor' doesn't" \
"match configuration CPU vendor '$cfg_vendor'," \ "match configuration CPU vendor '$cfg_vendor'," \
"skipping" "skipping"
continue return 2
} }
fi fi
# Check configuration files # Check configuration files
ret_cfgs="$ret_cfgs $cfg" [ 0 != "$check_only" ] || {
ret_paths="$ret_paths $cfg_path" ret_cfgs="$ret_cfgs $cfg"
skip_cfgs="${skip_cfgs% $cfg}" ret_paths="$ret_paths $cfg_path"
skip_cfgs="${skip_cfgs% $cfg}"
}
[ 0 -eq "$force_cfg" ] || { [ 0 -eq "$force_cfg" ] || {
debug "Checks for configuration \"$cfg\" are ignored due to" \ debug "Checks for configuration \"$cfg\" are ignored due to" \
"presence of \"$override_file\"." "presence of \"$override_file\"."
ok_cfgs="$ok_cfgs $cfg" [ 0 != "$check_only" ] || {
ok_paths="$ok_paths $cfg_path" ok_cfgs="$ok_cfgs $cfg"
ok_paths="$ok_paths $cfg_path"
}
continue return 0
} }
[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || { [ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
debug "${cfg}: caveat is disabled in configuration" debug "${cfg}: caveat is disabled in configuration"
fail fail "$check_only"
continue return 1
} }
# Check late load kernel version # Check late load kernel version
@ -681,8 +698,8 @@ for cfg in $(echo "${configs}"); do
check_kver "$kver" $cfg_kvers || { check_kver "$kver" $cfg_kvers || {
debug "${cfg}: late load kernel version check for" \ debug "${cfg}: late load kernel version check for" \
" '$kver' against '$cfg_kvers' failed" " '$kver' against '$cfg_kvers' failed"
fail fail "$check_only"
continue return 1
} }
fi fi
@ -691,17 +708,8 @@ for cfg in $(echo "${configs}"); do
check_kver "$kver" $cfg_kvers_early || { check_kver "$kver" $cfg_kvers_early || {
debug "${cfg}: early load kernel version check for" \ debug "${cfg}: early load kernel version check for" \
"'$kver' against '$cfg_kvers_early' failed" "'$kver' against '$cfg_kvers_early' failed"
fail fail "$check_only"
continue return 1
}
fi
# Check model blacklist
if [ -n "$cfg_blacklist" ]; then
echo "$cfg_blacklist" | /bin/grep -vqFx "${cpu_model_name}" || {
debug "${cfg}: model '${cpu_model_name}' is blacklisted"
fail
continue
} }
fi fi
@ -714,8 +722,8 @@ for cfg in $(echo "${configs}"); do
debug "${cfg}: CPU microcode version $cpu_mc_ver" \ debug "${cfg}: CPU microcode version $cpu_mc_ver" \
"failed check (should be at least" \ "failed check (should be at least" \
"${cfg_mc_min_ver_late})" "${cfg_mc_min_ver_late})"
fail fail "$check_only"
continue return 1
} }
fi fi
@ -736,8 +744,8 @@ for cfg in $(echo "${configs}"); do
[ -z "${pci_line#* }" ] || { [ -z "${pci_line#* }" ] || {
debug "PCI configuration word check '${pci_line#* }'" \ debug "PCI configuration word check '${pci_line#* }'" \
"failed (with return code ${pci_line%% *})" "failed (with return code ${pci_line%% *})"
fail fail "$check_only"
continue return 1
} }
fi fi
@ -759,13 +767,21 @@ for cfg in $(echo "${configs}"); do
[ -z "${dmi_line#* }" ] || { [ -z "${dmi_line#* }" ] || {
debug "DMI data check '${dmi_line#* }'" \ debug "DMI data check '${dmi_line#* }'" \
"failed (with return code ${dmi_line%% *})" "failed (with return code ${dmi_line%% *})"
fail fail "$check_only"
continue return 1
} }
fi fi
ok_cfgs="$ok_cfgs $cfg" [ 0 != "$check_only" ] || {
ok_paths="$ok_paths $cfg_path" ok_cfgs="$ok_cfgs $cfg"
ok_paths="$ok_paths $cfg_path"
}
return 0
}
for cfg in $(echo "${configs}"); do
check_caveat "$cfg" || :
done done
[ 0 -eq "$print_disclaimers" ] || exit 0 [ 0 -eq "$print_disclaimers" ] || exit 0

View File

@ -242,6 +242,7 @@ Server;;Skylake;B1;97;50653;SKX;SP;Xeon Scalable;
Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX; Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX;
Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable; Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable;
Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx; Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx;
Server;;Cascade Lake;A0;b7;50655;CLX;SP;Xeon Scalable Gen2;
Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2; Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2;
Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;; Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;;
Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2; Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2;
@ -262,11 +263,17 @@ Server;;Skylake;N0,R0,S0;36;506e3;SKL;Xeon E3;Xeon E3 v5;
SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx; SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx;
SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272 SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272
Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile; Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile;
Server;;Ice Lake;C0;87;606a5;ICX;SP;Xeon Scalable Gen3;
Server;;Ice Lake;D0;87;606a6;ICX;SP;Xeon Scalable Gen3;
SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100 SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100
SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile; Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile;
Server;;Knights Mill;A0;08;80650;KNM;;Xeon hi 72x5;Xeon Phi 7235, 7285, 7295 Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295
SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB;
SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB;
Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile; Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile;
Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile;
Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile;
Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile; Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile;
Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile; Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile;
Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile; Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile;
@ -277,6 +284,7 @@ Mobile;;Comet Lake;V0;94;806ec;CML;U 4+2;Core Gen10 Mobile;
Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile;
Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile;
Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile; Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile;
SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E;
Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7; Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7;
Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile; Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile;
Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6; Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6;
@ -292,11 +300,13 @@ Server;;Coffee Lake;P0;22;906ec;CFL;Xeon E;Xeon E;
Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop; Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop;
Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile; Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile;
Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E; Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E;
SOC;;Jasper Lake;A0,A1;01;906c0;JSL;;Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105;
Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile; Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile;
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop; Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop; Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile; Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
Mobile;;Comet Lake;K0;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile; Mobile;;Comet Lake;K0;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11;
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology; SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
# sources: # sources:

View File

@ -3,6 +3,7 @@
import argparse import argparse
import errno import errno
import fnmatch
import io import io
import itertools import itertools
import os import os
@ -10,6 +11,7 @@ import re
import shutil import shutil
import struct import struct
import sys import sys
import tarfile
import tempfile import tempfile
from subprocess import PIPE, Popen, STDOUT from subprocess import PIPE, Popen, STDOUT
@ -34,6 +36,7 @@ except:
log_level = 0 log_level = 0
print_date = False print_date = False
file_glob = ["*??-??-??", "*microcode*.dat"]
def log_status(msg, level=0): def log_status(msg, level=0):
@ -96,13 +99,15 @@ def file_walk(args, yield_dirs=False):
def cpuid_fname(c): def cpuid_fname(c):
# Note that the Extended Family is summed up with the Family,
# while the Extended Model is concatenated with the Model.
return "%02x-%02x-%02x" % ( return "%02x-%02x-%02x" % (
((c >> 16) & 0xff0) + ((c >> 8) & 0xf), ((c >> 20) & 0xff) + ((c >> 8) & 0xf),
((c >> 12) & 0xf0) + ((c >> 4) & 0xf), ((c >> 12) & 0xf0) + ((c >> 4) & 0xf),
c & 0xf) c & 0xf)
def read_revs_dir(path, src=None, ret=None): def read_revs_dir(path, args, src=None, ret=None):
if ret is None: if ret is None:
ret = [] ret = []
@ -156,18 +161,24 @@ def read_revs_dir(path, src=None, ret=None):
while cur_offs < offs + hdr[8] \ while cur_offs < offs + hdr[8] \
and ext_sig_cnt <= ext_tbl[0]: and ext_sig_cnt <= ext_tbl[0]:
ext_sig = struct.unpack("III", f.read(12)) ext_sig = struct.unpack("III", f.read(12))
ret.append({"path": rp, "src": src or path, ignore = args.ignore_ext_dups and \
"cpuid": ext_sig[0], "pf": ext_sig[1], (ext_sig[0] == hdr[3])
"rev": hdr[1], "date": hdr[2], if not ignore:
"offs": offs, "ext_offs": cur_offs, ret.append({"path": rp, "src": src or path,
"cksum": hdr[4], "cpuid": ext_sig[0],
"ext_cksum": ext_sig[2], "pf": ext_sig[1],
"data_size": hdr[7], "rev": hdr[1], "date": hdr[2],
"total_size": hdr[8]}) "offs": offs, "ext_offs": cur_offs,
"cksum": hdr[4],
"ext_cksum": ext_sig[2],
"data_size": hdr[7],
"total_size": hdr[8]})
log_status(("Got ext sig %#x/%#x for " + log_status(("Got ext sig %#x/%#x for " +
"%s:%#x:%#x/%#x") % "%s:%#x:%#x/%#x%s") %
(ext_sig[0], ext_sig[1], rp, offs, (ext_sig[0], ext_sig[1],
hdr[3], hdr[6]), level=2) rp, offs, hdr[3], hdr[6],
" (ignored)" if ignore else ""),
level=2)
cur_offs += 12 cur_offs += 12
ext_sig_cnt += 1 ext_sig_cnt += 1
@ -180,7 +191,7 @@ def read_revs_dir(path, src=None, ret=None):
return ret return ret
def read_revs_rpm(path, ret=None): def read_revs_rpm(path, args, ret=None):
if ret is None: if ret is None:
ret = [] ret = []
@ -191,7 +202,7 @@ def read_revs_rpm(path, ret=None):
rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE, rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE,
close_fds=True) close_fds=True)
cpio = Popen(args=["cpio", "-idmv", "*??-??-??", "*microcode*.dat"], cpio = Popen(args=["cpio", "-idmv"] + file_glob,
cwd=dir_tmp, stdin=rpm2cpio.stdout, cwd=dir_tmp, stdin=rpm2cpio.stdout,
stdout=PIPE, stderr=STDOUT) stdout=PIPE, stderr=STDOUT)
out, cpio_stderr = cpio.communicate() out, cpio_stderr = cpio.communicate()
@ -210,20 +221,58 @@ def read_revs_rpm(path, ret=None):
log_info("cpio stderr:\n%s" % cpio_stderr, level=3) log_info("cpio stderr:\n%s" % cpio_stderr, level=3)
if rpm2cpio_ret == 0 and cpio_ret == 0: if rpm2cpio_ret == 0 and cpio_ret == 0:
ret = read_revs_dir(dir_tmp, path) ret = read_revs_dir(dir_tmp, args, path)
shutil.rmtree(dir_tmp) shutil.rmtree(dir_tmp)
return ret return ret
def read_revs(path, ret=None): def read_revs_tar(path, args, ret=None):
if ret is None:
ret = []
dir_tmp = tempfile.mkdtemp()
log_status("Trying to extract files from tarball \"%s\"..." % path,
level=1)
try:
with tarfile.open(path, "r:*") as tar:
for ti in tar:
if any(fnmatch.fnmatchcase(ti.name, p) for p in file_glob):
d = os.path.normpath(os.path.join("/",
os.path.dirname(ti.name)))
# For now, strip exactl one level
d = os.path.join(*(d.split(os.path.sep)[2:]))
n = os.path.join(d, os.path.basename(ti.name))
if not os.path.exists(d):
os.makedirs(d)
t = tar.extractfile(ti)
with open(n, "wb") as f:
shutil.copyfileobj(t, f)
t.close()
ret = read_revs_dir(dir_tmp, args, path)
except Exception as err:
log_error("Error while reading \"%s\" as a tarball: \"%s\"" %
(path, str(err)))
shutil.rmtree(dir_tmp)
return ret
def read_revs(path, args, ret=None):
if ret is None: if ret is None:
ret = [] ret = []
if os.path.isdir(path): if os.path.isdir(path):
return read_revs_dir(path, ret) return read_revs_dir(path, args, ret)
elif tarfile.is_tarfile(path):
return read_revs_tar(path, args, ret)
else: else:
return read_revs_rpm(path, ret) return read_revs_rpm(path, args, ret)
def gen_mc_map(mc_data, merge=False, merge_path=False): def gen_mc_map(mc_data, merge=False, merge_path=False):
@ -307,7 +356,8 @@ class mcnm:
MCNM_CODENAME = 4 MCNM_CODENAME = 4
def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV): def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True,
segment=False):
if not isinstance(mc, dict): if not isinstance(mc, dict):
mc = mc_from_mc_key(mc) mc = mc_from_mc_key(mc)
sig = mc["cpuid"] sig = mc["cpuid"]
@ -350,6 +400,9 @@ def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV):
else: else:
cname = c["codename"] cname = c["codename"]
if segment:
cname = c["segment"] + " " + cname
if cname not in suffices: if cname not in suffices:
suffices[cname] = set() suffices[cname] = set()
if "variant" in c and c["variant"]: if "variant" in c and c["variant"]:
@ -361,28 +414,28 @@ def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV):
steppings[cname] |= set(c["stepping"]) steppings[cname] |= set(c["stepping"])
for cname in sorted(steppings.keys()): for cname in sorted(steppings.keys()):
cname_str = cname cname_res = [cname]
if len(suffices[cname]): if len(suffices[cname]):
cname_str += "-" + "/".join(sorted(suffices[cname])) cname_res[0] += "-" + "/".join(sorted(suffices[cname]))
if len(steppings[cname]): if len(steppings[cname]):
cname_str += " " + "/".join(sorted(steppings[cname])) cname_res.append("/".join(sorted(steppings[cname])))
res.append(cname_str) res.append(" ".join(cname_res) if stringify else cname_res)
return ", ".join(res) or None return (", ".join(res) or None) if stringify else res
def mc_from_mc_key(k): def mc_from_mc_key(k):
return dict(zip(("path", "cpuid", "pf"), k)) return dict(zip(("path", "cpuid", "pf"), k))
def mc_path(mc, pf_sfx=True, midword=None, cmap=None): def mc_path(mc, pf_sfx=True, midword=None, cmap=None, cname_segment=False):
if not isinstance(mc, dict): if not isinstance(mc, dict):
mc = mc_from_mc_key(mc) mc = mc_from_mc_key(mc)
path = mc_stripped_path(mc) if mc["path"] is not None else None path = mc_stripped_path(mc) if mc["path"] is not None else None
cpuid_fn = cpuid_fname(mc["cpuid"]) cpuid_fn = cpuid_fname(mc["cpuid"])
fname = os.path.basename(mc["path"] or cpuid_fn) fname = os.path.basename(mc["path"] or cpuid_fn)
midword = "" if midword is None else " " + midword midword = "" if midword is None else " " + midword
cname = get_mc_cnames(mc, cmap) cname = get_mc_cnames(mc, cmap, segment=cname_segment)
cname_str = " (" + cname + ")" if cname else "" cname_str = " (" + cname + ")" if cname else ""
if pf_sfx: if pf_sfx:
@ -492,22 +545,22 @@ def mc_rev(mc, date=None):
return "%#x" % rev return "%#x" % rev
def print_changelog(clog, cmap, args): def print_changelog_rpm(clog, cmap, args):
for e, old, new in sorted(clog): for e, old, new in clog:
mc_str = mc_path(new if e == ChangeLogEntry.ADDED else old,
midword="microcode",
cmap=cmap, cname_segment=args.segment)
if e == ChangeLogEntry.ADDED: if e == ChangeLogEntry.ADDED:
print("Addition of %s at revision %s" % print("Addition of %s at revision %s" % (mc_str, mc_rev(new)))
(mc_path(new, midword="microcode", cmap=cmap), mc_rev(new)))
elif e == ChangeLogEntry.REMOVED: elif e == ChangeLogEntry.REMOVED:
print("Removal of %s at revision %s" % print("Removal of %s at revision %s" % (mc_str, mc_rev(old)))
(mc_path(old, midword="microcode", cmap=cmap), mc_rev(old)))
elif e == ChangeLogEntry.UPDATED: elif e == ChangeLogEntry.UPDATED:
print("Update of %s from revision %s up to %s" % print("Update of %s from revision %s up to %s" %
(mc_path(old, midword="microcode", cmap=cmap), (mc_str, mc_rev(old), mc_rev(new)))
mc_rev(old), mc_rev(new)))
elif e == ChangeLogEntry.DOWNGRADED: elif e == ChangeLogEntry.DOWNGRADED:
print("Downgrade of %s from revision %s down to %s" % print("Downgrade of %s from revision %s down to %s" %
(mc_path(old, midword="microcode", cmap=cmap), (mc_str, mc_rev(old), mc_rev(new)))
mc_rev(old), mc_rev(new)))
elif e == ChangeLogEntry.OTHER: elif e == ChangeLogEntry.OTHER:
print("Other change in %s:" % old["path"]) print("Other change in %s:" % old["path"])
print(" old: %#x/%#x: rev %s (offs %#x)" % print(" old: %#x/%#x: rev %s (offs %#x)" %
@ -516,6 +569,70 @@ def print_changelog(clog, cmap, args):
(new["cpuid"], new["pf"], mc_rev(new), new["offs"])) (new["cpuid"], new["pf"], mc_rev(new), new["offs"]))
def print_changelog_intel(clog, cmap, args):
def clog_sort_key(x):
res = str(x[0])
if x[0] != ChangeLogEntry.ADDED:
res += "%08x%02x" % (x[1]["cpuid"], x[1]["pf"])
else:
res += "0" * 10
if x[0] != ChangeLogEntry.REMOVED:
res += "%08x%02x" % (x[2]["cpuid"], x[2]["pf"])
else:
res += "0" * 10
return res
sorted_clog = sorted(clog, key=clog_sort_key)
sections = (("New Platforms", (ChangeLogEntry.ADDED, )),
("Updated Platforms", (ChangeLogEntry.UPDATED,
ChangeLogEntry.DOWNGRADED)),
("Removed Platforms", (ChangeLogEntry.REMOVED, )))
def print_line(e, old, new, types):
if e not in types:
return
if not print_line.hdr:
print("""
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------""")
print_line.hdr = True
mc = new if e == ChangeLogEntry.ADDED else old
cnames = get_mc_cnames(mc, cmap, stringify=False,
segment=args.segment) or (("???", ""), )
for cn in cnames:
cname = cn[0]
stepping = cn[1] if len(cn) > 1 else ""
print("| %-14s | %-8s | %8s/%02x | %8s | %8s | %s" %
(cname,
stepping,
cpuid_fname(mc["cpuid"]), mc["pf"],
("%08x" % old["rev"]) if e != ChangeLogEntry.ADDED else "",
("%08x" % new["rev"]) if e != ChangeLogEntry.REMOVED else "",
get_mc_cnames(mc, cmap, mode=mcnm.MCNM_FAMILIES,
segment=args.segment) or ""))
for h, types in sections:
print("\n### %s" % h)
print_line.hdr = False
for e, old, new in sorted_clog:
print_line(e, old, new, types)
def print_changelog(clog, cmap, args):
if args.format == "rpm":
print_changelog_rpm(clog, cmap, args)
elif args.format == "intel":
print_changelog_intel(clog, cmap, args)
else:
log_error(("unknown changelog format: \"%s\". " +
"Supported formats are: rpm, intel.") % args.format)
class TableStyles: class TableStyles:
TS_CSV = 0 TS_CSV = 0
TS_FANCY = 1 TS_FANCY = 1
@ -552,9 +669,9 @@ def print_summary(revs, cmap, args):
header = [] header = []
if args.header: if args.header:
header.append(["Path", "Offset", "Ext. Offset", "CPUID", header.append(["Path", "Offset", "Ext. Offset", "Data Size",
"Platform ID Mask", "Revision", "Date", "Checksum", "Total Size", "CPUID", "Platform ID Mask", "Revision",
"Codenames"] + "Date", "Checksum", "Codenames"] +
(["Models"] if args.models else [])) (["Models"] if args.models else []))
tbl = [] tbl = []
for k in sorted(m.keys()): for k in sorted(m.keys()):
@ -562,14 +679,19 @@ def print_summary(revs, cmap, args):
tbl.append([mc_stripped_path(mc), tbl.append([mc_stripped_path(mc),
"0x%x" % mc["offs"], "0x%x" % mc["offs"],
"0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-", "0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-",
"0x%05x" % mc["data_size"],
"0x%05x" % mc["total_size"],
"0x%05x" % mc["cpuid"], "0x%05x" % mc["cpuid"],
"0x%02x" % mc["pf"], "0x%02x" % mc["pf"],
mc_rev(mc, date=False), mc_rev(mc, date=False),
mc_date(mc), mc_date(mc),
"0x%08x" % mc["cksum"], "0x%08x" % (mc["ext_cksum"]
get_mc_cnames(mc, cmap, cnames_mode) or ""] + if "ext_cksum" in mc else mc["cksum"]),
get_mc_cnames(mc, cmap, cnames_mode,
segment=args.segment) or ""] +
([get_mc_cnames(mc, cmap, ([get_mc_cnames(mc, cmap,
mcnm.MCNM_FAMILIES_MODELS)] mcnm.MCNM_FAMILIES_MODELS,
segment=args.segment)]
if args.models else [])) if args.models else []))
print_table(tbl, header, style=TableStyles.TS_FANCY) print_table(tbl, header, style=TableStyles.TS_FANCY)
@ -685,7 +807,7 @@ def print_discrepancies(rev_map, deps, cmap, args):
if print_out and print_date: if print_out and print_date:
if args.models: if args.models:
out.append(get_mc_cnames(s, cmap) or "") out.append(get_mc_cnames(s, cmap, segment=args.segment) or "")
tbl.append(out) tbl.append(out)
print_table(tbl, header, style=TableStyles.TS_FANCY) print_table(tbl, header, style=TableStyles.TS_FANCY)
@ -694,7 +816,7 @@ def print_discrepancies(rev_map, deps, cmap, args):
def cmd_summary(args): def cmd_summary(args):
revs = [] revs = []
for p in args.filelist: for p in args.filelist:
revs = read_revs(p, ret=revs) revs = read_revs(p, args, ret=revs)
codenames_map = read_codenames_file(args.codenames) codenames_map = read_codenames_file(args.codenames)
@ -708,8 +830,8 @@ def cmd_changelog(args):
base_path = args.filelist[0] base_path = args.filelist[0]
upd_path = args.filelist[1] upd_path = args.filelist[1]
base = read_revs(base_path) base = read_revs(base_path, args)
upd = read_revs(upd_path) upd = read_revs(upd_path, args)
print_changelog(gen_changelog(base, upd), codenames_map, args) print_changelog(gen_changelog(base, upd), codenames_map, args)
@ -750,7 +872,7 @@ def cmd_discrepancies(args):
(orig_path, dep)) (orig_path, dep))
return 1 return 1
deps.append((path, name, deps[dep][0] if dep is not None else None)) deps.append((path, name, deps[dep][0] if dep is not None else None))
rev_map[path] = gen_fn_map(read_revs(path), merge=args.merge, rev_map[path] = gen_fn_map(read_revs(path, args), merge=args.merge,
merge_path=True) merge_path=True)
print_discrepancies(rev_map, deps, codenames_map, args) print_discrepancies(rev_map, deps, codenames_map, args)
@ -766,6 +888,22 @@ def parse_cli():
help="Code names file") help="Code names file")
root_parser.add_argument("-v", "--verbose", action="count", default=0, root_parser.add_argument("-v", "--verbose", action="count", default=0,
help="Increase output verbosity") help="Increase output verbosity")
root_parser.add_argument("-E", "--no-ignore-ext-duplicates",
action="store_const", dest="ignore_ext_dups",
default=False, const=False,
help="Do not ignore duplicates of the main " +
"signature in the extended signature header")
root_parser.add_argument("-e", "--ignore-ext-duplicates",
action="store_const", dest="ignore_ext_dups",
const=True,
help="Ignore duplicates of the main signature " +
"in the extended signature header")
root_parser.add_argument("-t", "--print-segment", action="store_const",
dest="segment", const=True,
help="Print model segment")
root_parser.add_argument("-T", "--no-print-segment", action="store_const",
dest="segment", const=False, default=False,
help="Do not print model segment")
cmdparsers = root_parser.add_subparsers(title="Commands", cmdparsers = root_parser.add_subparsers(title="Commands",
help="main gen_updates commands") help="main gen_updates commands")
@ -794,6 +932,8 @@ def parse_cli():
parser_c = cmdparsers.add_parser("changelog", parser_c = cmdparsers.add_parser("changelog",
help="Generate changelog") help="Generate changelog")
parser_c.add_argument("-F", "--format", choices=["rpm", "intel"],
default="rpm", help="Changelog format")
parser_c.add_argument("filelist", nargs=2, parser_c.add_argument("filelist", nargs=2,
help="RPMs/directories to compare") help="RPMs/directories to compare")
parser_c.set_defaults(func=cmd_changelog) parser_c.set_defaults(func=cmd_changelog)
@ -840,6 +980,10 @@ def parse_cli():
if not hasattr(args, "func"): if not hasattr(args, "func"):
root_parser.print_help() root_parser.print_help()
return None return None
global log_level
log_level = args.verbose
return args return args

View File

@ -1,4 +1,4 @@
%define intel_ucode_version 20210216 %define intel_ucode_version 20210525
%global debug_package %{nil} %global debug_package %{nil}
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@ -12,12 +12,13 @@
Summary: CPU microcode updates for Intel x86 processors Summary: CPU microcode updates for Intel x86 processors
Name: microcode_ctl Name: microcode_ctl
Version: %{intel_ucode_version} Version: 20210216
Release: 1%{?dist} Release: 1.%{intel_ucode_version}.1%{?dist}
Epoch: 4 Epoch: 4
License: CC0 and Redistributable, no modification permitted License: CC0 and Redistributable, no modification permitted
URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files URL: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz #Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
Source0: microcode-%{intel_ucode_version}.tar.gz
# (Pre-MDS) revision 0x714 of 06-2d-07 microcode # (Pre-MDS) revision 0x714 of 06-2d-07 microcode
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
@ -33,11 +34,6 @@ Source5: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi
Source6: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20190918.tar.gz Source6: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20190918.tar.gz
# microcode-20191115 release,containing revision 0xca of 06-[89]e-0X microcode # microcode-20191115 release,containing revision 0xca of 06-[89]e-0X microcode
Source7: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20191115.tar.gz Source7: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-20191115.tar.gz
# microcode-20201118 has removed 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode update
# at revision 0x68; it is, however, may still be useful for some[1], so it is
# to be preserved in a caveat.
# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/39
Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20201112/intel-ucode/06-8c-01
# systemd unit # systemd unit
@ -122,9 +118,9 @@ Source181: 06-8c-01_config
Source182: 06-8c-01_disclaimer Source182: 06-8c-01_disclaimer
# "Provides:" RPM tags generator # "Provides:" RPM tags generator
Source1000: gen_provides.sh Source1000: gen_provides.sh
Source1001: codenames.list Source1001: codenames.list
Source1002: gen_updates2.py Source1002: gen_updates2.py
ExclusiveArch: %{ix86} x86_64 ExclusiveArch: %{ix86} x86_64
BuildRequires: systemd-units BuildRequires: systemd-units
@ -182,7 +178,7 @@ tar xvvf "%{SOURCE7}" --wildcards --strip-components=2 \
popd popd
# Moving 06-8c-01 microcode to intel-ucode-with-caveats # Moving 06-8c-01 microcode to intel-ucode-with-caveats
cp "%{SOURCE8}" intel-ucode-with-caveats/ mv intel-ucode/06-8c-01 intel-ucode-with-caveats/
: :
@ -548,6 +544,109 @@ rm -rf %{buildroot}
%changelog %changelog
* Thu May 27 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1.20210525.1
- Update Intel CPU microcode to microcode-20210525 release, addresses
CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513
(#1962663, #1962713, #1962733, #1962679):
- Addition of 06-55-05/0xb7 (CLX-SP A0) microcode at revision 0x3000010;
- Addition of 06-6a-05/0x87 (ICX-SP C0) microcode at revision 0xc0002f0;
- Addition of 06-6a-06/0x87 (ICX-SP D0) microcode at revision 0xd0002a0;
- Addition of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
- Addition of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
at revision 0xb00000f;
- Addition of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05)
at revision 0xb00000f;
- Addition of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f;
- Addition of 06-8c-02/0xc2 (TGL-R C0) microcode at revision 0x16;
- Addition of 06-8d-01/0xc2 (TGL-H R0) microcode at revision 0x2c;
- Addition of 06-96-01/0x01 (EHL B1) microcode at revision 0x11;
- Addition of 06-9c-00/0x01 (JSL A0/A1) microcode at revision 0x1d;
- Addition of 06-a7-01/0x02 (RKL-S B0) microcode at revision 0x40;
- Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xe2 up to 0xea;
- Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in
intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb000038 up
to 0xb00003e;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a0a up
to 0x2006b06;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xe2 up to 0xea;
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x68 up to 0x88;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xde up
to 0xea;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xde up
to 0xea;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xe0 up
to 0xea;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xde up
to 0xea;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
revision 0xde up to 0xea;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xde up
to 0xea;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xde up
to 0xea;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xde up
to 0xea;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xde up
to 0xea;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xde up
to 0xea;
- Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
from revision 0x44 up to 0x46;
- Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x16 up
to 0x19;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000159
up to 0x100015b;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003006
up to 0x4003102;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5003006 up to 0x5003102;
- Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x700001e
up to 0x7002302;
- Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision
0x7000019 up to 0x700001b;
- Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000017
up to 0xf000019;
- Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision
0xe00000f up to 0xe000012;
- Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x40 up
to 0x44;
- Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x1e up
to 0x20;
- Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x2e up
to 0x34;
- Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x34 up
to 0x36;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x18 up
to 0x1a;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa0
up to 0xa6;
- Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x28 up
to 0x2a;
- Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xe0 up
to 0xea;
- Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xe0
up to 0xea;
- Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xe0
up to 0xec;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe0
up to 0xe8;
- Update of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode from revision
0xe0 up to 0xea.
* Wed Feb 17 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1 * Wed Feb 17 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210216-1
- Update Intel CPU microcode to microcode-20210216 release (#1902884): - Update Intel CPU microcode to microcode-20210216 release (#1902884):
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in