import microcode_ctl-20191115-4.el8
This commit is contained in:
parent
124cb1f15c
commit
ed8fb64027
|
@ -1 +1,3 @@
|
||||||
SOURCES/microcode-20190514a.tar.gz
|
SOURCES/06-2d-07
|
||||||
|
SOURCES/06-55-04
|
||||||
|
SOURCES/microcode-20191115.tar.gz
|
||||||
|
|
|
@ -1 +1,3 @@
|
||||||
252f56e1e1e6dc491813cb649c5c83fe1ff1c122 SOURCES/microcode-20190514a.tar.gz
|
bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
|
||||||
|
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
|
||||||
|
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
model GenuineIntel 06-2d-07
|
||||||
|
path intel-ucode/06-2d-07
|
||||||
|
disable early late
|
|
@ -0,0 +1,4 @@
|
||||||
|
MDS-related microcode update for Intel Sandy Bridge-EP (family 6, model 45,
|
||||||
|
stepping 7; CPUID 0x206d7) CPUs is disabled as it may cause system instability.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-2d-07_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
|
@ -0,0 +1,55 @@
|
||||||
|
Intel Sandy Bridge-E/EN/EP CPU models (SNB-EP, family 6, model 45, stepping 7)
|
||||||
|
have issues with MDS-related microcode update that may lead to a system hang
|
||||||
|
after a microcode update. In order to address this, microcode update
|
||||||
|
to the MDS-related revision 0x718 has been disabled, and the previously
|
||||||
|
published microcode revision 0x714 is used by default for the OS-driven
|
||||||
|
microcode update.
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-2d-07 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430
|
||||||
|
* 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
|
||||||
|
The information regarding enforcing microcode load is provided below.
|
||||||
|
|
||||||
|
To enforce usage of the 0x718 microcode revision for a specific kernel version,
|
||||||
|
please create file "force-intel-06-2d-07" inside /lib/firmware/<kernel_version>
|
||||||
|
directory, run "/usr/libexec/microcode_ctl/update_ucode" to add it to firmware
|
||||||
|
directory where microcode will be available for late microcode update,
|
||||||
|
and run "dracut -f --kver <kernel_version>", so initramfs for this kernel
|
||||||
|
version is regenerated and the microcode can be loaded early, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-2d-07
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
After that, it is possible to perform a late microcode update by executing
|
||||||
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
||||||
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
||||||
|
|
||||||
|
To enforce addition of this microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
|
@ -0,0 +1,4 @@
|
||||||
|
microcode update for Intel Broadwell-EP/EX (BDX-ML B/M/R0; family 6, model 79,
|
||||||
|
stepping 1; CPUID 0x406f1) CPUs is disabled as it may cause system instability.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
|
@ -49,6 +49,7 @@ kernels, please create a file
|
||||||
"/etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01"
|
"/etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01"
|
||||||
and run "/usr/libexec/microcode_ctl/update_ucode":
|
and run "/usr/libexec/microcode_ctl/update_ucode":
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01
|
touch /etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
|
||||||
|
@ -64,10 +65,11 @@ For enforcing early load of this microcode for all kernels, please
|
||||||
create a file "/etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01"
|
create a file "/etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01"
|
||||||
and run dracut -f --regenerate-all:
|
and run dracut -f --regenerate-all:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01
|
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01
|
||||||
dracut -f --regenerate-all
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
If you want avoid removal of the microcode file during cleanup performed by
|
If you want to avoid removal of the microcode file during cleanup performed by
|
||||||
/usr/libexec/microcode_ctl/update_ucode, please remove the corresponding readme
|
/usr/libexec/microcode_ctl/update_ucode, please remove the corresponding readme
|
||||||
file (/lib/firmware/<kernel_version>/readme-intel-06-4f-01).
|
file (/lib/firmware/<kernel_version>/readme-intel-06-4f-01).
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
model GenuineIntel 06-55-04
|
||||||
|
path intel-ucode/06-55-04
|
||||||
|
disable early late
|
|
@ -0,0 +1,6 @@
|
||||||
|
Microcode revision 0x2000065 for Intel Skylake-SP/X/W (family 6, model 85,
|
||||||
|
stepping 4; CPUID 0x50654) CPUs that has been included into microcode-20191112
|
||||||
|
release is disabled as it may cause system instability and the previous revision
|
||||||
|
0x2000064 is used instead.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-04_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
|
@ -0,0 +1,61 @@
|
||||||
|
Intel Skulake Scalable Platform CPU models (SKL-SP/W/X, family 6, model 85,
|
||||||
|
stepping 4) have reports of system hangs when revision 0x2000065 of microcode,
|
||||||
|
that is included since microcode-20191112 update, is applied. In order
|
||||||
|
to address this, microcode update to this revision has been disabled,
|
||||||
|
and the previously published microcode revision 0x2000064 is used by default
|
||||||
|
for the OS-driven microcode update.
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-55-04 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
|
||||||
|
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
|
||||||
|
The information regarding enforcing microcode update is provided below.
|
||||||
|
|
||||||
|
To enforce usage of the 0x2000065 microcode revision for a specific kernel
|
||||||
|
version, please create a file "force-intel-06-55-04" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
||||||
|
where microcode will be available for late microcode update, and run
|
||||||
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
|
is regenerated and the microcode can be loaded early, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-55-04
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
After that, it is possible to perform a late microcode update by executing
|
||||||
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
||||||
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
||||||
|
|
||||||
|
To enforce addition of this microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-04", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-55-04
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
|
@ -389,8 +389,10 @@ when a microcode update performed on a kernel that contains those changes.
|
||||||
As a result, microcode update for this CPU model is disabled by default;
|
As a result, microcode update for this CPU model is disabled by default;
|
||||||
the microcode file, however, is still shipped as a part of microcode_ctl
|
the microcode file, however, is still shipped as a part of microcode_ctl
|
||||||
package and can be used for performing a microcode update if it is enforced
|
package and can be used for performing a microcode update if it is enforced
|
||||||
via the aforementioned overridden. (See sections "check_caveats script"
|
via the aforementioned overrides. (See the sections "check_caveats script"
|
||||||
and "reload_microcode script" for details).
|
and "reload_microcode script" for details.)
|
||||||
|
|
||||||
|
Caveat name: intel-06-4f-01
|
||||||
|
|
||||||
Affected microcode: intel-ucode/06-4f-01.
|
Affected microcode: intel-ucode/06-4f-01.
|
||||||
|
|
||||||
|
@ -418,9 +420,12 @@ from a cpio archive placed at the beginning of the initramfs image. However,
|
||||||
when an early microcode update is attempted inside some virtualised
|
when an early microcode update is attempted inside some virtualised
|
||||||
environments, that may result in unexpected system behaviour.
|
environments, that may result in unexpected system behaviour.
|
||||||
|
|
||||||
|
Caveat name: intel
|
||||||
|
|
||||||
Affected microcode: all.
|
Affected microcode: all.
|
||||||
|
|
||||||
Mitigation: early microcode loading is disabled for all CPU models.
|
Mitigation: early microcode loading is disabled for all CPU models on kernels
|
||||||
|
without the fix.
|
||||||
|
|
||||||
Minimum versions of the kernel package that contain the fix:
|
Minimum versions of the kernel package that contain the fix:
|
||||||
- Upstream/RHEL 8: 4.10.0
|
- Upstream/RHEL 8: 4.10.0
|
||||||
|
@ -431,16 +436,52 @@ Minimum versions of the kernel package that contain the fix:
|
||||||
- RHEL 7.2: 3.10.0-327.73.1
|
- RHEL 7.2: 3.10.0-327.73.1
|
||||||
|
|
||||||
|
|
||||||
|
Intel Sandy Bridge-E/EN/EP caveat
|
||||||
|
---------------------------------
|
||||||
|
MDS-related microcode revision 0x718 for Intel Sandy Bridge-E/EN/EP
|
||||||
|
(SNB-EP, family 6, model 45, stepping 7) may lead to system instability.
|
||||||
|
In order to address this, this microcode update is not used and the previous
|
||||||
|
microcode revision is provided instead by default; the microcode file, however,
|
||||||
|
is still shipped as part of microcode_ctl package and can be used for performing
|
||||||
|
a microcode update if it is enforced via the aforementioned overrides. (See
|
||||||
|
the sections "check_caveats script" and "reload_microcode script" for details.)
|
||||||
|
|
||||||
|
Caveat name: intel-06-2d-07
|
||||||
|
|
||||||
|
Affected microcode: intel-ucode/06-2d-07.
|
||||||
|
|
||||||
|
Mitigation: previously published microcode revision 0x714 is used by default.
|
||||||
|
|
||||||
|
|
||||||
|
Intel Skylake-SP/W/X caveat
|
||||||
|
---------------------------
|
||||||
|
Microcode revision 0x2000065 for Intel Skylake Scalable Platform (SKL-SP/W/X,
|
||||||
|
family 6, model 85, stepping 4) may lead to system instability.
|
||||||
|
In order to address this, this microcode update is not used and the previous
|
||||||
|
microcode revision is provided instead by default; the microcode file, however,
|
||||||
|
is still shipped as part of microcode_ctl package and can be used for performing
|
||||||
|
a microcode update if it is enforced via the aforementioned overrides.
|
||||||
|
(See the sections "check_caveats script" and "reload_microcode script"
|
||||||
|
for details.)
|
||||||
|
|
||||||
|
Caveat name: intel-06-55-04
|
||||||
|
|
||||||
|
Affected microcode: intel-ucode/06-55-04.
|
||||||
|
|
||||||
|
Mitigation: previously published microcode revision 0x2000064 is used
|
||||||
|
by default.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Additional information
|
Additional information
|
||||||
======================
|
======================
|
||||||
Red Hat provides updated microcode, developed by our microprocessor
|
Red Hat provides updated microcode, developed by its microprocessor partners,
|
||||||
partners, as a customer convenience. Please contact your hardware vendor
|
as a customer convenience. Please contact your hardware vendor to determine
|
||||||
to determine whether more recent BIOS/firmware updates are recommended
|
whether more recent BIOS/firmware updates are recommended because additional
|
||||||
because additional improvements may be available.
|
improvements may be available.
|
||||||
|
|
||||||
Information regarding microcode revisions required for mitigating specific
|
Information regarding microcode revisions required for mitigating specific
|
||||||
microarchitectural side-channel attacks is available in the following
|
Intel CPU vulnerabilities is available in the following knowledge base articles:
|
||||||
knowledge base articles:
|
|
||||||
* CVE-2017-5715 ("Spectre"):
|
* CVE-2017-5715 ("Spectre"):
|
||||||
https://access.redhat.com/articles/3436091
|
https://access.redhat.com/articles/3436091
|
||||||
* CVE-2018-3639 ("Speculative Store Bypass"):
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
@ -450,3 +491,8 @@ knowledge base articles:
|
||||||
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
("Microarchitectural Data Sampling"):
|
("Microarchitectural Data Sampling"):
|
||||||
https://access.redhat.com/articles/4138151
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
|
|
@ -10,8 +10,10 @@
|
||||||
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
|
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo 'Usage: check_caveats [-e] [-k TARGET_KVER] [-c CONFIG] [-m] [-v]'
|
echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
|
||||||
|
echo ' [-m] [-v]'
|
||||||
echo
|
echo
|
||||||
|
echo ' -d - enables disclaimer printing mode'
|
||||||
echo ' -e - check for early microcode load possibility (instead of'
|
echo ' -e - check for early microcode load possibility (instead of'
|
||||||
echo ' late microcode load)'
|
echo ' late microcode load)'
|
||||||
echo ' -k - target version to check against, $(uname -r) is used'
|
echo ' -k - target version to check against, $(uname -r) is used'
|
||||||
|
@ -178,6 +180,9 @@ fail()
|
||||||
|
|
||||||
fail_cfgs="$fail_cfgs $cfg"
|
fail_cfgs="$fail_cfgs $cfg"
|
||||||
fail_paths="$fail_paths $cfg_path"
|
fail_paths="$fail_paths $cfg_path"
|
||||||
|
|
||||||
|
[ 0 -eq "$print_disclaimers" ] || [ ! -e "${dir}/disclaimer" ] \
|
||||||
|
|| cat "${dir}/disclaimer"
|
||||||
}
|
}
|
||||||
|
|
||||||
#check_kver "$@"
|
#check_kver "$@"
|
||||||
|
@ -188,11 +193,16 @@ configs=
|
||||||
kver=$(/bin/uname -r)
|
kver=$(/bin/uname -r)
|
||||||
verbose=0
|
verbose=0
|
||||||
early_check=0
|
early_check=0
|
||||||
|
print_disclaimers=0
|
||||||
|
|
||||||
ret=0
|
ret=0
|
||||||
|
|
||||||
while getopts "ek:c:mv" opt; do
|
while getopts "dek:c:mv" opt; do
|
||||||
case "${opt}" in
|
case "${opt}" in
|
||||||
|
d)
|
||||||
|
print_disclaimers=1
|
||||||
|
early_check=2
|
||||||
|
;;
|
||||||
e)
|
e)
|
||||||
early_check=1
|
early_check=1
|
||||||
;;
|
;;
|
||||||
|
@ -472,6 +482,8 @@ for cfg in $(echo "${configs}"); do
|
||||||
ok_paths="$ok_paths $cfg_path"
|
ok_paths="$ok_paths $cfg_path"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
[ 0 -eq "$print_disclaimers" ] || exit 0
|
||||||
|
|
||||||
echo "cfgs$ret_cfgs"
|
echo "cfgs$ret_cfgs"
|
||||||
echo "skip_cfgs$skip_cfgs"
|
echo "skip_cfgs$skip_cfgs"
|
||||||
echo "paths$ret_paths"
|
echo "paths$ret_paths"
|
||||||
|
|
|
@ -43,7 +43,8 @@ install() {
|
||||||
dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\""
|
dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\""
|
||||||
}
|
}
|
||||||
|
|
||||||
while read -d "/" -r i; do
|
fw_dir_add=""
|
||||||
|
while read -d $'\n' -r i; do
|
||||||
dinfo " microcode_ctl: processing data directory " \
|
dinfo " microcode_ctl: processing data directory " \
|
||||||
"\"$DATA_DIR/$i\"..."
|
"\"$DATA_DIR/$i\"..."
|
||||||
|
|
||||||
|
@ -117,8 +118,10 @@ install() {
|
||||||
|
|
||||||
# $path is a list of globs, so it needs special care
|
# $path is a list of globs, so it needs special care
|
||||||
for p in $(printf "%s" "$path"); do
|
for p in $(printf "%s" "$path"); do
|
||||||
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
# "true" is due to sporadic SIGPIPE from find
|
||||||
-print0 \
|
# when "grep -q" exits early.
|
||||||
|
{ find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
||||||
|
-print0; true; } \
|
||||||
| grep -zFxq \
|
| grep -zFxq \
|
||||||
"$DATA_DIR/$i/$ucode_dir/$ucode" \
|
"$DATA_DIR/$i/$ucode_dir/$ucode" \
|
||||||
|| continue
|
|| continue
|
||||||
|
@ -143,8 +146,12 @@ install() {
|
||||||
dinfo " microcode_ctl: $i: caveats check for kernel" \
|
dinfo " microcode_ctl: $i: caveats check for kernel" \
|
||||||
"version \"$kernel\" passed, adding" \
|
"version \"$kernel\" passed, adding" \
|
||||||
"\"$DATA_DIR/$i\" to fw_dir variable"
|
"\"$DATA_DIR/$i\" to fw_dir variable"
|
||||||
fw_dir="$DATA_DIR/$i $fw_dir"
|
|
||||||
|
|
||||||
|
if [ 0 -eq "$do_skip_host_only" ]; then
|
||||||
|
fw_dir_add="$DATA_DIR/$i "
|
||||||
|
else
|
||||||
|
fw_dir_add="$DATA_DIR/$i $fw_dir_add"
|
||||||
|
fi
|
||||||
# The list of directories is reverse-sorted in order to preserve the
|
# The list of directories is reverse-sorted in order to preserve the
|
||||||
# "last wins" policy in case of presence of multiple microcode
|
# "last wins" policy in case of presence of multiple microcode
|
||||||
# revisions.
|
# revisions.
|
||||||
|
@ -153,11 +160,20 @@ install() {
|
||||||
# but since the microcode search is done with the "first wins" policy
|
# but since the microcode search is done with the "first wins" policy
|
||||||
# by the (early) microcode loading code, the correct microcode revision
|
# by the (early) microcode loading code, the correct microcode revision
|
||||||
# still has to be picked.
|
# still has to be picked.
|
||||||
|
#
|
||||||
|
# Note that dracut without patch [1] puts only the last directory
|
||||||
|
# in the early cpio; we try to address this by putting only the last
|
||||||
|
# matching caveat in the search path, but that workaround works only
|
||||||
|
# for host-only mode; non-host-only mode early cpio generation is still
|
||||||
|
# broken without that patch.
|
||||||
|
#
|
||||||
|
# [1] https://github.com/dracutdevs/dracut/commit/c44d2252bb4b
|
||||||
done <<-EOF
|
done <<-EOF
|
||||||
$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/" \
|
$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f\n" \
|
||||||
| sort -r)
|
| LC_ALL=C sort)
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
fw_dir="${fw_dir_add}${fw_dir}"
|
||||||
dinfo " microcode_ctl: final fw_dir: \"${fw_dir}\""
|
dinfo " microcode_ctl: final fw_dir: \"${fw_dir}\""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#! /bin/bash -efux
|
#! /bin/bash -efu
|
||||||
|
|
||||||
# Generator of RPM "Provides:" tags for Intel microcode files.
|
# Generator of RPM "Provides:" tags for Intel microcode files.
|
||||||
#
|
#
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
This kernel doesn't handle early microcode load properly (it tries to load
|
||||||
|
microcode even in virtualised environment, which may lead to a panic on some
|
||||||
|
hypervisors), thus the microcode files have not been added to the initramfs
|
||||||
|
image. Please update your kernel to one of the following:
|
||||||
|
RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
|
||||||
|
RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
|
||||||
|
RHEL 7.3: kernel-3.10.0-514.57.1 or newer;
|
||||||
|
RHEL 7.2: kernel-3.10.0-327.73.1 or newer.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/intel_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
|
@ -18,8 +18,7 @@ If you want to avoid early load of microcode for a specific kernel, please
|
||||||
create "disallow-early-intel" file inside /lib/firmware/<kernel_version>
|
create "disallow-early-intel" file inside /lib/firmware/<kernel_version>
|
||||||
directory and run dracut -f --kver "<kernel_version>":
|
directory and run dracut -f --kver "<kernel_version>":
|
||||||
|
|
||||||
touch /lib/firmware/3.10.0-862.9.1/disallow-intel
|
touch /lib/firmware/3.10.0-862.9.1/disallow-early-intel
|
||||||
/usr/libexec/microcode_ctl/update_ucode
|
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
If you want to avoid early load of microcode for all kernels, please create
|
If you want to avoid early load of microcode for all kernels, please create
|
||||||
|
@ -27,14 +26,13 @@ If you want to avoid early load of microcode for all kernels, please create
|
||||||
directory and run dracut -f --regenerate-all:
|
directory and run dracut -f --regenerate-all:
|
||||||
|
|
||||||
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-early-intel
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
If you want to enforce early load of microcode for a specific kernel, please
|
If you want to enforce early load of microcode for a specific kernel, please
|
||||||
create "force-early-intel" file inside /lib/firmware/<kernel_version> directory
|
create "force-early-intel" file inside /lib/firmware/<kernel_version> directory
|
||||||
and run dracut -f --kver "<kernel_version>":
|
and run dracut -f --kver "<kernel_version>":
|
||||||
|
|
||||||
modir -p/lib/firmware/3.10.0-862.9.1/
|
|
||||||
touch /lib/firmware/3.10.0-862.9.1/force-early-intel
|
touch /lib/firmware/3.10.0-862.9.1/force-early-intel
|
||||||
dracut -f --kver 3.10.0-862.9.1
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
@ -46,8 +44,9 @@ directory and run dracut -f --kver "<kernel_version>":
|
||||||
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel
|
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel
|
||||||
dracut -f --regenerate-all
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
In order to override late load behaviour, the "early" part of file names should
|
In order to override the late load behaviour, the "early" part of file names
|
||||||
be replaced with "late" (and there is no need to call dracut in that case).
|
should be replaced with "late" (and there is no need to call dracut
|
||||||
|
in that case).
|
||||||
|
|
||||||
|
|
||||||
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
%define intel_ucode_version 20190514a
|
%define intel_ucode_version 20191115
|
||||||
%define intel_ucode_file_id 28727
|
%define intel_ucode_file_id 28727
|
||||||
%global debug_package %{nil}
|
%global debug_package %{nil}
|
||||||
|
|
||||||
|
@ -13,13 +13,19 @@
|
||||||
|
|
||||||
Summary: CPU microcode updates for Intel x86 processors
|
Summary: CPU microcode updates for Intel x86 processors
|
||||||
Name: microcode_ctl
|
Name: microcode_ctl
|
||||||
Version: 20180807a
|
Version: %{intel_ucode_version}
|
||||||
Release: 2.%{intel_ucode_version}.2%{?dist}
|
Release: 4%{?dist}
|
||||||
Epoch: 4
|
Epoch: 4
|
||||||
License: CC0 and Redistributable, no modification permitted
|
License: CC0 and Redistributable, no modification permitted
|
||||||
URL: https://downloadcenter.intel.com/download/%{intel_ucode_file_id}/Linux-Processor-Microcode-Data-File
|
URL: https://downloadcenter.intel.com/download/%{intel_ucode_file_id}/Linux-Processor-Microcode-Data-File
|
||||||
Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
|
Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
|
||||||
|
|
||||||
|
# (Pre-MDS) revision 0x714 of 06-2d-07 microcode
|
||||||
|
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
|
||||||
|
|
||||||
|
# (Pre-20191112) revision 0x2000064 of 06-55-04 microcode
|
||||||
|
Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04
|
||||||
|
|
||||||
|
|
||||||
# systemd unit
|
# systemd unit
|
||||||
Source10: microcode.service
|
Source10: microcode.service
|
||||||
|
@ -39,14 +45,34 @@ Source41: README.caveats
|
||||||
|
|
||||||
## Caveats
|
## Caveats
|
||||||
# BDW EP/EX
|
# BDW EP/EX
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1622180
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1623630
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1646383
|
||||||
Source100: 06-4f-01_readme
|
Source100: 06-4f-01_readme
|
||||||
Source101: 06-4f-01_config
|
Source101: 06-4f-01_config
|
||||||
|
Source102: 06-4f-01_disclaimer
|
||||||
|
|
||||||
# Unsafe early MC update inside VM:
|
# Unsafe early MC update inside VM:
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1596627
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1596627
|
||||||
Source110: intel_readme
|
Source110: intel_readme
|
||||||
Source111: intel_config
|
Source111: intel_config
|
||||||
|
Source112: intel_disclaimer
|
||||||
|
|
||||||
|
# SNB-EP (CPUID 0x206d7) post-MDS hangs
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1758382
|
||||||
|
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
|
||||||
|
Source120: 06-2d-07_readme
|
||||||
|
Source121: 06-2d-07_config
|
||||||
|
Source122: 06-2d-07_disclaimer
|
||||||
|
|
||||||
|
# SKL-SP/W/X (CPUID 0x50654) post-20191112 hangs
|
||||||
|
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
|
||||||
|
Source130: 06-55-04_readme
|
||||||
|
Source131: 06-55-04_config
|
||||||
|
Source132: 06-55-04_disclaimer
|
||||||
|
|
||||||
|
|
||||||
|
# "Provides:" RPM tags generator
|
||||||
Source200: gen_provides.sh
|
Source200: gen_provides.sh
|
||||||
|
|
||||||
ExclusiveArch: %{ix86} x86_64
|
ExclusiveArch: %{ix86} x86_64
|
||||||
|
@ -54,7 +80,7 @@ BuildRequires: systemd-units
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
Requires(posttrans): kernel
|
Requires(posttrans): dracut
|
||||||
|
|
||||||
%global _use_internal_dependency_generator 0
|
%global _use_internal_dependency_generator 0
|
||||||
%define __find_provides "%{SOURCE200}"
|
%define __find_provides "%{SOURCE200}"
|
||||||
|
@ -73,6 +99,14 @@ is no longer used for microcode upload and, as a result, no longer provided.
|
||||||
%setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}"
|
%setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}"
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
# replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version
|
||||||
|
mv intel-ucode/06-2d-07 intel-ucode-with-caveats/
|
||||||
|
cp "%{SOURCE2}" intel-ucode/
|
||||||
|
|
||||||
|
# replacing SKL-SP/W/X (CPUID 0x50654) microcode with pre-20191112 version
|
||||||
|
mv intel-ucode/06-55-04 intel-ucode-with-caveats/
|
||||||
|
cp "%{SOURCE3}" intel-ucode/
|
||||||
|
|
||||||
:
|
:
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
@ -103,18 +137,21 @@ install "%{SOURCE30}" "%{SOURCE31}" "%{SOURCE32}" \
|
||||||
## Documentation
|
## Documentation
|
||||||
install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats"
|
install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats"
|
||||||
|
|
||||||
|
# caveats readme
|
||||||
install "%{SOURCE41}" \
|
install "%{SOURCE41}" \
|
||||||
-m 644 -t "%{buildroot}/%{_pkgdocdir}/"
|
-m 644 -t "%{buildroot}/%{_pkgdocdir}/"
|
||||||
|
|
||||||
# Provide Intel microcode license, as it requires so
|
# Provide Intel microcode license, as it requires so
|
||||||
install -m 644 license \
|
install -m 644 license \
|
||||||
"%{buildroot}/%{_pkgdocdir}/LICENSE.intel-ucode"
|
"%{buildroot}/%{_pkgdocdir}/LICENSE.intel-ucode"
|
||||||
|
|
||||||
|
# Provide release notes for Intel microcode
|
||||||
install -m 644 releasenote \
|
install -m 644 releasenote \
|
||||||
"%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode"
|
"%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode"
|
||||||
|
|
||||||
# caveats
|
# caveats
|
||||||
install -m 644 "%{SOURCE100}" "%{SOURCE110}" \
|
install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \
|
||||||
-t "%{buildroot}/%{_pkgdocdir}/caveats/"
|
-t "%{buildroot}/%{_pkgdocdir}/caveats/"
|
||||||
|
|
||||||
|
|
||||||
## Caveat data
|
## Caveat data
|
||||||
|
@ -122,9 +159,10 @@ install -m 644 "%{SOURCE100}" "%{SOURCE110}" \
|
||||||
# BDW caveat
|
# BDW caveat
|
||||||
%define bdw_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4f-01/
|
%define bdw_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4f-01/
|
||||||
install -m 755 -d "%{bdw_inst_dir}/intel-ucode"
|
install -m 755 -d "%{bdw_inst_dir}/intel-ucode"
|
||||||
install -m 644 intel-ucode-with-caveats/* -t "%{bdw_inst_dir}/intel-ucode/"
|
install -m 644 intel-ucode-with-caveats/06-4f-01 -t "%{bdw_inst_dir}/intel-ucode/"
|
||||||
install -m 644 "%{SOURCE100}" "%{bdw_inst_dir}/readme"
|
install -m 644 "%{SOURCE100}" "%{bdw_inst_dir}/readme"
|
||||||
install -m 644 "%{SOURCE101}" "%{bdw_inst_dir}/config"
|
install -m 644 "%{SOURCE101}" "%{bdw_inst_dir}/config"
|
||||||
|
install -m 644 "%{SOURCE102}" "%{bdw_inst_dir}/disclaimer"
|
||||||
|
|
||||||
# Early update caveat
|
# Early update caveat
|
||||||
%define intel_inst_dir %{buildroot}/%{caveat_dir}/intel/
|
%define intel_inst_dir %{buildroot}/%{caveat_dir}/intel/
|
||||||
|
@ -132,12 +170,23 @@ install -m 755 -d "%{intel_inst_dir}/intel-ucode"
|
||||||
install -m 644 intel-ucode/* -t "%{intel_inst_dir}/intel-ucode/"
|
install -m 644 intel-ucode/* -t "%{intel_inst_dir}/intel-ucode/"
|
||||||
install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme"
|
install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme"
|
||||||
install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config"
|
install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config"
|
||||||
|
install -m 644 "%{SOURCE112}" "%{intel_inst_dir}/disclaimer"
|
||||||
|
|
||||||
|
# SNB caveat
|
||||||
|
%define snb_inst_dir %{buildroot}/%{caveat_dir}/intel-06-2d-07/
|
||||||
|
install -m 755 -d "%{snb_inst_dir}/intel-ucode"
|
||||||
|
install -m 644 intel-ucode-with-caveats/06-2d-07 -t "%{snb_inst_dir}/intel-ucode/"
|
||||||
|
install -m 644 "%{SOURCE120}" "%{snb_inst_dir}/readme"
|
||||||
|
install -m 644 "%{SOURCE121}" "%{snb_inst_dir}/config"
|
||||||
|
install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer"
|
||||||
|
|
||||||
## Cleanup
|
# SKL-SP caveat
|
||||||
#rm -f intel-ucode-with-caveats/06-4f-01
|
%define skl_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/
|
||||||
#rmdir intel-ucode-with-caveats
|
install -m 755 -d "%{skl_inst_dir}/intel-ucode"
|
||||||
#rm -rf intel-ucode
|
install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_inst_dir}/intel-ucode/"
|
||||||
|
install -m 644 "%{SOURCE130}" "%{skl_inst_dir}/readme"
|
||||||
|
install -m 644 "%{SOURCE131}" "%{skl_inst_dir}/config"
|
||||||
|
install -m 644 "%{SOURCE132}" "%{skl_inst_dir}/disclaimer"
|
||||||
|
|
||||||
|
|
||||||
%post
|
%post
|
||||||
|
@ -145,6 +194,15 @@ install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config"
|
||||||
%{update_ucode}
|
%{update_ucode}
|
||||||
%{reload_microcode}
|
%{reload_microcode}
|
||||||
|
|
||||||
|
# send the message to syslog, so it gets recorded on /var/log
|
||||||
|
if [ -e /usr/bin/logger ]; then
|
||||||
|
%{check_caveats} -m -d | /usr/bin/logger -p syslog.notice -t DISCLAIMER
|
||||||
|
fi
|
||||||
|
# also paste it over dmesg (some customers drop dmesg messages while
|
||||||
|
# others keep them into /var/log for the later case, we'll have the
|
||||||
|
# disclaimer recorded twice into system logs.
|
||||||
|
%{check_caveats} -m -d > /dev/kmsg
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%posttrans
|
%posttrans
|
||||||
|
@ -237,10 +295,10 @@ rm -f "%{rpm_state_dir}/microcode_ctl_un_file_list"
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
|
||||||
%triggerin -- kernel-core
|
%triggerin -- kernel-core, kernel-debug-core, kernel-rt-core, kernel-rt-debug-core
|
||||||
%{update_ucode}
|
%{update_ucode}
|
||||||
|
|
||||||
%triggerpostun -- kernel-core
|
%triggerpostun -- kernel-core, kernel-debug-core, kernel-rt-core, kernel-rt-debug-core
|
||||||
%{update_ucode}
|
%{update_ucode}
|
||||||
|
|
||||||
|
|
||||||
|
@ -260,18 +318,112 @@ rm -rf %{buildroot}
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Sun Jun 02 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20180807a-2.20190514a.2
|
* Mon Dec 09 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-4
|
||||||
|
- Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script
|
||||||
|
(#1781365).
|
||||||
|
|
||||||
|
* Mon Dec 02 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-3
|
||||||
|
- Update stale posttrans dependency, add triggers for proper handling
|
||||||
|
of the debug kernel flavour along with kernel-rt (#1766178).
|
||||||
|
|
||||||
|
* Mon Nov 18 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-2
|
||||||
|
- Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064
|
||||||
|
by default (#1774322).
|
||||||
|
|
||||||
|
* Sat Nov 16 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191115-1
|
||||||
|
- Update Intel CPU microcode to microcode-20191115 release:
|
||||||
|
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6;
|
||||||
|
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4
|
||||||
|
up to 0xd6;
|
||||||
|
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision
|
||||||
|
0xc6 up to 0xca;
|
||||||
|
- Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6
|
||||||
|
up to 0xca;
|
||||||
|
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca;
|
||||||
|
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca.
|
||||||
|
|
||||||
|
* Fri Nov 15 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191113-1
|
||||||
|
- Update Intel CPU microcode to microcode-20191113 release:
|
||||||
|
- Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6.
|
||||||
|
- Drop 0001-releasenote-changes-summary-fixes.patch.
|
||||||
|
|
||||||
|
* Tue Nov 12 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191112-2
|
||||||
|
- Package the publicy available microcode-20191112 release (#1755027):
|
||||||
|
- Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d;
|
||||||
|
- Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c;
|
||||||
|
- Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16;
|
||||||
|
- Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150
|
||||||
|
up to 0x1000151;
|
||||||
|
- Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision
|
||||||
|
0x2000064 up to 0x2000065;
|
||||||
|
- Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b
|
||||||
|
up to 0x500002c;
|
||||||
|
- Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32;
|
||||||
|
- Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release.
|
||||||
|
- Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch).
|
||||||
|
- Update README.caveats with the link to the new Knowledge Base article.
|
||||||
|
|
||||||
|
* Thu Nov 07 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20191112-1
|
||||||
|
- Intel CPU microcode update to 20191112, addresses CVE-2017-5715,
|
||||||
|
CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1755019, #1764060, #1764073,
|
||||||
|
#1764952, #1764972, #1765000, #1765404, #1765416, #1766444, #1766873):
|
||||||
|
- Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6;
|
||||||
|
- Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a;
|
||||||
|
- Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150;
|
||||||
|
- Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46;
|
||||||
|
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4;
|
||||||
|
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc
|
||||||
|
to 0xd4
|
||||||
|
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6;
|
||||||
|
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6;
|
||||||
|
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4
|
||||||
|
to 0xc6;
|
||||||
|
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6;
|
||||||
|
- Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6;
|
||||||
|
- Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6;
|
||||||
|
- Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6;
|
||||||
|
- Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6;
|
||||||
|
- Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4
|
||||||
|
to 0xc6;
|
||||||
|
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4
|
||||||
|
to 0xc6;
|
||||||
|
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6;
|
||||||
|
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6.
|
||||||
|
|
||||||
|
* Thu Oct 10 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190918-3
|
||||||
|
- Rework dracut hook to address dracut's early initramfs generation
|
||||||
|
behaviour (#1760508).
|
||||||
|
|
||||||
|
* Sun Oct 06 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190918-2
|
||||||
|
- Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714
|
||||||
|
by default.
|
||||||
|
|
||||||
|
* Thu Sep 19 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190918-1
|
||||||
|
- Intel CPU microcode update to 20190918 (#1753544).
|
||||||
|
- Add new disclaimer, generated based on relevant caveats.
|
||||||
|
|
||||||
|
* Wed Jun 19 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190618-1
|
||||||
|
- Intel CPU microcode update to 20190618 (#1717240).
|
||||||
|
|
||||||
|
* Sun Jun 02 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190514a-2
|
||||||
- Remove disclaimer, as it is not as important now to justify kmsg/log
|
- Remove disclaimer, as it is not as important now to justify kmsg/log
|
||||||
pollution; its contents are partially adopted in README.caveats.
|
pollution; its contents are partially adopted in README.caveats.
|
||||||
|
|
||||||
* Mon May 20 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20180807a-2.20190514a.1
|
* Mon May 20 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190514a-1
|
||||||
- Intel CPU microcode update to 20190514a (#1715334).
|
- Intel CPU microcode update to 20190514a (#1711940).
|
||||||
|
|
||||||
* Fri May 10 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20180807a-2.20190507.1
|
* Thu May 09 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20190507-1
|
||||||
- Intel CPU microcode update to 20190507 (#1704339).
|
- Intel CPU microcode update to 20190507 (#1697901).
|
||||||
|
|
||||||
* Fri May 10 2019 Eugene Syromiatnikov <esyr@redhat.com> 4:20180807a-2.20190312.1
|
* Mon Apr 15 2019 Eugene Syromiatnikov <esyr@redhat.com> 4:20190312-1
|
||||||
- Intel CPU microcode update to 20190312 (#1704339).
|
- Intel CPU microcode update to 20190312 (#1660320).
|
||||||
- Add "Provides:" tags generation.
|
- Add "Provides:" tags generation.
|
||||||
|
|
||||||
* Tue Nov 06 2018 Eugene Syromiatnikov <esyr@redhat.com> 4:20180807a-2
|
* Tue Nov 06 2018 Eugene Syromiatnikov <esyr@redhat.com> 4:20180807a-2
|
||||||
|
|
Loading…
Reference in New Issue