rpms
/
microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8-beta/microcode_ctl-20180807a-2.20190514a.2.el8_0
Branches Tags
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:c9s
rpms:a9
rpms:a8
rpms:c8s
rpms:imports/c9/microcode_ctl-20230808-2.20231009.1.el9_3
rpms:imports/c8/microcode_ctl-20230808-2.20231009.1.el8_9
rpms:imports/c8-beta/microcode_ctl-20230808-2.el8
rpms:imports/c9-beta/microcode_ctl-20230808-2.el9
rpms:imports/c9/microcode_ctl-20220809-2.20230808.2.el9_2
rpms:imports/c8/microcode_ctl-20220809-2.20230808.2.el8_8
rpms:imports/c8/microcode_ctl-20230808-2.el8_8
rpms:changed/a9/microcode_ctl-20220809-2.20230808.1.el9_2.alma
rpms:changed/a8/microcode_ctl-20220809-2.20230808.1.el8_8.alma
rpms:changed/a8/microcode_ctl-20220809-2.20230214.1.el8_8.alma
rpms:imports/c8s/microcode_ctl-20230214-1.el8
rpms:imports/c9/microcode_ctl-20220809-2.20230214.1.el9_2
rpms:imports/c8/microcode_ctl-20220809-2.el8
rpms:imports/c9/microcode_ctl-20220809-2.el9
rpms:imports/c9-beta/microcode_ctl-20220809-2.el9
rpms:imports/c8-beta/microcode_ctl-20220809-2.el8
rpms:imports/c8s/microcode_ctl-20220809-2.el8
rpms:imports/c9/microcode_ctl-20220809-1.el9
rpms:imports/c8s/microcode_ctl-20220207-1.20220809.1.el8_6
rpms:imports/c8/microcode_ctl-20220809-1.el8
rpms:imports/c9/microcode_ctl-20220207-1.20220809.1.el9_0
rpms:imports/c9-beta/microcode_ctl-20220510-1.el9
rpms:imports/c8-beta/microcode_ctl-20220510-1.el8
rpms:imports/c8s/microcode_ctl-20220809-1.el8
rpms:imports/c9/microcode_ctl-20220207-1.20220510.1.el9_0
rpms:imports/c8/microcode_ctl-20220207-1.20220510.1.el8_6
rpms:imports/c8s/microcode_ctl-20220510-1.el8
rpms:imports/c9/microcode_ctl-20220207-1.el9
rpms:imports/c8/microcode_ctl-20220207-1.el8
rpms:imports/c8/microcode_ctl-20210608-1.20220207.1.el8_5
rpms:imports/c8-beta/microcode_ctl-20220207-1.el8
rpms:imports/c9-beta/microcode_ctl-20220207-1.el9
rpms:imports/c8s/microcode_ctl-20220207-1.el8
rpms:imports/c8s/microcode_ctl-20210608-1.20220204.1.el8_5
rpms:imports/c9-beta/microcode_ctl-20210608-2.el9
rpms:imports/c8/microcode_ctl-20210608-1.el8
rpms:imports/c8-beta/microcode_ctl-20210608-1.el8
rpms:imports/c8-beta/microcode_ctl-20210216-1.el8
rpms:imports/c8-beta/microcode_ctl-20200609-2.el8
rpms:imports/c8-beta/microcode_ctl-20191115-4.el8
rpms:imports/c8-beta/microcode_ctl-20180807a-2.20190514a.2.el8_0
rpms:imports/c8s/microcode_ctl-20210608-1.el8
rpms:imports/c8s/microcode_ctl-20210216-1.20210525.1.el8_4
rpms:imports/c8s/microcode_ctl-20210216-1.el8
rpms:imports/c8s/microcode_ctl-20201112-2.el8
rpms:imports/c8s/microcode_ctl-20201112-1.el8
rpms:imports/c8/microcode_ctl-20210216-1.20210608.1.el8_4
rpms:imports/c8/microcode_ctl-20210216-1.20210525.1.el8_4
rpms:imports/c8/microcode_ctl-20210216-1.el8
rpms:imports/c8/microcode_ctl-20200609-2.20210216.1.el8_3
rpms:imports/c8/microcode_ctl-20200609-2.20201112.1.el8_3
...
compare: rpms:c8
Branches Tags
rpms:c9
rpms:c8
rpms:c8-beta
rpms:c9-beta
rpms:c9s
rpms:a9
rpms:a8
rpms:c8s
rpms:imports/c9/microcode_ctl-20230808-2.20231009.1.el9_3
rpms:imports/c8/microcode_ctl-20230808-2.20231009.1.el8_9
rpms:imports/c8-beta/microcode_ctl-20230808-2.el8
rpms:imports/c9-beta/microcode_ctl-20230808-2.el9
rpms:imports/c9/microcode_ctl-20220809-2.20230808.2.el9_2
rpms:imports/c8/microcode_ctl-20220809-2.20230808.2.el8_8
rpms:imports/c8/microcode_ctl-20230808-2.el8_8
rpms:changed/a9/microcode_ctl-20220809-2.20230808.1.el9_2.alma
rpms:changed/a8/microcode_ctl-20220809-2.20230808.1.el8_8.alma
rpms:changed/a8/microcode_ctl-20220809-2.20230214.1.el8_8.alma
rpms:imports/c8s/microcode_ctl-20230214-1.el8
rpms:imports/c9/microcode_ctl-20220809-2.20230214.1.el9_2
rpms:imports/c8/microcode_ctl-20220809-2.el8
rpms:imports/c9/microcode_ctl-20220809-2.el9
rpms:imports/c9-beta/microcode_ctl-20220809-2.el9
rpms:imports/c8-beta/microcode_ctl-20220809-2.el8
rpms:imports/c8s/microcode_ctl-20220809-2.el8
rpms:imports/c9/microcode_ctl-20220809-1.el9
rpms:imports/c8s/microcode_ctl-20220207-1.20220809.1.el8_6
rpms:imports/c8/microcode_ctl-20220809-1.el8
rpms:imports/c9/microcode_ctl-20220207-1.20220809.1.el9_0
rpms:imports/c9-beta/microcode_ctl-20220510-1.el9
rpms:imports/c8-beta/microcode_ctl-20220510-1.el8
rpms:imports/c8s/microcode_ctl-20220809-1.el8
rpms:imports/c9/microcode_ctl-20220207-1.20220510.1.el9_0
rpms:imports/c8/microcode_ctl-20220207-1.20220510.1.el8_6
rpms:imports/c8s/microcode_ctl-20220510-1.el8
rpms:imports/c9/microcode_ctl-20220207-1.el9
rpms:imports/c8/microcode_ctl-20220207-1.el8
rpms:imports/c8/microcode_ctl-20210608-1.20220207.1.el8_5
rpms:imports/c8-beta/microcode_ctl-20220207-1.el8
rpms:imports/c9-beta/microcode_ctl-20220207-1.el9
rpms:imports/c8s/microcode_ctl-20220207-1.el8
rpms:imports/c8s/microcode_ctl-20210608-1.20220204.1.el8_5
rpms:imports/c9-beta/microcode_ctl-20210608-2.el9
rpms:imports/c8/microcode_ctl-20210608-1.el8
rpms:imports/c8-beta/microcode_ctl-20210608-1.el8
rpms:imports/c8-beta/microcode_ctl-20210216-1.el8
rpms:imports/c8-beta/microcode_ctl-20200609-2.el8
rpms:imports/c8-beta/microcode_ctl-20191115-4.el8
rpms:imports/c8-beta/microcode_ctl-20180807a-2.20190514a.2.el8_0
rpms:imports/c8s/microcode_ctl-20210608-1.el8
rpms:imports/c8s/microcode_ctl-20210216-1.20210525.1.el8_4
rpms:imports/c8s/microcode_ctl-20210216-1.el8
rpms:imports/c8s/microcode_ctl-20201112-2.el8
rpms:imports/c8s/microcode_ctl-20201112-1.el8
rpms:imports/c8/microcode_ctl-20210216-1.20210608.1.el8_4
rpms:imports/c8/microcode_ctl-20210216-1.20210525.1.el8_4
rpms:imports/c8/microcode_ctl-20210216-1.el8
rpms:imports/c8/microcode_ctl-20200609-2.20210216.1.el8_3
rpms:imports/c8/microcode_ctl-20200609-2.20201112.1.el8_3

No commits in common. "imports/c8-beta/microcode_ctl-20180807a-2.20190514a.2.el8_0" and "c8" have entirely different histories.
imports/c8 ... c8

50 changed files with 6349 additions and 265 deletions
Show Stats Expand all files Collapse all files

8
.gitignore vendored
View File

@ -1 +1,7 @@
SOURCES/microcode-20190514a.tar.gz
SOURCES/06-2d-07
SOURCES/06-4e-03
SOURCES/06-55-04
SOURCES/06-5e-03
SOURCES/microcode-20190918.tar.gz
SOURCES/microcode-20191115.tar.gz
SOURCES/microcode-20231009.tar.gz

8
.microcode_ctl.metadata
View File

@ -1 +1,7 @@
252f56e1e1e6dc491813cb649c5c83fe1ff1c122 SOURCES/microcode-20190514a.tar.gz
bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
bdbc8d6488cf197476253cb9bc50532cc76d91a1 SOURCES/microcode-20231009.tar.gz

378
SOURCES/0001-releasenote.md-eliminate-usage-of-U-0080.patch Normal file
View File

@ -0,0 +1,378 @@
From edd877bf8ae46763ed4ccd14e4fbaec726c95285 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 10 Aug 2023 15:20:03 +0200
Subject: [PATCH 01/10] releasenote.md: eliminate usage of U+0080
Its usage has been started in microcode-20230214 (and only in the "Updated
Platforms" section entries, not in the "New Platforms" one
(up to microcode-20230808) or section headers) and is quite baffling,
as it is visually indistinguishable from a space character (and this
patch is a testament to that), serves no discernible purpose,
but (poorly) thwarts attempts to programmatically parse and compare the release
notes, and pollutes any copy-pasted text.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 320 ++++++++++++++++++++++++++++-----------------------------
1 file changed, 160 insertions(+), 160 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index 41b96ab..7eb4707 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -28,62 +28,62 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| ADL-N          | A0       | 06-be-00/11 |          | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
-| RPL-H/P/PX 6+8 | J0       | 06-ba-02/e0 |          | 00004119 | Core Gen13
+| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
+| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| CML-U62 V2     | K1       | 06-a6-01/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| SKX-D          | H0       | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx
-| SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02007006 | Xeon Scalable
-| KBL-G/H/S/X/E3 | B0       | 06-9e-09/2a | 000000f2 | 000000f4 | Core Gen7; Xeon E3 v6
-| ADL            | L0       | 06-9a-03/80 | 0000042a | 0000042c | Core Gen12
-| ADL            | L0       | 06-9a-04/80 | 0000042a | 0000042c | Core Gen12
-| ICX-SP         | Dx/M1    | 06-6a-06/87 | 0d000390 | 0d0003a5 | Xeon Scalable Gen3
-| CML-S102       | Q0       | 06-a5-05/22 | 000000f6 | 000000f8 | Core Gen10
-| CFL-U43e       | D0       | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
-| KBL-R U        | Y0       | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
-| CFL-H          | R0       | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile
-| RKL-S          | B0       | 06-a7-01/02 | 00000058 | 00000059 | Core Gen11
-| ICL-U/Y        | D1       | 06-7e-05/80 | 000000ba | 000000bc | Core Gen10 Mobile
-| TGL-H          | R0       | 06-8d-01/c2 | 00000044 | 00000046 | Core Gen11 Mobile
-| SPR-SP         | E5/S3    | 06-8f-08/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP         | E4/S2    | 06-8f-07/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP         | E3       | 06-8f-06/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP         | E2       | 06-8f-05/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP         | E0       | 06-8f-04/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| CML-S62        | G1       | 06-a5-03/22 | 000000f6 | 000000f8 | Core Gen10
-| AML-Y22        | H0       | 06-8e-09/10 | 000000f0 | 000000f4 | Core Gen8 Mobile
-| RPL-S          | B0       | 06-b7-01/32 | 00000113 | 00000119 | Core Gen13
-| CML-U62 V1     | A0       | 06-a6-00/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| ADL-N          | A0       | 06-be-00/11 |          | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
-| CPX-SP         | A1       | 06-55-0b/bf | 07002601 | 07002703 | Xeon Scalable Gen3
-| CLX-SP         | B0       | 06-55-06/bf | 04003501 | 04003604 | Xeon Scalable Gen2
-| CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E
-| SPR-HBM        | Bx       | 06-8f-08/10 | 2c0001d1 | 2c000271 | Xeon Max
-| WHL-U          | W0       | 06-8e-0b/d0 | 000000f2 | 000000f4 | Core Gen8 Mobile
-| CLX-SP         | B1       | 06-55-07/bf | 05003501 | 05003604 | Xeon Scalable Gen2
-| CFL-S          | B0       | 06-9e-0b/02 | 000000f2 | 000000f4 | Core Gen8
-| TGL-R          | C0       | 06-8c-02/c2 | 0000002a | 0000002c | Core Gen11 Mobile
-| KBL-U/Y        | H0       | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
-| KBL-U23e       | J1       | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
-| AML-Y42        | V0       | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| CML-U42        | V0       | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| CML-Y42        | V0       | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| WHL-U          | V0       | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen8 Mobile
-| SKX-SP         | B1       | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable
-| CFL-H/S        | P0       | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9
-| CFL-S          | P0       | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9 Desktop
-| TGL            | B0/B1    | 06-8c-01/80 | 000000aa | 000000ac | Core Gen11 Mobile
-| ADL            | C0       | 06-97-02/07 | 0000002c | 0000002e | Core Gen12
-| ADL            | C0       | 06-97-05/07 | 0000002c | 0000002e | Core Gen12
-| ADL            | C0       | 06-bf-02/07 | 0000002c | 0000002e | Core Gen12
-| ADL            | C0       | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12
-| CML-H          | R1       | 06-a5-02/20 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| RPL-H/P/PX 6+8 | J0       | 06-ba-02/e0 |          | 00004119 | Core Gen13
-| RPL-U 2+8      | Q0       | 06-ba-03/e0 |          | 00004119 | Core Gen13
+| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| SKX-D | H0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx
+| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02007006 | Xeon Scalable
+| KBL-G/H/S/X/E3 | B0 | 06-9e-09/2a | 000000f2 | 000000f4 | Core Gen7; Xeon E3 v6
+| ADL | L0 | 06-9a-03/80 | 0000042a | 0000042c | Core Gen12
+| ADL | L0 | 06-9a-04/80 | 0000042a | 0000042c | Core Gen12
+| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000390 | 0d0003a5 | Xeon Scalable Gen3
+| CML-S102 | Q0 | 06-a5-05/22 | 000000f6 | 000000f8 | Core Gen10
+| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
+| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
+| CFL-H | R0 | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile
+| RKL-S | B0 | 06-a7-01/02 | 00000058 | 00000059 | Core Gen11
+| ICL-U/Y | D1 | 06-7e-05/80 | 000000ba | 000000bc | Core Gen10 Mobile
+| TGL-H | R0 | 06-8d-01/c2 | 00000044 | 00000046 | Core Gen11 Mobile
+| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E3 | 06-8f-06/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E2 | 06-8f-05/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E0 | 06-8f-04/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| CML-S62 | G1 | 06-a5-03/22 | 000000f6 | 000000f8 | Core Gen10
+| AML-Y22 | H0 | 06-8e-09/10 | 000000f0 | 000000f4 | Core Gen8 Mobile
+| RPL-S | B0 | 06-b7-01/32 | 00000113 | 00000119 | Core Gen13
+| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
+| CPX-SP | A1 | 06-55-0b/bf | 07002601 | 07002703 | Xeon Scalable Gen3
+| CLX-SP | B0 | 06-55-06/bf | 04003501 | 04003604 | Xeon Scalable Gen2
+| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E
+| SPR-HBM | Bx | 06-8f-08/10 | 2c0001d1 | 2c000271 | Xeon Max
+| WHL-U | W0 | 06-8e-0b/d0 | 000000f2 | 000000f4 | Core Gen8 Mobile
+| CLX-SP | B1 | 06-55-07/bf | 05003501 | 05003604 | Xeon Scalable Gen2
+| CFL-S | B0 | 06-9e-0b/02 | 000000f2 | 000000f4 | Core Gen8
+| TGL-R | C0 | 06-8c-02/c2 | 0000002a | 0000002c | Core Gen11 Mobile
+| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
+| KBL-U23e | J1 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
+| AML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CML-U42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| WHL-U | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen8 Mobile
+| SKX-SP | B1 | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable
+| CFL-H/S | P0 | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9
+| CFL-S | P0 | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9 Desktop
+| TGL | B0/B1 | 06-8c-01/80 | 000000aa | 000000ac | Core Gen11 Mobile
+| ADL | C0 | 06-97-02/07 | 0000002c | 0000002e | Core Gen12
+| ADL | C0 | 06-97-05/07 | 0000002c | 0000002e | Core Gen12
+| ADL | C0 | 06-bf-02/07 | 0000002c | 0000002e | Core Gen12
+| ADL | C0 | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12
+| CML-H | R1 | 06-a5-02/20 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
# Release Notes
@@ -120,51 +120,51 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| ADL            | L0       | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
-| ADL            | L0       | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
-| AML-Y22        | H0       | 06-8e-09/10 | 000000f0 | 000000f2 | Core Gen8 Mobile
-| AML-Y42        | V0       | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CFL-H          | R0       | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
-| CFL-H/S        | P0       | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
-| CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
-| CFL-S          | B0       | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
-| CFL-U43e       | D0       | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
-| CLX-SP         | B0       | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
-| CLX-SP         | B1       | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
-| CML-H          | R1       | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CML-S102       | Q0       | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
-| CML-S62        | G1       | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
-| CML-U62 V1     | A0       | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CML-U62 V2     | K1       | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CML-Y42        | V0       | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CPX-SP         | A1       | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
-| ICL-D          | B0       | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
-| ICL-U/Y        | D1       | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
-| ICX-SP         | D0       | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
-| KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
-| KBL-U/Y        | H0       | 06-8e-09/c0 | 000000f0 | 000000f2 | Core Gen7 Mobile
-| LKF            | B2/B3    | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
-| RKL-S          | B0       | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
-| RPL-H 6+8      | J0       | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
-| RPL-P 6+8      | J0       | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
-| RPL-S          | S0       | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
-| RPL-U 2+8      | Q0       | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
-| SKX-D          | H0       | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon D-21xx
-| SKX-SP         | B1       | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
-| SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon Scalable
-| SPR-HBM        | B3       | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
-| SPR-SP         | E0       | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E2       | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E3       | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E4       | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E5       | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | S2       | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | S3       | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| TGL            | B1       | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
-| TGL-H          | R0       | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
-| TGL-R          | C0       | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
-| WHL-U          | V0       | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
-| WHL-U          | W0       | 06-8e-0b/d0 | 000000f0 | 000000f2 | Core Gen8 Mobile
+| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
+| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
+| AML-Y22 | H0 | 06-8e-09/10 | 000000f0 | 000000f2 | Core Gen8 Mobile
+| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
+| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
+| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
+| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
+| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
+| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
+| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
+| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
+| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
+| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
+| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
+| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
+| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
+| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
+| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f0 | 000000f2 | Core Gen7 Mobile
+| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
+| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
+| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
+| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
+| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
+| SKX-D | H0 | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon D-21xx
+| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
+| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon Scalable
+| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
+| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
+| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
+| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
+| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
+| WHL-U | W0 | 06-8e-0b/d0 | 000000f0 | 000000f2 | Core Gen8 Mobile
# Release Notes
## [microcode-20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512)
@@ -186,51 +186,51 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| ADL            | L0       | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
-| ADL            | L0       | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
-| AML-Y22        | H0       | 06-8e-09/10 |          | 000000f2 | Core Gen8 Mobile
-| AML-Y42        | V0       | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CFL-H          | R0       | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
-| CFL-H/S        | P0       | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
-| CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
-| CFL-S          | B0       | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
-| CFL-U43e       | D0       | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
-| CLX-SP         | B0       | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
-| CLX-SP         | B1       | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
-| CML-H          | R1       | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CML-S102       | Q0       | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
-| CML-S62        | G1       | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
-| CML-U62 V1     | A0       | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CML-U62 V2     | K1       | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CML-Y42        | V0       | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
-| CPX-SP         | A1       | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
-| ICL-D          | B0       | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
-| ICL-U/Y        | D1       | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
-| ICX-SP         | D0       | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
-| KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
-| KBL-U/Y        | H0       | 06-8e-09/c0 |          | 000000f2 | Core Gen7 Mobile
-| LKF            | B2/B3    | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
-| RKL-S          | B0       | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
-| RPL-H 6+8      | J0       | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
-| RPL-P 6+8      | J0       | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
-| RPL-S          | S0       | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
-| RPL-U 2+8      | Q0       | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
-| SKX-D          | H0       | 06-55-04/b7 |          | 02006f05 | Xeon D-21xx
-| SKX-SP         | B1       | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
-| SKX-SP         | H0/M0/U0 | 06-55-04/b7 |          | 02006f05 | Xeon Scalable
-| SPR-HBM        | B3       | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
-| SPR-SP         | E0       | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E2       | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E3       | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E4       | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | E5       | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | S2       | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| SPR-SP         | S3       | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
-| TGL            | B1       | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
-| TGL-H          | R0       | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
-| TGL-R          | C0       | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
-| WHL-U          | V0       | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
-| WHL-U          | W0       | 06-8e-0b/d0 |          | 000000f2 | Core Gen8 Mobile
+| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
+| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
+| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
+| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
+| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
+| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
+| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
+| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
+| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
+| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
+| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
+| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
+| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
+| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
+| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
+| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
+| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
+| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
+| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
+| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
+| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
+| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
+| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
+| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
+| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
+| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
+| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
+| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
+| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
+| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
+| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
+| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
+| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
+| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
# Release Notes
@@ -259,25 +259,25 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| ADL            | C0       | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
-| ADL            | C0       | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
-| ADL            | C0       | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
-| ADL            | C0       | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
-| ADL            | L0       | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
-| ADL            | L0       | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
-| CLX-SP         | B0       | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
-| CLX-SP         | B1       | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
-| CPX-SP         | A1       | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
-| GLK            | B0       | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
-| GLK-R          | R0       | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
-| ICL-D          | B0       | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
-| ICL-U/Y        | D1       | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
-| ICX-SP         | D0       | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
-| JSL            | A0/A1    | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
-| LKF            | B2/B3    | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
-| RKL-S          | B0       | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
-| RPL-S          | S0       | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
-| SKX-SP         | B1       | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
+| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
+| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
+| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
+| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
+| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
+| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
+| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
+| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
+| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
+| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
+| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
+| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
+| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
+| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
+| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
+| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
+| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
+| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
+| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
# Release Notes
## [microcode-20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108)
--
2.13.6

65
SOURCES/0002-releasenote.md-eliminate-most-of-the-trailing-whites.patch Normal file
View File

@ -0,0 +1,65 @@
From 97c7581586c2d96a585dfd24a12a51ef7cb2a0be Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 10 Aug 2023 15:26:50 +0200
Subject: [PATCH 02/10] releasenote.md: eliminate most of the trailing
whitespace
The notes for the last two releases contain some trailing spaces
in random places that seemingly serve no particular purpose.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index 7eb4707..cfd5b27 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -12,9 +12,9 @@
- Update for functional issues. Refer to [11th Gen Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel® Core™ Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
-- Update for functional issues. Refer to [8th Generation Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
+- Update for functional issues. Refer to [8th Generation Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
-- Update for functional issues. Refer to [Intel® Processors and Intel® Core™ i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
+- Update for functional issues. Refer to [Intel® Processors and Intel® Core™ i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [4th Gen Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/772415) for details.
- Update for functional issues. Refer to [3rd Generation Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
@@ -28,8 +28,8 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
-| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
+| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
+| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
### Updated Platforms
@@ -82,7 +82,7 @@
| ADL | C0 | 06-bf-02/07 | 0000002c | 0000002e | Core Gen12
| ADL | C0 | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12
| CML-H | R1 | 06-a5-02/20 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
+| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
@@ -96,9 +96,9 @@
- Update for functional issues. Refer to [10th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel® Core™ Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
-- Update for functional issues. Refer to [8th Generation Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
+- Update for functional issues. Refer to [8th Generation Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
-- Update for functional issues. Refer to [Intel® Processors and Intel® Core™ i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
+- Update for functional issues. Refer to [Intel® Processors and Intel® Core™ i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [4th Gen Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/772415) for details.
- Update for functional issues. Refer to [3rd Generation Intel® Xeon® Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
--
2.13.6

69
SOURCES/0003-releasenote.md-remove-excess-Release-Notes-headers.patch Normal file
View File

@ -0,0 +1,69 @@
From 0e9a73d4b67fc47c651e81c4dd0c4705c9371a72 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 22 Aug 2023 19:50:43 +0200
Subject: [PATCH 03/10] releasenote.md: remove excess "Release Notes" headers
Starting with microcode-20220809, the first-level "Release Notes" header
is duplicated for unknown reason; remove it, as it does not make sense
to have it multiple times in the middle of the document, consider the
fact that first-level header is usually reserved for the document name
(and it seems that it indeed bears that role).
* releasenote.md: Remove all "Release Notes" headers after the first
one.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index cfd5b27..492d1d4 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -86,7 +86,6 @@
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
-# Release Notes
## [microcode-20230512-rev2](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512-rev2)
### Purpose
@@ -166,7 +165,7 @@
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f0 | 000000f2 | Core Gen8 Mobile
-# Release Notes
+
## [microcode-20230512](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512)
### Functional Updates
@@ -233,7 +232,6 @@
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
-# Release Notes
## [microcode-20230214](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214)
### Purpose
@@ -279,7 +277,7 @@
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
-# Release Notes
+
## [microcode-20221108](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20221108)
### Purpose
@@ -328,7 +326,7 @@
None
-# Release Notes
+
## [microcode-20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809)
### Purpose
--
2.13.6

124
SOURCES/0004-releasenote.md-sort-the-entries-of-the-20230808-rele.patch Normal file
View File

@ -0,0 +1,124 @@
From 09c8119459498cda1e3cfda77d320f6aab1a5919 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 10 Aug 2023 18:37:21 +0200
Subject: [PATCH 04/10] releasenote.md: sort the entries of the 20230808
release lexicographically
microcode-20230214 seemingly (but not fully; the "New Platforms" section
still have used the old sorting order) have switched the entries order
from sorting on the FF-MM-SS/PI field to sorting on the Codename field
(which is arguably significantly less useful and much more confusing,
especially in cases of CPUIDs spanning several code names,
such as 06-8e-0[9ac]). However, it is impossible to devise the sorting
order of the entries in the microcode-20230808 changelog table, which
makes it even more difficult to navigate, so this patch just changes it
to the lastly used one.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 80 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 40 insertions(+), 40 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index 492d1d4..c43469f 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -35,55 +35,55 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
-| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| SKX-D | H0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx
-| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02007006 | Xeon Scalable
-| KBL-G/H/S/X/E3 | B0 | 06-9e-09/2a | 000000f2 | 000000f4 | Core Gen7; Xeon E3 v6
+| ADL | C0 | 06-97-02/07 | 0000002c | 0000002e | Core Gen12
+| ADL | C0 | 06-97-05/07 | 0000002c | 0000002e | Core Gen12
+| ADL | C0 | 06-bf-02/07 | 0000002c | 0000002e | Core Gen12
+| ADL | C0 | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000042a | 0000042c | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000042a | 0000042c | Core Gen12
-| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000390 | 0d0003a5 | Xeon Scalable Gen3
-| CML-S102 | Q0 | 06-a5-05/22 | 000000f6 | 000000f8 | Core Gen10
-| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
-| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
-| CFL-H | R0 | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile
-| RKL-S | B0 | 06-a7-01/02 | 00000058 | 00000059 | Core Gen11
-| ICL-U/Y | D1 | 06-7e-05/80 | 000000ba | 000000bc | Core Gen10 Mobile
-| TGL-H | R0 | 06-8d-01/c2 | 00000044 | 00000046 | Core Gen11 Mobile
-| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP | E3 | 06-8f-06/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP | E2 | 06-8f-05/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| SPR-SP | E0 | 06-8f-04/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
-| CML-S62 | G1 | 06-a5-03/22 | 000000f6 | 000000f8 | Core Gen10
-| AML-Y22 | H0 | 06-8e-09/10 | 000000f0 | 000000f4 | Core Gen8 Mobile
-| RPL-S | B0 | 06-b7-01/32 | 00000113 | 00000119 | Core Gen13
-| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
-| CPX-SP | A1 | 06-55-0b/bf | 07002601 | 07002703 | Xeon Scalable Gen3
-| CLX-SP | B0 | 06-55-06/bf | 04003501 | 04003604 | Xeon Scalable Gen2
-| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E
-| SPR-HBM | Bx | 06-8f-08/10 | 2c0001d1 | 2c000271 | Xeon Max
-| WHL-U | W0 | 06-8e-0b/d0 | 000000f2 | 000000f4 | Core Gen8 Mobile
-| CLX-SP | B1 | 06-55-07/bf | 05003501 | 05003604 | Xeon Scalable Gen2
-| CFL-S | B0 | 06-9e-0b/02 | 000000f2 | 000000f4 | Core Gen8
-| TGL-R | C0 | 06-8c-02/c2 | 0000002a | 0000002c | Core Gen11 Mobile
-| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
-| KBL-U23e | J1 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
+| AML-Y22 | H0 | 06-8e-09/10 | 000000f0 | 000000f4 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| CML-U42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| CML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
-| WHL-U | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen8 Mobile
-| SKX-SP | B1 | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable
+| CFL-H | R0 | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile
+| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9
+| CFL-S | B0 | 06-9e-0b/02 | 000000f2 | 000000f4 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9 Desktop
-| TGL | B0/B1 | 06-8c-01/80 | 000000aa | 000000ac | Core Gen11 Mobile
-| ADL | C0 | 06-97-02/07 | 0000002c | 0000002e | Core Gen12
-| ADL | C0 | 06-97-05/07 | 0000002c | 0000002e | Core Gen12
-| ADL | C0 | 06-bf-02/07 | 0000002c | 0000002e | Core Gen12
-| ADL | C0 | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12
+| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
+| CLX-SP | B0 | 06-55-06/bf | 04003501 | 04003604 | Xeon Scalable Gen2
+| CLX-SP | B1 | 06-55-07/bf | 05003501 | 05003604 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CML-S102 | Q0 | 06-a5-05/22 | 000000f6 | 000000f8 | Core Gen10
+| CML-S62 | G1 | 06-a5-03/22 | 000000f6 | 000000f8 | Core Gen10
+| CML-U42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
+| CPX-SP | A1 | 06-55-0b/bf | 07002601 | 07002703 | Xeon Scalable Gen3
+| ICL-U/Y | D1 | 06-7e-05/80 | 000000ba | 000000bc | Core Gen10 Mobile
+| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000390 | 0d0003a5 | Xeon Scalable Gen3
+| KBL-G/H/S/X/E3 | B0 | 06-9e-09/2a | 000000f2 | 000000f4 | Core Gen7; Xeon E3 v6
+| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
+| KBL-U23e | J1 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
+| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
+| RKL-S | B0 | 06-a7-01/02 | 00000058 | 00000059 | Core Gen11
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
+| RPL-S | B0 | 06-b7-01/32 | 00000113 | 00000119 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
+| SKX-D | H0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx
+| SKX-SP | B1 | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable
+| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02007006 | Xeon Scalable
+| SPR-HBM | Bx | 06-8f-08/10 | 2c0001d1 | 2c000271 | Xeon Max
+| SPR-SP | E0 | 06-8f-04/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E2 | 06-8f-05/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E3 | 06-8f-06/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
+| TGL | B0/B1 | 06-8c-01/80 | 000000aa | 000000ac | Core Gen11 Mobile
+| TGL-H | R0 | 06-8d-01/c2 | 00000044 | 00000046 | Core Gen11 Mobile
+| TGL-R | C0 | 06-8c-02/c2 | 0000002a | 0000002c | Core Gen11 Mobile
+| WHL-U | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen8 Mobile
+| WHL-U | W0 | 06-8e-0b/d0 | 000000f2 | 000000f4 | Core Gen8 Mobile
## [microcode-20230512-rev2](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230512-rev2)
--
2.13.6

99
SOURCES/0005-releasenote.md-fix-incorrect-platform-mask-for-RPL-H.patch Normal file
View File

@ -0,0 +1,99 @@
From 437827acd9e8b7ce9b989614e32ea798cdb0b6d8 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 10 Aug 2023 18:48:58 +0200
Subject: [PATCH 05/10] releasenote.md: fix incorrect platform mask for
RPL-H/P/U
microcode-20230214, microcode-20230512, and microcode-20230512-rev2
release notes state that the platform mask for CPUIDs with FF-MM-SS
06-ba-02 and 06-ba-03 is 0x07, but it is, in fact, 0xc0:
$ iucode_tool -L microcode-20230{214,512,512-rev2}/intel-ucode/06-ba-0[23]
microcode bundle 1: microcode-20230214/intel-ucode/06-ba-02
001/001: sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
microcode bundle 2: microcode-20230214/intel-ucode/06-ba-03
002/001: sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
microcode bundle 3: microcode-20230512/intel-ucode/06-ba-02
003/001: sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112
sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
microcode bundle 4: microcode-20230512/intel-ucode/06-ba-03
004/001: sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112
sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
microcode bundle 5: microcode-20230512-rev2/intel-ucode/06-ba-02
005/001: sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112
sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
microcode bundle 6: microcode-20230512-rev2/intel-ucode/06-ba-03
006/001: sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112
sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
Also, fix incorrect RPL-U stepping in the microcode-20230214 table.
* releasenote.md (microcode-20230214, microcode-20230512,
microcode-20230512-rev2) <RPL-H 6+8, RPL-P 6+8>: Change the F-M-S field
from 06-ba-02/07 to 06-ba-02/c0.
(microcode-20230214) <RPL-U 2+8>: Change the F-M-S field from 06-ba-02/07
to 06-ba-03/c0.
(microcode-20230512, microcode-20230512-rev2) <RPL-U 2+8>: Change the F-M-S
field from 06-ba-03/07 to 06-ba-03/c0.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index c43469f..a29889e 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -144,10 +144,10 @@
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f0 | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
-| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
-| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
+| RPL-H 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
+| RPL-P 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
-| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/c0 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon Scalable
@@ -210,10 +210,10 @@
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
-| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
-| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
+| RPL-H 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
+| RPL-P 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
-| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/c0 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
@@ -249,9 +249,9 @@
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
-| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
-| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
-| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
+| RPL-P 6+8 | J0 | 06-ba-02/c0 | | 0000410e | Core Gen13
+| RPL-H 6+8 | J0 | 06-ba-02/c0 | | 0000410e | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/c0 | | 0000410e | Core Gen13
### Updated Platforms
--
2.13.6

66
SOURCES/0006-releasenote.md-fix-stepping-for-RPL-S.patch Normal file
View File

@ -0,0 +1,66 @@
From b823500f3390339ac3b75f7b65b2ceca097b5f2e Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Thu, 10 Aug 2023 18:49:54 +0200
Subject: [PATCH 06/10] releasenote.md: fix stepping for RPL-S
microcode-20221108, microcode-20230214, microcode-20230512,
and microcode-20230512-rev2 release notes (incorrectly) state RPL-S
(06-b7-01/32) stepping as S0, while microcode-20230808 release notes
state it as B0, and [1] confirms the correctness of the latter.
[1] "13th Generation Intel Core Processors. Datasheet, Volume 1 of 2"
Rev. 005, February 2023, section 15.0 "CPU And Device IDs"
https://cdrdv2-public.intel.com/743844/743844-005.pdf
* releasenote.md (microcode-20221108, microcode-20230214,
microcode-20230512, microcode-20230512-rev2) <RPL-S>: Change
the stepping field value from "S0" to "B0".
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index a29889e..3e0e786 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -146,7 +146,7 @@
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
-| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
+| RPL-S | B0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/c0 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | 02006e05 | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
@@ -212,7 +212,7 @@
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/c0 | 0000410e | 00004112 | Core Gen13
-| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
+| RPL-S | B0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/c0 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
@@ -274,7 +274,7 @@
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
-| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
+| RPL-S | B0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
@@ -295,7 +295,7 @@
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | | 01000201 | Xeon D-17xx, D-27xx
-| RPL-S | S0 | 06-b7-01/32 | | 0000010e | Core Gen13
+| RPL-S | B0 | 06-b7-01/32 | | 0000010e | Core Gen13
### Updated Platforms
--
2.13.6

39
SOURCES/0007-releasenote.md-add-missing-06-ba-03-e0-to-the-new-mi.patch Normal file
View File

@ -0,0 +1,39 @@
From f1efbc4f0c75b61a3bba15267471ed305732786b Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 22 Aug 2023 16:48:54 +0200
Subject: [PATCH 07/10] releasenote.md: add missing 06-ba-03/e0 to the new
microcode section
microcode-20230808 release notes for CPUIDs 06-ba-02/e0 (RPL-H/P/PX 6+8),
06-ba-03/e0 (RPL-U 2+8), and 06-be-00/11 (ADL-N) are peculiar in a way
that these CPUIDs have their PF mask values changed (from 06-ba-02/c0,
06-ba-03/c0, and 06-be-00/01, respectively). Since 06-ba-02/e0 and
06-be-00/11 are listed both in "New Platforms" and "Updated Platforms"
sections (which makes some sense, as it is both addition of the platform
0x10 and update for the rest of the platforms), it is natural to assume
that this is done this way on purpose, and that 06-ba-03/e0 of these three
is accidentally missing from the "New Platforms" section.
* releasenote.md (microcode-20230808) <New Platforms>: Add 06-ba-03/e0
(RPL-U 2+8) entry.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/releasenote.md b/releasenote.md
index 3e0e786..e86759f 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -30,6 +30,7 @@
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
### Updated Platforms
--
2.13.6

32
SOURCES/0008-releasenote.md-remove-the-duplicating-06-9e-0c-22-re.patch Normal file
View File

@ -0,0 +1,32 @@
From 3f06b21b53c2691480c8cc4ba190798c8b2e7dc5 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 22 Aug 2023 17:34:43 +0200
Subject: [PATCH 08/10] releasenote.md: remove the duplicating 06-9e-0c/22
record
CFL-S stepping P0 (06-9e-0c/22) is already listed as "CFL-H/S"
and it has not been listed in the notes to the previous releases
separately.
* releasenote.md (microcode-20230808) <CFL-S P0>: Remove.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/releasenote.md b/releasenote.md
index e86759f..5847f3c 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -49,7 +49,6 @@
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9
| CFL-S | B0 | 06-9e-0b/02 | 000000f2 | 000000f4 | Core Gen8
-| CFL-S | P0 | 06-9e-0c/22 | 000000f2 | 000000f4 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f2 | 000000f4 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003501 | 04003604 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003501 | 05003604 | Xeon Scalable Gen2
--
2.13.6

45
SOURCES/0009-releasenote.md-fix-old-revisions-for-06-8e-09-10-and.patch Normal file
View File

@ -0,0 +1,45 @@
From e90cdb8604f11a3096c58bce0e727200eb6cec3e Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 22 Aug 2023 17:36:23 +0200
Subject: [PATCH 09/10] releasenote.md: fix old revisions for 06-8e-09/10 and
06-55-04/b7 entries
The values provided are from the microcode-20230214 release, even though
they have been updated in microcode-20230512. Curiously, only one
entry of two with CPUID of 06-55-04/b7 has manifested this mistake.
* releasenote.md (microcode-20230808) <AML-Y22 H0>: Change the "Old Ver"
field from 000000f0 to 000000f2.
(microcode-20230808) <SKX-SP H0/M0/U0>: Change the "Old Ver" field
from 02006e05 to 02006f05.
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index 5847f3c..399d76b 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -43,7 +43,7 @@
| ADL | L0 | 06-9a-03/80 | 0000042a | 0000042c | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000042a | 0000042c | Core Gen12
| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
-| AML-Y22 | H0 | 06-8e-09/10 | 000000f0 | 000000f4 | Core Gen8 Mobile
+| AML-Y22 | H0 | 06-8e-09/10 | 000000f2 | 000000f4 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f2 | 000000f4 | Core Gen8 Desktop, Mobile, Xeon E
@@ -72,7 +72,7 @@
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable
-| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006e05 | 02007006 | Xeon Scalable
+| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon Scalable
| SPR-HBM | Bx | 06-8f-08/10 | 2c0001d1 | 2c000271 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000461 | 2b0004b1 | Xeon Scalable Gen4
--
2.13.6

54
SOURCES/0010-releasenote.md-add-old-revisions-for-06-be-00-11-06-.patch Normal file
View File

@ -0,0 +1,54 @@
From f417c9e579a324ed336c4cf98eba944907955421 Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Tue, 22 Aug 2023 17:38:34 +0200
Subject: [PATCH 10/10] releasenote.md: add old revisions for 06-be-00/11,
06-ba-02/e0, and 06-ba-03/e0
As has been mentioned already in commit "releasenote.md: add missing
06-ba-03/e0 to the new microcode section", platforms with CPUIDs 06-be-00,
06-ba-02, and 06-ba-03 have their platform mask changed and thusly listed
in both "New Platforms" and "Updated Platforms" sections
of microcode-20230808 release notes. It is, however, puzzling to have
the "Old Ver" field of these entries empty in the "Updated Platforms"
section, so it seemingly make sense to populate it with the previous
microcode versions for the existing platforms.
* releasenote.md (microcode-20230808) <Updated Platforms>: Provide
00000010 as the "Old Ver" field value for ADL-N A0 (06-be-00/11,
nee 06-be-00/01); provide 00004112 as the "Old Ver" field value
for RPL-H/P/PX 6+8 J0 (06-ba-02/e0, nee 06-ba-02/c0) and RPL-U 2+8 Q0
(06-ba-03/e0, nee 06-ba-03/c0).
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/releasenote.md b/releasenote.md
index 399d76b..429105c 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -42,7 +42,7 @@
| ADL | C0 | 06-bf-05/07 | 0000002c | 0000002e | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000042a | 0000042c | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000042a | 0000042c | Core Gen12
-| ADL-N | A0 | 06-be-00/11 | | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
+| ADL-N | A0 | 06-be-00/11 | 00000010 | 00000011 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y22 | H0 | 06-8e-09/10 | 000000f2 | 000000f4 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f6 | 000000f8 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f8 | 000000fa | Core Gen9 Mobile
@@ -67,9 +67,9 @@
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f2 | 000000f4 | Core Gen7 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000058 | 00000059 | Core Gen11
-| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | | 00004119 | Core Gen13
+| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004112 | 00004119 | Core Gen13
| RPL-S | B0 | 06-b7-01/32 | 00000113 | 00000119 | Core Gen13
-| RPL-U 2+8 | Q0 | 06-ba-03/e0 | | 00004119 | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004112 | 00004119 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000171 | 01000181 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006f05 | 02007006 | Xeon Scalable
--
2.13.6

62
SOURCES/0011-releasenote.md-add-stub-release-notes-for-microcode-.patch Normal file
View File

@ -0,0 +1,62 @@
From f8d6bf8bd8f9ca011c9e0703ece03b2a128b263a Mon Sep 17 00:00:00 2001
From: Eugene Syromiatnikov <esyr@redhat.com>
Date: Mon, 6 Nov 2023 12:59:23 +0100
Subject: [PATCH] releasenote.md: add stub release notes for microcode-20231009
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
releasenote.md | 40 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/releasenote.md b/releasenote.md
index 429105c..050cfb4 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -1,4 +1,44 @@
# Release Notes
+## microcode-20231009
+
+### Purpose
+
+- Security updates for [INTEL-SA-00950](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html)
+
+- Update for functional issues.
+
+### New Platforms
+
+### Updated Platforms
+
+| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
+|:---------------|:---------|:------------|:---------|:---------|:---------
+| ADL | C0 | 06-97-02/07 | 0000002e | 00000032 | Core Gen12
+| ADL | C0 | 06-97-05/07 | 0000002e | 00000032 | Core Gen12
+| ADL | C0 | 06-bf-02/07 | 0000002e | 00000032 | Core Gen12
+| ADL | C0 | 06-bf-05/07 | 0000002e | 00000032 | Core Gen12
+| ADL | L0 | 06-9a-03/80 | 0000042c | 00000430 | Core Gen12
+| ADL | L0 | 06-9a-04/80 | 0000042c | 00000430 | Core Gen12
+| ADL-N | A0 | 06-be-00/11 | 00000011 | 00000012 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
+| AZB | A0 | 06-9a-04/40 | 00000004 | 00000005 | Intel(R) Atom(R) C1100
+| ICL-D | B0 | 06-6c-01/10 | 01000230 | 01000268 | Xeon D-17xx, D-27xx
+| ICL-U/Y | D1 | 06-7e-05/80 | 000000bc | 000000c2 | Core Gen10 Mobile
+| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003a5 | 0d0003b9 | Xeon Scalable Gen3
+| RKL-S | B0 | 06-a7-01/02 | 00000059 | 0000005d | Core Gen11
+| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004119 | 0000411c | Core Gen13
+| RPL-S | B0 | 06-b7-01/32 | 00000119 | 0000011d | Core Gen13
+| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004119 | 0000411c | Core Gen13
+| SPR-HBM | B1 | 06-8f-05/10 | 2c000271 | 2c000290 | Xeon Max
+| SPR-HBM | B3 | 06-8f-08/10 | 2c000271 | 2c000290 | Xeon Max
+| SPR-SP | E2 | 06-8f-05/87 | 2b0004b1 | 2b0004d0 | Xeon Scalable Gen4
+| SPR-SP | E3 | 06-8f-06/87 | 2b0004b1 | 2b0004d0 | Xeon Scalable Gen4
+| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0004b1 | 2b0004d0 | Xeon Scalable Gen4
+| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0004b1 | 2b0004d0 | Xeon Scalable Gen4
+| TGL | B0/B1 | 06-8c-01/80 | 000000ac | 000000b4 | Core Gen11 Mobile
+| TGL-H | R0 | 06-8d-01/c2 | 00000046 | 0000004e | Core Gen11 Mobile
+| TGL-R | C0 | 06-8c-02/c2 | 0000002c | 00000034 | Core Gen11 Mobile
+
+
## [microcode-20230808](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808)
### Purpose
--
2.13.6

3
SOURCES/06-2d-07_config Normal file
View File

@ -0,0 +1,3 @@
model GenuineIntel 06-2d-07
path intel-ucode/06-2d-07
dependency required intel

4
SOURCES/06-2d-07_disclaimer Normal file
View File

@ -0,0 +1,4 @@
MDS-related microcode update for Intel Sandy Bridge-EP (family 6, model 45,
stepping 7; CPUID 0x206d7) CPUs is disabled.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-2d-07_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

58
SOURCES/06-2d-07_readme Normal file
View File

@ -0,0 +1,58 @@
Intel Sandy Bridge-E/EN/EP CPU models (SNB-EP, family 6, model 45, stepping 7)
had issues with MDS-related microcode update that may lead to a system hang
after a microcode update[1][2]. In order to address this, microcode update
to the MDS-related revision 0x718 had been disabled, and the previously
published microcode revision 0x714 is used by default for the OS-driven
microcode update. The revision 0x71a of the microcode is intended to fix
the aforementioned issue, hence it is enabled by default (but can be disabled
explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
[2] https://access.redhat.com/solutions/4593951
For the reference, SHA1 checksums of 06-2d-07 microcode files containing
microcode revisions in question are listed below:
* 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430
* 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d
* 06-2d-07, revision 0x71a: 4512c8149e63e5ed15f45005d7fb5be0041f66f6
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create file "disallow-intel-06-2d-07" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
where microcode will be available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated and the microcode can be loaded early, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-2d-07
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To avoid addition of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

4
SOURCES/06-4e-03_config Normal file
View File

@ -0,0 +1,4 @@
model GenuineIntel 06-4e-03
path intel-ucode/06-4e-03
dependency required intel
disable early late

5
SOURCES/06-4e-03_disclaimer Normal file
View File

@ -0,0 +1,5 @@
Microcode revisions 0xda and higher for Intel Skylake-U/Y (family 6,
model 78, stepping 3; CPUID 0x406e3) are disabled as they may cause system
instability; the previously published revision 0xd6 is used instead.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

90
SOURCES/06-4e-03_readme Normal file
View File

@ -0,0 +1,90 @@
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
have reports of system hangs when revision 0xdc of microcode, that is included
since microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
and CVE-2020-0549, is applied[1]. In order to address this, microcode update
to the newer revision has been disabled by default on these systems,
and the previously published microcode revision 0xd6 is used by default
for the OS-driven microcode update.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
For the reference, SHA1 checksums of 06-4e-03 microcode files containing
microcode revisions in question are listed below:
* 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
* 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55
* 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729
* 06-4e-03, revision 0xf0: 37475bac70457ba8df2c1a32bba81bd7bd27d5e8
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
The information regarding enforcing microcode update is provided below.
To enforce usage of the latest 06-4e-03 microcode revision for a specific kernel
version, please create a file "force-intel-06-4e-03" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
where microcode will be available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated and the microcode can be loaded early, for example:
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-4e-03
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
After that, it is possible to perform a late microcode update by executing
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
"/sys/devices/system/cpu/microcode/reload" directly.
To enforce addition of this microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03", run
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
and "dracut -f --regenerate-all" for enabling early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

8
SOURCES/06-4f-01_config
View File

@ -11,11 +11,5 @@ kernel 2.6.32-573.58.1
kernel 2.6.32-504.71.1
kernel 2.6.32-431.90.1
kernel 2.6.32-358.90.1
kernel_early 4.10.0
kernel_early 3.10.0-930
kernel_early 3.10.0-862.14.1
kernel_early 3.10.0-693.38.1
kernel_early 3.10.0-514.57.1
kernel_early 3.10.0-327.73.1
mc_min_ver_late 0xb000019
dependency required intel skip=success match-model-mode=off
disable early late

4
SOURCES/06-4f-01_disclaimer Normal file
View File

@ -0,0 +1,4 @@
Microcode update for Intel Broadwell-EP/EX (BDX-ML B/M/R0; family 6, model 79,
stepping 1; CPUID 0x406f1) CPUs is disabled as it may cause system instability.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

9
SOURCES/06-4f-01_readme
View File

@ -28,6 +28,11 @@ to the following knowledge base articles:
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
The information regarding enforcing microcode load is provided below.
@ -49,6 +54,7 @@ kernels, please create a file
"/etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01"
and run "/usr/libexec/microcode_ctl/update_ucode":
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01
/usr/libexec/microcode_ctl/update_ucode
@ -64,10 +70,11 @@ For enforcing early load of this microcode for all kernels, please
create a file "/etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01"
and run dracut -f --regenerate-all:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01
dracut -f --regenerate-all
If you want avoid removal of the microcode file during cleanup performed by
If you want to avoid removal of the microcode file during cleanup performed by
/usr/libexec/microcode_ctl/update_ucode, please remove the corresponding readme
file (/lib/firmware/<kernel_version>/readme-intel-06-4f-01).

12
SOURCES/06-55-04_config Normal file
View File

@ -0,0 +1,12 @@
model GenuineIntel 06-55-04
path intel-ucode/06-55-04
## Bug https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
## affects only SKX-W/X (Workstation and HEDT segments); product segment
## can be determined by checking bits 5..3 of the CAPID0 field in PCU registers
## device (see https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
## for Server/FPGA/Fabric segments description; for SKX-W/X no public
## documentation seems to be available). Specific device/function numbers
## are provided for speeding up the search only, VID:DID is the real selector.
## Commented out since revision 0x2006906 seems to fix the issue.
#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
dependency required intel

5
SOURCES/06-55-04_disclaimer Normal file
View File

@ -0,0 +1,5 @@
Microcode revisions 0x2000065 and higher for Intel Skylake-X/W (family 6,
model 85, stepping 4; CPUID 0x50654) were disabled as they could cause system
hangs on reboot, so the previous revision 0x2000064 was used instead.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-04_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

99
SOURCES/06-55-04_readme Normal file
View File

@ -0,0 +1,99 @@
Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
of system hangs on reboot when revision 0x2000065 of microcode, that was included
from microcode-20191112 update up to microcode-20200520 update, was applied[1].
In order to address this, microcode update to the newer revision had been
disabled by default on these systems, and the previously published microcode
revision 0x2000064 is used by default for the OS-driven microcode update.
Since revision 0x2006906 (included with the microcode-20200609 release)
it is reported that the issue is no longer present, so the newer microcode
revision is enabled by default now (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
For the reference, SHA1 checksums of 06-55-04 microcode files containing
microcode revisions in question are listed below:
* 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
* 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
* 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f
* 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e
* 06-55-04, revision 0x2006f05: c47277a6a47caedb518f311ce5d339528a8347e2
* 06-55-04, revision 0x2007006: 68ae0f321685ff97b50266bc20818f31563fc67c
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
CVE-2022-21136 (Overclocking service access protection),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
* CVE-2022-21233 (Stale Data Read from legacy xAPIC):
https://access.redhat.com/articles/6976398
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create a file "disallow-intel-06-55-04" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To disable usage of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

3
SOURCES/06-5e-03_config Normal file
View File

@ -0,0 +1,3 @@
model GenuineIntel 06-5e-03
path intel-ucode/06-5e-03
dependency required intel

5
SOURCES/06-5e-03_disclaimer Normal file
View File

@ -0,0 +1,5 @@
Microcode revisions 0xda and higher for Intel Skylake-H/S/Xeon E3 v5 (family 6,
model 94, stepping 3; CPUID 0x506e3) are disabled as they may cause system
instability; the previously published revision 0xd6 is used instead.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-5e-03_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

89
SOURCES/06-5e-03_readme Normal file
View File

@ -0,0 +1,89 @@
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
stepping 3) had reports of possible system hangs when revision 0xdc
of microcode, that is included in microcode-20200609 update to address
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order
to address this, microcode updates to the newer revision had been disabled
by default on these systems, and the previously published microcode revision
0xd6 was used by default for the OS-driven microcode update. The revision
0xea seems[2] to have fixed the aforementioned issue, hence it is enabled
by default (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
microcode revisions in question are listed below:
* 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
* 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8
* 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01
* 06-5e-03, revision 0xf0: 0683706bbbf470abbdad4b9923aa9647bfec9616
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To prevent usage of the latest 06-5e-03 microcode revision for a specific kernel
version, please create a file "disallow-intel-06-5e-03" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to remove it to firmware directory
where microcode is available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-5e-03
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To avoid addition of the latest microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

3
SOURCES/06-8c-01_config Normal file
View File

@ -0,0 +1,3 @@
model GenuineIntel 06-8c-01
path intel-ucode/06-8c-01
dependency required intel skip=success match-model-mode=off

4
SOURCES/06-8c-01_disclaimer Normal file
View File

@ -0,0 +1,4 @@
Microcode updates for Intel Tiger Lake-UP3/UP4 (family 6, model 140, stepping 1;
CPUID 0x806c1) are disabled as they may cause system instability.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-8c-01_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

64
SOURCES/06-8c-01_readme Normal file
View File

@ -0,0 +1,64 @@
Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
had reports of system hangs when a microcode update, that was included
since microcode-20201110 update, was applied[1]. In order to address this,
microcode update had been disabled by default on these systems. The revision
0x88 seems to have fixed the aforementioned issue, hence it is enabled
by default (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
For the reference, SHA1 checksums of 06-8c-01 microcode files containing
microcode revisions in question are listed below:
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
* 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
* 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f
* 06-8c-01, revision 0xa6: fdcf89e3a15a20df8aeee215b78bf5d13d731044
* 06-8c-01, revision 0xaa: cf84883f6b3184690c25ccade0b10fa839ac8657
* 06-8c-01, revision 0xac: b9f342e564a0be372ed1f4709263bf811feb022a
* 06-8c-01, revision 0xb4: 6596bb8696cde85538bb833d090f0b7a42d6ae14
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
https://access.redhat.com/articles/6716541
* CVE-2022-21123 (Shared Buffers Data Read):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To disable 06-8c-01 microcode updates for a specific kernel
version, please create a file "disallow-intel-06-8c-01" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
directory where microcode is available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To avoid addition of this microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

5
SOURCES/06-8e-9e-0x-0xca_config Normal file
View File

@ -0,0 +1,5 @@
path intel-ucode/*
vendor GenuineIntel
dmi mode=fail-equal key=bios_vendor val="Dell Inc."
dependency required intel
disable early late

0
SOURCES/06-8e-9e-0x-0xca_disclaimer Normal file
View File

204
SOURCES/06-8e-9e-0x-0xca_readme Normal file
View File

@ -0,0 +1,204 @@
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
and system instability during or after microcode update to revision 0xc6/0xca
(included as part of microcode-20191113/microcode-20191115 update that addressed
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
and/or revision 0xd6 (included as part of microcode-20200609 update
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
revision has been disabled by default on these systems, and the previously
published microcode revisions 0xae/0xb4/0xb8 are used by default
for the OS-driven microcode update.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
This caveat contains revision 0xca of 06-[89]e-0x microcode publicly released
by Intel; for the latest revision of the microcode files, please refer to caveat
06-8e-9e-0x-dell.
For the reference, microarchitectures of the affected CPU models:
* Amber Lake-Y
* Kaby Lake-G/H/S/U/Y/Xeon E3
* Coffee Lake-H/S/U/Xeon E
* Comet Lake-U 4+2
* Whiskey Lake-U
Family names of the affected CPU models:
* 7th Generation Intel® Core™ Processor Family
* 8th Generation Intel® Core™ Processor Family
* 9th Generation Intel® Core™ Processor Family
* 10th Generation Intel® Core™ Processor Family (selected models)
* Intel® Celeron® Processor G Series
* Intel® Celeron® Processor 5000 Series
* Intel® Core™ X-series Processors (i7-7740X, i5-7640X only)
* Intel® Pentium® Gold Processor Series
* Intel® Pentium® Processor Series (selected models)
* Intel® Xeon® Processor E Family
* Intel® Xeon® Processor E3 v6 Family
SHA1 checksums of the microcode files containing microcode revisions
in question:
* 06-8e-09, revision 0xb4: e253c95c29c3eef6576db851dfa069d82a91256f
* 06-8e-0a, revision 0xb4: 45bcba494be07df9eeccff9627578095a97fba4d
* 06-8e-0b, revision 0xb8: 3e54bf91d642ad81ff07fe274d0cfb5d10d09c43
* 06-8e-0c, revision 0xb8: bf635c87177d6dc4e067ec11e1caeb19d3c325f0
* 06-9e-09, revision 0xb4: 42f68eec4ddb79dd6be0c95c4ce60e514e4504b1
* 06-9e-0a, revision 0xb4: 37c7cb394dd36610b57943578343723da67d50f0
* 06-9e-0b, revision 0xb4: b5399109d0a5ce8f5fb623ff942da0322b438b95
* 06-9e-0c, revision 0xae: 131bce89e4d210de8322ffbc6bd787f1af66a7df
* 06-9e-0d, revision 0xb8: 22511b007d1df55558d115abb13a1c23ea398317
* 06-8e-09, revision 0xca: 9afa1bae40995207afef13247f114be042d88083
* 06-8e-0a, revision 0xca: 1d90291cc25e17dc6c36c764cf8c06b41fed4c16
* 06-8e-0b, revision 0xca: 3fb1246a6594eff5e2c2076c63c600d734f10777
* 06-8e-0c, revision 0xca: e871540671f59b4fa5d0d454798f09a4d412aace
* 06-9e-09, revision 0xca: b5eed11108ab7ac1e675fe75d0e7454a400ddd35
* 06-9e-0a, revision 0xca: e472304aaa2f3815a32822cb111ab3f43bf3dfe4
* 06-9e-0b, revision 0xca: 78f47c5162da680878ed057dc7c853f9737c524b
* 06-9e-0c, revision 0xca: f23848a009928796a153cb9e8f44522136969408
* 06-9e-0d, revision 0xca: c7a3d469469ee828ba9faf91b67af881fceec3b7
* 06-8e-09, revision 0xd6: 2272c621768437d20e602207752201e0966e5a8c
* 06-8e-0a, revision 0xd6: 0b145afb88e028e612f04c2a86385e7d7c3fefc4
* 06-8e-0b, revision 0xd6: c3831b05da83be54f3acc451a1bce90f75e2e9e5
* 06-8e-0c, revision 0xd6: 4b8938a93e23f4b5a2d9de40b87f6afcfdc27c05
* 06-9e-09, revision 0xd6: 4bacba8c598508e7dd4e87e179586abe7a1a987f
* 06-9e-0a, revision 0xd6: 4c236afeef9f80ff3a286698fe7cef72926722f0
* 06-9e-0b, revision 0xd6: 2f9ab9b2ba29559ce177632281d7290a24fed2ef
* 06-9e-0c, revision 0xd6: 4b9059e519bcab6085b6c103f5d99e509fe0b2bb
* 06-9e-0d, revision 0xd6: 3a3b7edfd8126bb34b761b46a32102a622047899
* 06-8e-09, revision 0xde: 84d7514101eb8904834a3dacdee684b3c574245f
* 06-8e-0a, revision 0xe0: 080b9e3ebbcf6bb1eca0fb5f640e6bfbfe3a1e6e
* 06-8e-0b, revision 0xde: 80fed976231bbff4c7103e373498e07eef0bff31
* 06-8e-0c, revision 0xde: 84f160587fea4acb81451c8ff53dc51afba06343
* 06-9e-09, revision 0xde: 422026ffb2cca446693c586be98d0d9e7dfeb116
* 06-9e-0a, revision 0xde: b6c44b9fe26e1d6bafa27f37ffe010284294bf1c
* 06-9e-0b, revision 0xde: 6452937a0d359066b95f9e679a41a15490770312
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
* 06-8e-0c, revision 0xf4: 6a5e140bf8c046acb6958bad1db1fee66c8601ad
* 06-9e-0d, revision 0xf4: 3433d4394b05a9c8aefb9c46674bad7b7e934f11
* 06-8e-09, revision 0xf2: 2e67e55d7b805edcfaac57898088323df7315b25
* 06-8e-0a, revision 0xf2: f9e1dbeb969ded845b726c62336f243099714bcf
* 06-8e-0b, revision 0xf2: 3d45fbcbefd92dbbedf0eed04aeb29c7430c7c0e
* 06-8e-0c, revision 0xf6: bd37be38dbd046d4d66f126cfaa79e43bfe88c0d
* 06-9e-09, revision 0xf2: 716257544acf2c871d74e4627e7de86ee1024185
* 06-9e-0a, revision 0xf2: 933c5d6710195336381e15a160d36aaa52d358fd
* 06-9e-0b, revision 0xf2: 92eaafdb72f6d4231046aadb92caa0038e94fca8
* 06-9e-0c, revision 0xf2: ad8922b4f91b5214dd88c56c0a12d15edb9cea5b
* 06-9e-0d, revision 0xf8: 8fdea727c6ce46b26e0cffa6ee4ff1ba0c45cf14
* 06-8e-09, revision 0xf4: e059ab6b168f3831d624acc153e18ab1c8488570
* 06-8e-0a, revision 0xf4: d1ade1ccfe5c6105d0786dfe887696808954f8b4
* 06-8e-0b, revision 0xf4: 0bc93736f3f5b8b6569bebac4e9627ab923621e0
* 06-8e-0c, revision 0xf8: be93b4826a3f40219a9fc4fc5afa87b320279f6e
* 06-9e-09, revision 0xf4: 317564f3ac7b99b5900b91e2be3e23b9b66bc2c0
* 06-9e-0a, revision 0xf4: 9659f73e2c6081eb5c146c5ed763fa5db21df901
* 06-9e-0b, revision 0xf4: e60b567ad54da129d05a77e305cae4488579979d
* 06-9e-0c, revision 0xf4: 74d52a11a905dd7b254fa72b014c3bab8022ba3d
* 06-9e-0d, revision 0xfa: 484738563e793d5b90b94869dc06edf0407182f1
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create a file "disallow-intel-06-8e-9e-0x-0xca" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8e-9e-0x-0xca
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To disable usage of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0x-0xca",
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0xca
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

7
SOURCES/06-8e-9e-0x-dell_config Normal file
View File

@ -0,0 +1,7 @@
path intel-ucode/*
vendor GenuineIntel
## It is deemed that blacklisting all 06-[89]e-0x models on all hardware
## in cases where no model filter is used is too broad, hence
## no-model-mode=success.
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
dependency required intel

7
SOURCES/06-8e-9e-0x-dell_disclaimer Normal file
View File

@ -0,0 +1,7 @@
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
and system instability during or after microcode update to newer revisions.
In order to address this, microcode update to these newer revision
has been disabled by default on these systems, and the previously published
microcode revisions are used by default for the OS-driven microcode update.
Please refer to /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-dell_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

204
SOURCES/06-8e-9e-0x-dell_readme Normal file
View File

@ -0,0 +1,204 @@
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
and system instability during or after microcode update to revision 0xc6/0xca
(included as part of microcode-20191113/microcode-20191115 update that addressed
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
and/or revision 0xd6 (included as part of microcode-20200609 update
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
revision has been disabled by default on these systems, and the previously
published microcode revisions 0xae/0xb4/0xb8 are used by default
for the OS-driven microcode update.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
This caveat contains latest microcode revisions publicly released by Intel;
for the revision 0xca of the microcode files, please refer to caveat
06-8e-9e-0x-0xca.
For the reference, microarchitectures of the affected CPU models:
* Amber Lake-Y
* Kaby Lake-G/H/S/U/X/Y/Xeon E3
* Coffee Lake-H/S/U/Xeon E
* Comet Lake-U 4+2
* Whiskey Lake-U
Family names of the affected CPU models:
* 7th Generation Intel® Core™ Processor Family
* 8th Generation Intel® Core™ Processor Family
* 9th Generation Intel® Core™ Processor Family
* 10th Generation Intel® Core™ Processor Family (selected models)
* Intel® Celeron® Processor G Series
* Intel® Celeron® Processor 5000 Series
* Intel® Core™ X-series Processors (i7-7740X, i5-7640X only)
* Intel® Pentium® Gold Processor Series
* Intel® Pentium® Processor Series (selected models)
* Intel® Xeon® Processor E Family
* Intel® Xeon® Processor E3 v6 Family
SHA1 checksums of the microcode files containing microcode revisions
in question:
* 06-8e-09, revision 0xb4: e253c95c29c3eef6576db851dfa069d82a91256f
* 06-8e-0a, revision 0xb4: 45bcba494be07df9eeccff9627578095a97fba4d
* 06-8e-0b, revision 0xb8: 3e54bf91d642ad81ff07fe274d0cfb5d10d09c43
* 06-8e-0c, revision 0xb8: bf635c87177d6dc4e067ec11e1caeb19d3c325f0
* 06-9e-09, revision 0xb4: 42f68eec4ddb79dd6be0c95c4ce60e514e4504b1
* 06-9e-0a, revision 0xb4: 37c7cb394dd36610b57943578343723da67d50f0
* 06-9e-0b, revision 0xb4: b5399109d0a5ce8f5fb623ff942da0322b438b95
* 06-9e-0c, revision 0xae: 131bce89e4d210de8322ffbc6bd787f1af66a7df
* 06-9e-0d, revision 0xb8: 22511b007d1df55558d115abb13a1c23ea398317
* 06-8e-09, revision 0xca: 9afa1bae40995207afef13247f114be042d88083
* 06-8e-0a, revision 0xca: 1d90291cc25e17dc6c36c764cf8c06b41fed4c16
* 06-8e-0b, revision 0xca: 3fb1246a6594eff5e2c2076c63c600d734f10777
* 06-8e-0c, revision 0xca: e871540671f59b4fa5d0d454798f09a4d412aace
* 06-9e-09, revision 0xca: b5eed11108ab7ac1e675fe75d0e7454a400ddd35
* 06-9e-0a, revision 0xca: e472304aaa2f3815a32822cb111ab3f43bf3dfe4
* 06-9e-0b, revision 0xca: 78f47c5162da680878ed057dc7c853f9737c524b
* 06-9e-0c, revision 0xca: f23848a009928796a153cb9e8f44522136969408
* 06-9e-0d, revision 0xca: c7a3d469469ee828ba9faf91b67af881fceec3b7
* 06-8e-09, revision 0xd6: 2272c621768437d20e602207752201e0966e5a8c
* 06-8e-0a, revision 0xd6: 0b145afb88e028e612f04c2a86385e7d7c3fefc4
* 06-8e-0b, revision 0xd6: c3831b05da83be54f3acc451a1bce90f75e2e9e5
* 06-8e-0c, revision 0xd6: 4b8938a93e23f4b5a2d9de40b87f6afcfdc27c05
* 06-9e-09, revision 0xd6: 4bacba8c598508e7dd4e87e179586abe7a1a987f
* 06-9e-0a, revision 0xd6: 4c236afeef9f80ff3a286698fe7cef72926722f0
* 06-9e-0b, revision 0xd6: 2f9ab9b2ba29559ce177632281d7290a24fed2ef
* 06-9e-0c, revision 0xd6: 4b9059e519bcab6085b6c103f5d99e509fe0b2bb
* 06-9e-0d, revision 0xd6: 3a3b7edfd8126bb34b761b46a32102a622047899
* 06-8e-09, revision 0xde: 84d7514101eb8904834a3dacdee684b3c574245f
* 06-8e-0a, revision 0xe0: 080b9e3ebbcf6bb1eca0fb5f640e6bfbfe3a1e6e
* 06-8e-0b, revision 0xde: 80fed976231bbff4c7103e373498e07eef0bff31
* 06-8e-0c, revision 0xde: 84f160587fea4acb81451c8ff53dc51afba06343
* 06-9e-09, revision 0xde: 422026ffb2cca446693c586be98d0d9e7dfeb116
* 06-9e-0a, revision 0xde: b6c44b9fe26e1d6bafa27f37ffe010284294bf1c
* 06-9e-0b, revision 0xde: 6452937a0d359066b95f9e679a41a15490770312
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
* 06-8e-0c, revision 0xf4: 6a5e140bf8c046acb6958bad1db1fee66c8601ad
* 06-9e-0d, revision 0xf4: 3433d4394b05a9c8aefb9c46674bad7b7e934f11
* 06-8e-09, revision 0xf2: 2e67e55d7b805edcfaac57898088323df7315b25
* 06-8e-0a, revision 0xf2: f9e1dbeb969ded845b726c62336f243099714bcf
* 06-8e-0b, revision 0xf2: 3d45fbcbefd92dbbedf0eed04aeb29c7430c7c0e
* 06-8e-0c, revision 0xf6: bd37be38dbd046d4d66f126cfaa79e43bfe88c0d
* 06-9e-09, revision 0xf2: 716257544acf2c871d74e4627e7de86ee1024185
* 06-9e-0a, revision 0xf2: 933c5d6710195336381e15a160d36aaa52d358fd
* 06-9e-0b, revision 0xf2: 92eaafdb72f6d4231046aadb92caa0038e94fca8
* 06-9e-0c, revision 0xf2: ad8922b4f91b5214dd88c56c0a12d15edb9cea5b
* 06-9e-0d, revision 0xf8: 8fdea727c6ce46b26e0cffa6ee4ff1ba0c45cf14
* 06-8e-09, revision 0xf4: e059ab6b168f3831d624acc153e18ab1c8488570
* 06-8e-0a, revision 0xf4: d1ade1ccfe5c6105d0786dfe887696808954f8b4
* 06-8e-0b, revision 0xf4: 0bc93736f3f5b8b6569bebac4e9627ab923621e0
* 06-8e-0c, revision 0xf8: be93b4826a3f40219a9fc4fc5afa87b320279f6e
* 06-9e-09, revision 0xf4: 317564f3ac7b99b5900b91e2be3e23b9b66bc2c0
* 06-9e-0a, revision 0xf4: 9659f73e2c6081eb5c146c5ed763fa5db21df901
* 06-9e-0b, revision 0xf4: e60b567ad54da129d05a77e305cae4488579979d
* 06-9e-0c, revision 0xf4: 74d52a11a905dd7b254fa72b014c3bab8022ba3d
* 06-9e-0d, revision 0xfa: 484738563e793d5b90b94869dc06edf0407182f1
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create a file "disallow-intel-06-8e-9e-0x-dell" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8e-9e-0x-dell
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To disable usage of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0x-dell",
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-dell
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.

51
SOURCES/README Normal file
View File

@ -0,0 +1,51 @@
The microcode_ctl package contains microcode files (vendor-provided binary data
and/or code in proprietary format that affects behaviour of a device) for Intel
CPUs that may be loaded into the CPU during boot.
This directory contains information regarding various aspects of the provided
microcode files and their usage.
* LICENSE.intel-ucode
"license" file from the Intel x86 CPU microcode archive.
* README
This file.
* README.caveats
Caveats (mechanism for enabling/disabling usage of sets of microcode files
based on caveat configuration and user preferences) documentation.
Also contains general information about microcode update behaviour and links
with additional information about the relevant microarchitectural
vulnerabilities.
* README.intel-ucode
"README.md" file from the Intel x86 CPU microcode archive.
* RELEASE_NOTES.intel-ucode
"releasenote.md" file from the Intel x86 CPU microcode archive.
* SECURITY.intel-ucode
"security.md" file from the Intel x86 CPU microcode archive.
* SUMMARY.intel-ucode
Information about supplied microcode files extracted from their headers,
in a table form. Columns have the following meaning:
* "Path": path to the microcode file under one of the following directories:
* /usr/share/microcode_ctl/ucode_with_caveats/intel
* /usr/share/microcode_ctl/ucode_with_caveats
* /usr/share/microcode_ctl
* /lib/firmware
* /etc/firmware
* "Offset": offset of the microcode blob within the micocode file in bytes.
* "Ext. Offset": offset of the extended signature header within
the microcode file in bytes.
* "Data Size": size of microcode data in bytes. 0 means 2000 bytes.
* "Total Size": size of microcode blob in bytes, incuding headers.
0 means 2048 bytes.
* "CPUID": CPU ID signature (in format returned by the CPUID instruction).
* "Platform ID Mask": mask of suitable Platform IDs (provided in bits
52..50 of MSR 0x17).
* "Revision": microcode revision.
* "Date": microcode creation date.
* "Checksum": sum (in base 1<< 32) of all 32-bit values comprising
the microcode (from Offset up to Offset + Total Size).
* "Codenames": list of known CPU codenames associated with the CPUID
and Platform ID Mask combination.
Please refer to README.cavets, section "Microcode file structure"
for additional information regarding microcode header fields.
* caveats
Directory that contains readme files for each specific caveat.

452
SOURCES/README.caveats
View File

@ -89,6 +89,75 @@ installation or removal of a kernel RPM in order to provide microcode files
for newly installed kernels and cleanup symlinks for the uninstalled ones.
Microcode file structure
------------------------
Intel x86 CPU microcode file (that is, one that can be directly consumed
by the CPU/kernel, and not its text representation such as used in microcode.dat
files) is a bundle of concatenated microcode blobs. Each blob has a header,
payload, and an optional additional data, as follows (for additional information
please refer to "Intel® 64 and IA-32 Architectures Software Developers Manual"
[1], Volume 3A, Section 9.11.1 "Microcode Update"):
* Header (48 bytes)
* Header version (unsigned 32-bit integer): version number of the update
header. Must be 0x1.
* Microcode revision (signed 32-bit integer)
* Microcode date (unsigned 32-bit integer): encoded as BCD in mmddyyyy format
(0x03141592 is 1592-03-14 in ISO 8601)
* CPU signature (unsigned 32-bit integer): CPU ID, as provided
by the CPUID (EAX = 0x1) instruction in the EAX register:
* bits 31..28: reserved
* bits 27..20: "Extended Family", summed with the Family field value
* bits 19..16: "Extended Model", bits 7..4 of the CPU model
* bits 15..14: reserved
* bits 13..12: "Processor Type", non-zero value (other than the "primary
processor") so far used only for the Deschutes (Pentium II) CPU family,
with the processor type of 1, to signify it is an Overdrive processor:
CPUID 0x1632.
* bits 11..08: Family, summed with the Extended Family field value
* bits 07..04: Model (bits 3..0)
* bits 03..00: Stepping
In short, microcode file with Family-Model-Stepping of uv-wx-0z corresponds
to CPUID 0x0TUw0Vxz, where uv = TU + V, with V usually being 0xF when
uv >= 16; with Family being 6 on most of recent Intel CPUs this transforms
into 0x000w06xz. Please also refer to README.intel-ucode, section "About
Processor Signature, Family, Model, Stepping and Platform ID"
for additional information.
* Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) of all
the 32-bit integers comprising the microcode amounts to 0.
* Loader version (unsigned 32-bit integer): 0x1.
* Platform ID mask (unsigned 32-bit integer): lower 8 bits indicate the set
of possible values of bits 52..50 of MSR 0x17 ("Platform ID"). In old
(up to Pentium II) microcode blobs the mask may be zero.
* Data size (unsigned 32-bit integer): size of the Payload in bytes,
has to be divisible by 4. 0 means 2000.
* Total size (unsigned 32-bit integer): total microcode blob size (including
header and extended header), has to be divisible by 1024. 0 means 2048.
* Reserved (12 bytes).
* Payload
* Additional data (optional, 20 + 12 * n bytes)
* Extended signature table header (20 bytes)
* Extended signature count (unsigned 32-bit integer)
* Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32)
of all the 32-bit integers comprising the extender signature table
amounts to 0.
* Reserved (12 bytes).
* Extended signature (12 bytes each)
* CPU signature (unsigned 32-bit integer): see the description of the CPU
signature field in the Header above.
* Platform ID mask (unsigned 32-bit integer): see the description
of the Platform ID mask field in the Header above.
* Checksum (unsigned 32-bit integer): correct if sum (in base 1<< 32)
of all the 32-bit integers comprising the Header (with CPU signature
and Platform ID mask fields replaced with the values from this signature)
and the Payload amounts to 0. Note that since External signature table
header has its own checksum, sum of all its 32-bit values amounts to 0,
so the Checksum in the Header and in the Extended signature will be
the same if the values of CPU signature and Platform ID mask fields
are the same,
[1] https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html
Caveat configuration
--------------------
There is a directory for each caveat under
@ -156,10 +225,152 @@ separated by white space. Currently, the following options are supported:
configuration. Argument for the argument is a list of stages ("early",
"late") for which the caveat should be disable. The configuration option
can be provided multiple times in a configuration file.
* "blacklist" is a marker for a start of list of blacklisted model names,
one model name per line. The model name of the running CPU (as reported
in /proc/cpuinfo) is compared against the names in the provided list, and,
if there is a match, caveat check fails.
* "pci_config_val" performs check for specific values in selected parts
of configuration space of specified PCI devices. If "-m" option
is not specified, then the actual check is skipped, and the check returns
result in accordance with the provided "mode" option (se below). Check
arguments are a white-space-separated list of "key=value" pairs.
The following keys are supported:
* "domain" - PCI domain number, or "*" (an asterisk) for any domain.
Default is "*".
* "bus" - PCI bus number, or "*" (an asterisk) for any bus. Default is "*".
* "device" - PCI device number, or "*" (an asterisk) for any device.
Default is "*".
* "function" - PCI function number, or "*" (an asterisk) for any function.
Default is "*".
* "vid" - PCI vendor ID, or empty string for any vendor ID. Default
is empty string.
* "did" - PCI device ID, or empty string for any device ID. Default
is empty string.
* "offset" - offset in device's configuration space where the value resides.
Default is 0.
* "size" - field size. Possible values are 1, 2, 4, or 8. Default is 4.
* "mask" - mask applied to the values during the check. Default is 0.
* "val" - comma-separated list of matching values. Default is 0.
* "mode" - check mode, the way matches are interpreted:
* "success-any" - check succeeds if there was at least one match,
otherwise it fails.
* "success-all" - check succeeds if there was at least one device checked
and all the checked devices have matches, otherwise the check fails.
* "fail-any" - check fails if there was at least one match, otherwise
it succeeds.
* "fail-all" - check fails if there was at least one device checked
and all the checked devices have matches, otherwise the check succeeds.
Default is "success-any".
An example of a check:
pci_config_val mode=success-all device=30 function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
It interprets 4 bytes at offset 0x84 of special files "config" under
directories that match glob pattern "/sys/bus/pci/devices/*:*:1e.3"
as an unsigned integer value, applies mask 0x38 (thus selecting bit 5..3
of it) and checks whether it is one of the values 0x38, 0x18, or 0x8 (0b111,
0b011, or 0b001 in bits 5..3, respectively); if there are such files,
and all the checked values in every checked file has matched at least one
of the aforementioned value, then the check is successful, otherwise
it fails (in accordance with "mode=success-all" semantics). This check fails
if "-m" option is not specified.
* "dmi" performs checks for specific values available in DMI sysfs files
(present under /sys/devices/virtual/dmi/id/). The check (when it is actually
performed; see a not about "no-model-mode" below) fails if one of the files
is not readable. If "-m" option is not specified, then the actual check
is skipped, and the check returns value in accordance with "no-model-mode"
parameter value (see below). Check arguments are a white-space-separated
list of "key=value" pairs. The following keys are supported:
* "key" - DMI file to check. Value can be one of the following: bios_date,
bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
board_vendor, board_version, chassis_asset_tag, chassis_serial,
chassis_type, chassis_vendor, chassis_version, product_family,
product_name, product_serial, product_uuid, product_version, sys_vendor.
Default is empty string.
* "val" - a string to match DMI data present in "key" against.
Can be enclosed in single or double quotes. Default is empty string.
* "keyval" - a pair of "key" and "val" values (with semantics described
above), separated with either "=", ":", "!=", or "!:" characters. Enables
providing of multiple key-value pairs by means of supplying multiple
keyval= parameters. The exclamation sign ("!") character in separator
enables negated matching (so, non-equality of the value in DMI "key" file
and the value of "val" is). The match considered successful when all
the key/val (non-)equalities are in effect. This parameter works
in addition to the pair provided in "key" and "val" parameters
(but allows to avoid using them). Default is empty.
* "mode" - check mode, the way successful matches are interpreted:
* "success-equal" - returns 0 if the value present in the file
with the name supplied via the "key" parameter file under
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
of "val" parameter and all the pairs provided in "keyval" parameters
are equal and non-equal in accordance with their definition,
otherwise 1.
* "fail-equal" - returns 1 if the value present in the file
with the name supplied via the "key" parameter file under
/sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
of "val" parameter and all the pairs provided in "keyval" parameters
are equal and non-equal in accordance with their definition,
otherwise 0.
Default is "success-any".
* "no-model-mode" - return value if model filter ("-m" option)
is not enabled:
* "success" - return 0.
* "fail" - return 1.
Default is "success".
An example of a check:
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
content is "Dell Inc." (without quotes). It succeeds if "-m" option
is not enabled.
Another example:
dmi mode=fail-equal keyval="sys_vendor=Amazon EC2" keyval="product_name=u-18tb1.metal"
dmi mode=fail-equal keyval="sys_vendor=Lenovo" keyval="product_name=ThinkSystem SR950"
It blocks the caveat from using when either both
/sys/devices/virtual/dmi/id/sys_vendor contains the string "Amazon EC2"
and /sys/devices/virtual/dmi/id/product_name contains the string
"u-18tb1.metal" or both /sys/devices/virtual/dmi/id/sys_vendor contains
the string "Lenovo" and /sys/devices/virtual/dmi/id/product_name contains
the string "ThinkSystem SR950", but enables caveat loading for other products
with the aforementioned /sys/devices/virtual/dmi/id/sys_vendor values,
for example.
* "dependency" allows conditional enablement of a caveat based on the check
status of some other caveat(s). It has the following format:
dependency DEPENDENCY_TYPE DEPENDENCY_NAME [OPTION...]
where DEPENDENCY_NAME is the configuration to be checked, OPTIONs
are per-DEPENDENCY_TYPE, and the only DEPENDENCY_TYPE that is supported
currently is "required".
Options for the "required" dependency type:
* "match-model-mode" - whether model matching mode ("-m" option)
has to be used for the nested configuration check. Possible values:
* "on" - model-matching mode is always used during the nested check;
* "off" - model-matching mode is never used during the nested check;
* "same" - used the same model-matching mode as it is now.
Default is "same".
* "skip" - controls result of the check when the nested check indicated
skipping of the configuration.
* "fail" - the dependent check fails;
* "success" - the dependent check succeeds;
* "skip" - the dependent check indicates that the configuration
is to be skipped.
Default is "skip".
* "force-skip" - controls result of the check when the nested check
indicated skipping of the configuration caused by the presence
of an override file (see "check_caveats script" section for details).
* "fail" - the dependent check fails;
* "success" - the dependent check succeeds;
* "skip" - the dependent check indicates that the configuration
is to be skipped.
Default is "skip".
* "nesting-too-deep" - as a measure against dependency loop, configuration
checking logic implements nesting limit on dependency checks (currently
set at 8). This option controls the behaviour of the check
when the nested check cannot be performed due to this limit.
* "fail" - the dependent check fails;
* "success" - the dependent check succeeds;
* "skip" - the dependent check indicates that the configuration
is to be skipped.
Default is "fail".
An example of a check:
dependency required intel skip=success match-model-mode=off
It checks "intel" caveat configuration (see the "Early microcode load
inside a virtual machine" section) with model-matching mode being disabled,
treats skipping of the configuration as a success (unless the configuration
is forced to be skipped, in that case the dependent configuration
is to be skipped as well).
check_caveats script
@ -389,11 +600,15 @@ when a microcode update performed on a kernel that contains those changes.
As a result, microcode update for this CPU model is disabled by default;
the microcode file, however, is still shipped as a part of microcode_ctl
package and can be used for performing a microcode update if it is enforced
via the aforementioned overridden. (See sections "check_caveats script"
and "reload_microcode script" for details).
via the aforementioned overrides. (See the sections "check_caveats script"
and "reload_microcode script" for details.)
Caveat name: intel-06-4f-01
Affected microcode: intel-ucode/06-4f-01.
Dependencies: intel
Mitigation: microcode loading is disabled for the affected CPU model.
Minimum versions of the kernel package that contain the aforementioned patch
@ -418,9 +633,14 @@ from a cpio archive placed at the beginning of the initramfs image. However,
when an early microcode update is attempted inside some virtualised
environments, that may result in unexpected system behaviour.
Caveat name: intel
Affected microcode: all.
Mitigation: early microcode loading is disabled for all CPU models.
Dependencies: (none)
Mitigation: early microcode loading is disabled for all CPU models on kernels
without the fix.
Minimum versions of the kernel package that contain the fix:
- Upstream/RHEL 8: 4.10.0
@ -431,16 +651,188 @@ Minimum versions of the kernel package that contain the fix:
- RHEL 7.2: 3.10.0-327.73.1
Intel Sandy Bridge-E/EN/EP caveat
---------------------------------
Microcode revision 0x718 for Intel Sandy Bridge-E/EN/EP (SNB-EP, family 6,
model 45, stepping 7), that was released to address MDS vulnerability,
and was available from microcode-20190618 up to microcode-20190508 release)
could lead to system instability[1][2]. In order to address this,
this microcode update was not used and the previous microcode revision
was provided instead by default; the microcode file, however, was still shipped
as part of microcode_ctl package and could be used for performing a microcode
update if it is enforced via the aforementioned overrides. With the release
of 0x71a revision of the microcode (as art of microcode-20200520 release)
that aims at fixing the aforementioned stability issue, the latest microcode
revision is again used by default; it is still provided via the caveat
mechanism, hovewer, in order to enable ability to disable it in case such
a need arises. (See the sections "check_caveats script" and "reload_microcode
script" for details regarding caveats mechanism operation.)
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
[2] https://access.redhat.com/solutions/4593951
Caveat name: intel-06-2d-07
Affected microcode: intel-ucode/06-2d-07.
Dependencies: intel
Mitigation: None; the latest revision of the microcode file is used by default;
previously published microcode revision 0x714 is still available as a fallback
as part of "intel" caveat.
Intel Skylake-SP/W/X caveat
---------------------------
Microcode revision 0x2000065 (that was provided with microcode releases
microcode-20191112 up to microcode-20200520) for some CPU models that belong
to Intel Skylake Scalable Platform (SKL-W/X, family 6, model 85, stepping 4,
Workstation/HEDT segments) could lead to hangs during reboot[1]. In order
to address this, by default this microcode update was disabled by default and
and the previous 0x2000064 microcode revision was used instead; the microcode
file with, however, is still shipped as part of microcode_ctl package and can
be used for performing a microcode update if it is enforced
via the aforementioned overrides. With the availability of 0x2006906 revision
of the microcode (in the microcode-20200609 release) that fixes
the aforementioned issue, the latest microcode revision is again used
by default; it is still provided via caveat mechanism, hovewer, in order
to enable ability to disable it in case such a need arises. (See the sections
"check_caveats script" and "reload_microcode script" for details regarding
caveats mechanism operation.)
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
Caveat name: intel-06-55-04
Affected microcode: intel-ucode/06-55-04.
Dependencies: intel
Mitigation: None; the latest revision of the microcode file is used by default;
previously published microcode revision 0x2000064 is still available
as a fallback as part of "intel" caveat.
Intel Skylake-U/Y caveat
------------------------
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
have reports of system hangs when revision 0xdc of microcode, that is included
in microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
and CVE-2020-0549, is applied[1]. In order to address this, microcode update
to the newer revision has been disabled by default on these systems,
and the previously published microcode revision 0xd6 is used instead; the newer
microcode files, however, are still shipped as part of microcode_ctl package
and can be used for performing a microcode update if they are enforced
via the aforementioned overrides. (See the sections "check_caveats script"
and "reload_microcode script" for details.)
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
Caveat name: intel-06-4e-03
Affected microcode: intel-ucode/06-4e-03
Dependencies: intel
Mitigation: previously published microcode revision 0xd6 is used by default.
Intel Skylake-H/S/Xeon E3 v5 caveat
-----------------------------------
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
stepping 3) had reports of system hangs when revision 0xdc of microcode,
that is included in microcode-20200609 update to address CVE-2020-0543,
CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order to address this,
microcode update to the newer revision had been disabled by default on these
systems, and the previously published microcode revision 0xd6 was used instead.
The revision 0xea seems[2] to have fixed the aforementioned issue, hence
the latest microcode revision usage it is enabled by default,
but can be disabled explicitly via the aforementioned overrides. (See
the sections "check_caveats script" and "reload_microcode script" for details.)
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
Caveat names: intel-06-5e-03
Affected microcode: intel-ucode/06-5e-03.
Dependencies: intel
Mitigation: None; the latest revision of the microcode file is used by default;
previously published microcode revision 0xd6 is still available as a fallback
as part of "intel" caveat.
Dell caveats
------------
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
and system instability during or after microcode update to revision 0xc6/0xca
(included as part of microcode-20191113/microcode-20191115 update that addressed
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
and/or revision 0xd6 (included as part of microcode-20200609 update
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
revision has been disabled by default on these systems, and the previously
published microcode revisions 0xae/0xb4/0xb8 are used by default
for the OS-driven microcode update.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
Caveat names: intel-06-8e-9e-0x-dell, intel-06-8e-9e-0x-0xca
Affected microcode: intel-ucode/06-8e-09, intel-ucode/06-8e-0a,
intel-ucode/06-8e-0b, intel-ucode/06-8e-0c,
intel-ucode/06-9e-09, intel-ucode/06-9e-0a,
intel-ucode/06-9e-0b, intel-ucode/06-9e-0c,
intel-ucode/06-9e-0d.
Dependencies: intel
Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
by default if /sys/devices/virtual/dmi/id/bios_vendor reports
"Dell Inc."; otherwise, the latest microcode revision is used.
Caveat with revision 0xca of microcode files is provided
as a convenience for the cases where it was working well before.
Intel Tiger Lake-UP3/UP4 caveat
-------------------------------
Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140,
stepping 1) had reports of system hangs when a microcode update,
that was included since microcode-20201110 release, was applied[1].
In order to address this, microcode update to a newer revision had been disabled
by default on these systems. The revision 0x88 seems to have fixed
the aforementioned issue, hence it is enabled by default; however, it is still
can be disabled via the aforementioned overrides. (See the sections
"check_caveats script" and "reload_microcode script" for details.)
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
Caveat names: intel-06-8c-01
Affected microcode: intel-ucode/06-8c-01.
Dependencies: intel
Mitigation: None; the latest revision of the microcode file is used by default.
Additional information
======================
Red Hat provides updated microcode, developed by our microprocessor
partners, as a customer convenience. Please contact your hardware vendor
to determine whether more recent BIOS/firmware updates are recommended
because additional improvements may be available.
Red Hat provides updated microcode, developed by its microprocessor partners,
as a customer convenience. Please contact your hardware vendor to determine
whether more recent BIOS/firmware updates are recommended because additional
improvements may be available.
Information regarding microcode revisions required for mitigating specific
microarchitectural side-channel attacks is available in the following
knowledge base articles:
Intel CPU vulnerabilities is available in the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
@ -450,3 +842,37 @@ knowledge base articles:
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow),
CVE-2021-0145 (Fast store forward predictor - Cross Domain Training),
CVE-2021-0146 (VT-d-related Privilege Escalation),
CVE-2021-33120 (Out of bounds read for some Intel Atom processors):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
CVE-2022-21136 (Overclocking service access protection),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
* CVE-2022-21233 (Stale Data Read from legacy xAPIC):
https://access.redhat.com/articles/6976398

679
SOURCES/check_caveats
View File

@ -5,13 +5,19 @@
#
# SPDX-License-Identifier: CC0-1.0
export LC_ALL=C
: ${MC_CAVEATS_DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats}
: ${FW_DIR=/lib/firmware}
: ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats}
MAX_NESTING_LEVEL=8
usage() {
echo 'Usage: check_caveats [-e] [-k TARGET_KVER] [-c CONFIG] [-m] [-v]'
echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]'
echo ' [-m] [-v]'
echo
echo ' -d - enables disclaimer printing mode'
echo ' -e - check for early microcode load possibility (instead of'
echo ' late microcode load)'
echo ' -k - target version to check against, $(uname -r) is used'
@ -130,6 +136,404 @@ check_kver()
return 1
}
# It is needed for SKX[1] for which different product segments
# are differentiated by a value in the CAPID0 field of PCU registers
# device[2].
# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
# [2] https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
#
# $1 - params in config file, space-separated, in key=value form:
# domain=* - PCI domain, '*' or number
# bus=* - PCI bus, '*' or number
# device=* - PCI device, '*' or number
# function=* - PCI function, '*' or number
# vid= - PCI vendor ID, empty or number
# did= - PCI device ID, empty or number
# offset=0 - offset in configuration space
# size=4 - field size
# mask=0 - mask applied to the data read
# val=0 - comma-separated list of possible values
# mode=success-any [ success-ail, fail-any, fail-all ] - matching mode:
# success-any: Returns 0 if there was at least one match, otherwise 1.
# success-all: Returns 0 if there was at least one device checked and all
# the checked devices have matches, otherwise 1.
# fail-any: Returns 1 if there was at least one match, otherwise 0.
# fail-all: Returns 1 if there was at least one device checked and all
# the checked devices have matches, otherwise 0.
# $2 - whether model filter is engaged (if it is not '1', just return the result
# based on "mode" value that assumes that there were 0 checks/0 matches).
check_pci_config_val()
{
local domain='*' bus='*' device='*' func='*' vid= did=
local offset=0 size=4 mask=0 val=0 mode=success-any
local checked=0 matched=0 path=''
local dev_path dev_vid dev_did dev_val
local opts="${1:-}"
local match_model="${2:-0}"
set -- $1
while [ "$#" -gt 0 ]; do
[ "x${1#domain=}" = "x${1}" ] || domain="${1#domain=}"
[ "x${1#bus=}" = "x${1}" ] || bus="${1#bus=}"
[ "x${1#device=}" = "x${1}" ] || device="${1#device=}"
[ "x${1#function=}" = "x${1}" ] || func="${1#function=}"
[ "x${1#vid=}" = "x${1}" ] || vid="${1#vid=}"
[ "x${1#did=}" = "x${1}" ] || did="${1#did=}"
[ "x${1#offset=}" = "x${1}" ] || offset="${1#offset=}"
[ "x${1#size=}" = "x${1}" ] || size="${1#size=}"
[ "x${1#mask=}" = "x${1}" ] || mask="${1#mask=}"
[ "x${1#val=}" = "x${1}" ] || val="${1#val=}"
[ "x${1#mode=}" = "x${1}" ] || mode="${1#mode=}"
shift
done
path="$domain"
if [ "x$bus" = 'x*' ]; then
path="$path:$bus";
else
path=$(printf '%s:%02x' "$path" "$bus")
fi
if [ "x$device" = 'x*' ]; then
path="$path:$device";
else
path=$(printf '%s:%02x' "$path" "$device")
fi
if [ "x$func" = 'x*' ]; then
path="$path.$func";
else
path=$(printf '%s.%01x' "$path" "$func")
fi
# Normalise VID, DID
[ -n "$vid" ] || vid="$(printf '0x%04x' "$vid")"
[ -n "$did" ] || did="$(printf '0x%04x' "$did")"
( [ 1 != "$match_model" ] \
|| /usr/bin/find /sys/bus/pci/devices/ -maxdepth 1 -name "$path" \
|| : ) | (
while read -r dev_path; do
# Filter VID, DID
if [ -n "$vid" ]; then
dev_vid=$(/bin/cat "$dev_path/vendor")
[ "x$vid" = "x$dev_vid" ] || continue
fi
if [ -n "$did" ]; then
dev_did=$(/bin/cat "$dev_path/device")
[ "x$did" = "x$dev_did" ] || continue
fi
checked="$((checked + 1))"
dev_val="$(/usr/bin/od -j "$offset" -N "$size" -A n \
-t "u$size" "$dev_path/config")"
val_rest="${val}"
while :; do
cur_val="${val_rest%%,*}"
if [ "$((dev_val & mask))" = "$((cur_val & mask))" ]
then
matched="$((matched + 1))"
break
fi
[ "x${val_rest}" != "x${val_rest#*,}" ] || break
val_rest="${val_rest#*,}"
done
case "$mode" in
success-any) [ "$matched" -eq 0 ] || { echo 0; exit; } ;;
success-all) [ "$matched" -eq "$checked" ] || { echo 1; exit; } ;;
fail-any) [ "$matched" -eq 0 ] || { echo 1; exit; } ;;
fail-all) [ "$matched" -eq "$checked" ] || { echo 0; exit; } ;;
*) echo 2; exit;;
esac
done
debug "PCI config value check ($opts): checked $checked," \
"matched $matched (model check is set to $match_model)"
case "$mode" in
success-any) if [ "$matched" -eq 0 ]; then echo 1; else echo 0; fi ;;
success-all) if [ "$matched" -gt 0 -a "$matched" -eq "$checked" ]; then echo 0; else echo 1; fi ;;
fail-any) if [ "$matched" -eq 0 ]; then echo 0; else echo 1; fi ;;
fail-all) if [ "$matched" -gt 0 -a "$matched" -eq "$checked" ]; then echo 1; else echo 0; fi ;;
*) echo 2; exit;;
esac
)
}
# It is needed for filtering by BIOS vendor name that is available in DMI data
#
# $1 - params in config file, space-separated, in key=value form:
# key= - DMI data record to check. Can be one of the following: bios_date,
# bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
# board_vendor, board_version, chassis_asset_tag, chassis_serial,
# chassis_type, chassis_vendor, chassis_version, product_family,
# product_name, product_serial, product_uuid, product_version,
# sys_vendor.
# val= - a string to match DMI data against. Can be enclosed in single
# or double quotes.
# keyval= - a string of format "KEY(!)?[=:]VAL" (so, one of "KEY=VAL",
# "KEY!=VAL", "KEY:VAL", "KEY!:VAL") that allows providing
# a key-value pair in a single parameter. It is possible to provide
# multiple keyval= parameters. "!" before :/= means negated match.
# The action supplied in the mode= parameter is executed upon
# successful (non-)matching of all the keyval pairs (as well
# as the pair provided in a pair of key= and val= parameters).
# mode=success-equal [ success-equal, fail-equal ] - matching mode:
# success-equal: Returns 0 if the all values present in the corresponding
# files under /sys/devices/virtual/dmi/id/<KEY> are equal
# (or not equal in case of a keyval= with negated match)
# to the respective values supplied as the values
# of the keyval= parameters or the pair of key= vand val=
# parameters, otherwise 1.
# fail-equal: Returns 1 if all the values present in DMI files in sysfs
# match (as described above), otherwise 0.
# no-model-mode=success [ success, fail ] - return value if model filter
# is not enabled:
# success: Return 0.
# fail: Return 1.
# $2 - whether model filter is engaged (if it is not '1', just return the result
# based on "no-model-mode" value).
check_dmi_val()
{
local key= val= keyval= keyvals= mode='success-equal' nm_mode='success'
local opts="${1:-}" opt= opt_=
local match_model="${2:-0}"
local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor "
local success=1
while [ -n "$opts" ]; do
opt="${opts%%[ ]*}"
[ -n "${opt}" ] || { opts="${opts#[ ]}"; continue; }
[ "x${opt#key=}" = "x${opt}" ] || key="${opt#key=}"
[ "x${opt#mode=}" = "x${opt}" ] || mode="${opt#mode=}"
[ "x${opt#no-model-mode=}" = "x${opt}" ] || \
nm_mode="${opt#no-model-mode=}"
# Handle possible quoting
[ "x${opt#val=}" = "x${opt}" ] || {
case "${opt#val=}" in
[\']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val='${val}'" ;;
[\"]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
*) val="${opt#val=}" ;;
esac
}
[ "x${opt#keyval=}" = "x${opt}" ] || {
case "${opt#keyval=}" in
[\']*)
opt_="${opts#keyval=\'}"
keyval="${opt_%%\'*}"
opt="keyval='${keyval}'"
keyvals="${keyvals}
${keyval}"
;;
[\"]*)
opt_="${opts#keyval=\"}"
keyval="${opt_%%\"*}"
opt="keyval=\"${keyval}\""
keyvals="${keyvals}
${keyval}"
;;
*)
keyvals="${keyvals}
${opt#keyval=}"
;;
esac
}
opts="${opts#"${opt}"}"
continue
done
[ -z "$key" -a -z "$val" ] || keyvals="${key}=${val}${keyvals}"
[ -n "x${keyvals}" ] || {
debug "Neither key=, val=, nor keyval= parameters were privoded"
echo 2
return
}
[ 1 = "$match_model" ] || {
case "$nm_mode" in
success) echo 0 ;;
fail) echo 1 ;;
*)
debug "Invalid no-model-mode value: \"${nm_mode}\""
echo 2
;;
esac
return
}
case "$mode" in
success-equal|fail-equal) ;;
*) debug "Invalid mode value: \"${nm_mode}\""; echo 2; return ;;
esac
printf "%s\n" "${keyvals}" | (
while read l; do
[ -n "$l" ] || continue
key="${l%%[=:]*}"
val="${l#${key}[=:]}"
cmp="="
[ "x${key%!}" = "x${key}" ] || {
cmp="!="
key="${key%!}"
}
# Check key for validity
[ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
debug "Invalid \"key\" parameter value: \"${key}\""
echo 2
return
}
[ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
debug "Can't access /sys/devices/virtual/dmi/id/${key}"
echo 3
return
}
file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")"
[ "x${val}" "${cmp}" "x${file_val}" ] || {
case "$mode" in
success-equal) echo 1 ;;
fail-equal) echo 0 ;;
esac
return
}
done
case "$mode" in
success-equal) echo 0 ;;
fail-equal) echo 1 ;;
esac
)
}
# check_dependency CURLEVEL DEP_TYPE DEP_NAME OPTS
# DEP_TYPE:
# required - caveat can be enabled only if dependency is enabled
# (is not forcefully disabled and meets caveat conditions)
# OPTS:
# match-model-mode=same [ on, off, same ] - what mode matching mode is to be used for dependency
# skip=skip [ fail, skip, success ]
# force-skip=skip [ fail, skip, success ]
# nesting-too-deep=fail [ fail, skip, success ]
# Return values:
# 0 - success
# 1 - fail
# 2 - skip
# 9 - error
check_dependency()
{
local cur_level="$1"
local dep_type="$2"
local dep_name="$3"
local match_model_mode=same old_match_model="${match_model}"
local skip=skip
local force_skip=skip
local nesting_too_deep=fail
local check="Dependency check for ${dep_type} ${dep_name}"
set -- ${4:-}
while [ "$#" -gt 0 ]; do
[ "x${1#match-model-mode=}" = "x${1}" ] || match_model_mode="${1#match-model-mode=}"
[ "x${1#skip=}" = "x${1}" ] || skip="${1#skip=}"
[ "x${1#force-skip=}" = "x${1}" ] || force_skip="${1#force-skip=}"
[ "x${1#nesting-too-deep=}" = "x${1}" ] || nesting_too_deep="${1#nesting-too-deep=}"
shift
done
case "${dep_type}" in
required)
[ "x${dep_name%/*}" = "x${dep_name}" ] || {
debug "${check} error: dependency name (${dep_name})" \
"cannot contain slashes"
echo 9
return
}
[ "${MAX_NESTING_LEVEL}" -ge "$cur_level" ] || {
local reason="nesting level is too deep (${cur_level}) and nesting-too-deep='${nesting_too_deep}'"
case "$nesting_too_deep" in
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
fail) debug "${check} failed: ${reason}"; echo 1 ;;
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
*) debug "${check} error: invalid" \
"nesting-too-deep mode" \
"(${nesting_too_deep})"; echo 9 ;;
esac
return
}
case "${match_model_mode}" in
same) ;;
on) match_model=1 ;;
off) match_model=0 ;;
*)
debug "${check} error: invalid match-model-mode" \
"(${match_model_mode})"
echo 9
return
;;
esac
local result=0
debug "${check}: calling check_caveat '${dep_name}'" \
"'$(($cur_level + 1))' match_model=${match_model}"
check_caveat "${dep_name}" "$(($cur_level + 1))" > /dev/null || result="$?"
match_model="${old_match_model}"
case "${result}" in
0) debug "${check} succeeded: result=${result}"; echo "${result}" ;;
1) debug "${check} failed: result=${result}"; echo "${result}" ;;
2)
local reason="result=${result} and skip='${skip}'"
case "${skip}" in
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
fail) debug "${check} failed: ${reason}"; echo 1 ;;
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
*) debug "${check} error: unexpected skip=" \
"setting (${skip})"; echo 9 ;;
esac
;;
3)
local reason="result=${result} and force_skip='${force_skip}'"
case "${force_skip}" in
success) debug "${check} succeeded: ${reason}"; echo 0 ;;
fail) debug "${check} failed: ${reason}"; echo 1 ;;
skip) debug "${check} skipped: ${reason}"; echo 2 ;;
*) debug "${check} error: unexpected force-skip=" \
"setting (${skip})"; echo 9 ;;
esac
;;
*)
debug "${check} error: unexpected check_caveat result" \
"(${result})"; echo 9 ;;
esac
;;
*)
debug "${check} error: unknown dependency type '${dep_type}'"
echo 9
;;
esac
}
# Provides model in format "VENDOR_ID FAMILY-MODEL-STEPPING"
#
# We check only the first processor as we don't expect non-symmetrical setups
@ -164,6 +568,12 @@ get_mc_path()
AuthenticAMD)
echo "amd-ucode/$2"
;;
*)
# We actually only support Intel ucode, but things may break
# if nothing is printed (input would be gotten from stdin
# otherwise).
echo "invalid"
;;
esac
}
@ -172,27 +582,22 @@ get_mc_ver()
/bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo
}
fail()
{
ret=1
fail_cfgs="$fail_cfgs $cfg"
fail_paths="$fail_paths $cfg_path"
}
#check_kver "$@"
#get_model_name
match_model=0
configs=
kver=$(/bin/uname -r)
verbose=0
early_check=0
print_disclaimers=0
ret=0
while getopts "ek:c:mv" opt; do
while getopts "dek:c:mv" opt; do
case "${opt}" in
d)
print_disclaimers=1
early_check=2
;;
e)
early_check=1
;;
@ -215,7 +620,7 @@ while getopts "ek:c:mv" opt; do
esac
done
: ${configs:=$(find "${MC_CAVEATS_DATA_DIR}" -maxdepth 1 -mindepth 1 -type d -printf "%f\n")}
: "${configs:=$(find "${MC_CAVEATS_DATA_DIR}" -maxdepth 1 -mindepth 1 -type d -printf "%f\n")}"
cpu_model=$(get_model_string)
cpu_model_name=$(get_model_name)
@ -237,32 +642,44 @@ else
stage="late"
fi
for cfg in $(echo "${configs}"); do
dir="$MC_CAVEATS_DATA_DIR/$cfg"
# We add cfg to the skip list first and then, if we do not skip it,
# we remove the configuration from the list.
skip_cfgs="$skip_cfgs $cfg"
# check_caveat CFG [CHECK_LEVEL]
# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs,
# skip_cfgs if CHECK_LEVEL is set to 0 (default).
# CHECK_LEVEL is used for recursive configuration dependency checks,
# and indicates nesting level.
# Return value:
# 0 - check is successful
# 1 - check has been failed
# 2 - configuration has been skipped
# 3 - configuration has been skipped due to presence of an override file
check_caveat() {
local cfg="$1"
local check_level="${2:-0}"
local dir="$MC_CAVEATS_DATA_DIR/$cfg"
[ -r "${dir}/readme" ] || {
debug "File 'readme' in ${dir} is not found, skipping"
continue
return 2
}
[ -r "${dir}/config" ] || {
debug "File 'config' in ${dir} is not found, skipping"
continue
return 2
}
cfg_model=
cfg_vendor=
cfg_path=
cfg_kvers=
cfg_kvers_early=
cfg_blacklist=
cfg_mc_min_ver_late=
cfg_disable=
local cfg_model=
local cfg_vendor=
local cfg_path=
local cfg_kvers=
local cfg_kvers_early=
local cfg_mc_min_ver_late=
local cfg_disable=
local cfg_pci=
local cfg_dmi=
local cfg_dependency=
local key
local value
while read -r key value; do
case "$key" in
@ -287,19 +704,30 @@ for cfg in $(echo "${configs}"); do
disable)
cfg_disable="$cfg_disable $value "
;;
blacklist)
cfg_blacklist=1
break
pci_config_val)
cfg_pci="$cfg_pci
$value"
;;
dmi)
cfg_dmi="$cfg_dmi
$value"
;;
dependency)
cfg_dependency="$cfg_dependency
$value"
;;
'#'*|'')
continue
;;
*)
debug "Unknown key '$key' (value '$value') in config" \
"'$cfg'"
;;
esac
done < "${dir}/config"
[ -z "${cfg_blacklist}" ] || \
cfg_blacklist=$(/bin/sed -n '/^blacklist$/,$p' "${dir}/config" |
/usr/bin/tail -n +2)
debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'"
debug "${cfg}: blacklist '$cfg_blacklist'"
echo "$cfg_path"
# Check for override files in the following order:
# - disallow early/late specific caveat for specific kernel
@ -320,10 +748,10 @@ for cfg in $(echo "${configs}"); do
# - force early/late everyhting
# - disallow everything
# - force everyhting
ignore_cfg=0
force_cfg=0
override_file=""
overrides="
local ignore_cfg=0
local force_cfg=0
local override_file=""
local overrides="
0:$FW_DIR/$kver/disallow-$stage-$cfg
1:$FW_DIR/$kver/force-$stage-$cfg
0:$FW_DIR/$kver/disallow-$cfg
@ -340,6 +768,9 @@ for cfg in $(echo "${configs}"); do
1:$CFG_DIR/force-$stage
0:$CFG_DIR/disallow
1:$CFG_DIR/force"
local o
local o_force
local override_file
for o in $(echo "$overrides"); do
o_force=${o%%:*}
override_file=${o#$o_force:}
@ -358,7 +789,7 @@ for cfg in $(echo "${configs}"); do
[ 0 -eq "$ignore_cfg" ] || {
debug "Configuration \"$cfg\" is ignored due to presence of" \
"\"$override_file\"."
continue
return 3
}
# Check model if model filter is enabled
@ -367,29 +798,32 @@ for cfg in $(echo "${configs}"); do
debug "Current CPU model '$cpu_model' doesn't" \
"match configuration CPU model '$cfg_model'," \
"skipping"
continue
return 2
}
fi
# Check paths if model filter is enabled
local cpu_mc_path
local cfg_mc_present
if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then
cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \
"$cpu_vendor" "${cpu_model#* }")"
cfg_mc_present=0
for p in $(printf "%s" "$cfg_path"); do
find "$MC_CAVEATS_DATA_DIR/$cfg" \
/usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \
-path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0 \
| grep -zFxq "$cpu_mc_path" \
| /bin/grep -zFxc "$cpu_mc_path" > /dev/null \
|| continue
cfg_mc_present=1
break
done
[ 1 = "$cfg_mc_present" ] || {
debug "No matching microcode files in '$cfg_path'" \
"for CPU model '$cpu_model', skipping"
continue
return 2
}
fi
@ -399,30 +833,56 @@ for cfg in $(echo "${configs}"); do
debug "Current CPU vendor '$cpu_vendor' doesn't" \
"match configuration CPU vendor '$cfg_vendor'," \
"skipping"
continue
return 2
}
fi
# Check configuration files
ret_cfgs="$ret_cfgs $cfg"
ret_paths="$ret_paths $cfg_path"
skip_cfgs="${skip_cfgs% $cfg}"
# Has to be performed before dependency checks
[ 0 -eq "$force_cfg" ] || {
debug "Checks for configuration \"$cfg\" are ignored due to" \
"presence of \"$override_file\"."
ok_cfgs="$ok_cfgs $cfg"
ok_paths="$ok_paths $cfg_path"
continue
return 0
}
# Check dependencies
# It has to be performed here (before adding configuration
# to $ret_cfgs/$ret_paths) since it may be skipped.
if [ -n "$cfg_dependency" ]; then
dep_line="$(printf "%s\n" "$cfg_dependency" | \
while read -r dep_type dep_name dep_opts
do
[ -n "$dep_type" ] || continue
dep_res=$(check_dependency "$check_level" \
"$dep_type" \
"$dep_name" \
"$dep_opts")
[ 0 != "$dep_res" ] || continue
echo "$dep_res $dep_type $dep_name $dep_opts"
break
done
echo "0 ")"
case "${dep_line%% *}" in
0) ;;
2)
debug "Dependency check '${dep_line#* }'" \
"induced configuration skip"
return 2
;;
*)
debug "Dependency check '${dep_line#* }'" \
"failed (with return code ${dep_line%% *})"
return 1
;;
esac
fi
# Check configuration files
[ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || {
debug "${cfg}: caveat is disabled in configuration"
fail
continue
return 1
}
# Check late load kernel version
@ -430,8 +890,7 @@ for cfg in $(echo "${configs}"); do
check_kver "$kver" $cfg_kvers || {
debug "${cfg}: late load kernel version check for" \
" '$kver' against '$cfg_kvers' failed"
fail
continue
return 1
}
fi
@ -440,17 +899,7 @@ for cfg in $(echo "${configs}"); do
check_kver "$kver" $cfg_kvers_early || {
debug "${cfg}: early load kernel version check for" \
"'$kver' against '$cfg_kvers_early' failed"
fail
continue
}
fi
# Check model blacklist
if [ -n "$cfg_blacklist" ]; then
echo "$cfg_blacklist" | /bin/grep -vqFx "${cpu_model_name}" || {
debug "${cfg}: model '${cpu_model_name}' is blacklisted"
fail
continue
return 1
}
fi
@ -463,15 +912,91 @@ for cfg in $(echo "${configs}"); do
debug "${cfg}: CPU microcode version $cpu_mc_ver" \
"failed check (should be at least" \
"${cfg_mc_min_ver_late})"
fail
continue
return 1
}
fi
ok_cfgs="$ok_cfgs $cfg"
ok_paths="$ok_paths $cfg_path"
# Check PCI devices if model filter is enabled
# Note that the model filter check is done inside check_pci_config_val
# based on the 'mode=' parameter.
if [ -n "$cfg_pci" ]; then
pci_line="$(printf "%s\n" "$cfg_pci" | while read -r pci_line; do
[ -n "$pci_line" ] || continue
pci_res=$(check_pci_config_val "$pci_line" \
"$match_model")
[ 0 != "$pci_res" ] || continue
echo "$pci_res $pci_line"
break
done
echo "0 ")"
[ -z "${pci_line#* }" ] || {
debug "PCI configuration word check '${pci_line#* }'" \
"failed (with return code ${pci_line%% *})"
return 1
}
fi
# Check DMI data if model filter is enabled
# Note that the model filter check is done inside check_dmi_val
# (which returns the value of 'no-model-mode=' parameter
# if it is disenaged).
if [ -n "$cfg_dmi" ]; then
dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
do
[ -n "$dmi_line" ] || continue
dmi_res=$(check_dmi_val "$dmi_line" \
"$match_model")
[ 0 != "$dmi_res" ] || continue
echo "$dmi_res $dmi_line"
break
done
echo "0 ")"
[ -z "${dmi_line#* }" ] || {
debug "DMI data check '${dmi_line#* }'" \
"failed (with return code ${dmi_line%% *})"
return 1
}
fi
return 0
}
for cfg in $(echo "${configs}"); do
if cfg_path=$(check_caveat "$cfg"; exit "$?")
then
ret_cfgs="$ret_cfgs $cfg"
ret_paths="$ret_paths $cfg_path"
ok_cfgs="$ok_cfgs $cfg"
ok_paths="$ok_paths $cfg_path"
else
case "$?" in
1)
ret=1
ret_cfgs="$ret_cfgs $cfg"
ret_paths="$ret_paths $cfg_path"
fail_cfgs="$fail_cfgs $cfg"
fail_paths="$fail_paths $cfg_path"
[ 0 -eq "$print_disclaimers" ] \
|| [ ! -e "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer" ] \
|| /bin/cat "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer"
;;
2|3)
skip_cfgs="$skip_cfgs $cfg";
;;
*)
debug "Unexpected check_caveat return code '$?'" \
"for config '$cfg'"
;;
esac
fi
done
[ 0 -eq "$print_disclaimers" ] || exit 0
echo "cfgs$ret_cfgs"
echo "skip_cfgs$skip_cfgs"
echo "paths$ret_paths"

345
SOURCES/codenames.list Normal file
View File

@ -0,0 +1,345 @@
# format=extended
# SPDX-License-Identifier: CC0-1.0
# Segment; Unused; Codename; Stepping; PF; CPUID; Abbreviation; Variant(s); Families; Models
Server;;Pentium Pro;B0;00;611;;;Pentium Pro;
Server;;Pentium Pro;C0;00;612;;;Pentium Pro;
Server;;Pentium Pro;sA0;00;616;;;Pentium Pro;
Server;;Pentium Pro;sA1;00;617;;;Pentium Pro;
Server;;Pentium Pro;sB1;00;619;;;Pentium Pro;
Desktop;;Klamath (PII);C0;ff;633;;;Pentium II;
Desktop;;Klamath (PII);C1;ff;634;;;Pentium II;
Desktop;;Deschutes SEPP (PII);A0;01;650;;;Celeron;
Mobile;;Deschutes Mini-Cart (PII);A0;02;650;;;Pentium II Mobile;
Server;;Deschutes SECC (PII);A0;04;650;;;Pentium II Xeon;
Mobile;;Deschutes MMC1/MMC2 (PII);A0;08;650;;;Pentium II Mobile;
Mobile;;Deschutes Micro-PGA1 (PII);A0;20;650;;;Pentium II Mobile;
Mobile;;Deschutes (PII);A0;80;650;;;Pentium II Mobile;
Desktop;;Deschutes SECC/SECC2 (PII);A1;01;651;;;Celeron;
Desktop;;Deschutes SEPP (PII);A1;01;651;;;Celeron;
Mobile;;Deschutes Mini-Cart (PII);A1;02;651;;;Pentium II Mobile;
Mobile;;Deschutes MMC1/MMC2 (PII);A1;08;651;;;Pentium II Mobile;
Desktop;;Deschutes SECC/SECC2 (PII);B0;01;652;;;Pentium II;
Mobile;;Deschutes Mini-Cart (PII);B0;02;652;;;Pentium II Mobile;
Server;;Deschutes SECC (PII);B0;04;652;;;Pentium II Xeon;
Mobile;;Deschutes MMC1/MMC2 (PII);B0;08;652;;;Pentium II Mobile;
Desktop;;Deschutes SECC/SECC2 (PII);B1;01;653;;;Pentium II;
Mobile;;Deschutes Mini-Cart (PII);B1;02;653;;;Pentium II Mobile;
Server;;Deschutes SECC (PII);B1;04;653;;;Pentium II Xeon;
Mobile;;Deschutes MMC1/MMC2 (PII);B1;08;653;;;Pentium II Mobile;
Desktop;;Mendocino SEPP (PII);A0;01;660;;;Celeron;
Desktop;;Mendocino PPGA (PII);B0;10;665;;;Celeron;
Mobile;;Dixon Mini-Cart (PII);A1;02;66a;;;Pentium II Mobile;
Mobile;;Dixon MMC1/MMC2 (PII);A1;08;66a;;;Pentium II Mobile, Celeron Mobile;
Mobile;;Dixon Micro-PGA1 (PII);A1;20;66a;;;Pentium II Mobile, Celeron Mobile;
Mobile;;Dixon Mini-Cart (PII);A1;02;66d;;;Pentium II Mobile;
Mobile;;Dixon MMC1/MMC2 (PII);A1;08;66d;;;Pentium II Mobile;
Mobile;;Dixon Micro-PGA1 (PII);A1;20;66d;;;Pentium II Mobile;
Desktop;;Katmai SECC/SECC2 (PIII);B0;01;671;;;Pentium III;
Server;;Tanner SECC (PIII);B0;04;671;;;Pentium III Xeon;
Desktop;;Katmai SECC/SECC2 (PIII);B0;01;672;;;Pentium III;
Server;;Tanner SECC (PIII);B0;04;672;;;Pentium III Xeon;
Desktop;;Katmai SECC/SECC2 (PIII);C0;01;673;;;Pentium III;
Server;;Tanner SECC (PIII);C0;04;673;;;Pentium III Xeon;
Desktop;;Coppermine SECC/SECC2 (PIII);A2;01;681;;;Pentium III;
Server;;Cascades SECC (PIII);A2;04;681;;;Pentium III Xeon;
Mobile;;Coppermine MMC2 (PIII);A2;08;681;;;Pentium III Mobile;
Desktop;;Coppermine FC-PGA (PIII);A2;10;681;;;Pentium III;
Mobile;;Coppermine Micro-PGA2 (PIII);A2;20;681;;;Pentium III Mobile;
Desktop;;Coppermine SECC/SECC2 (PIII);B0;01;683;;;Pentium III;
Server;;Cascades SECC (PIII);B0;04;683;;;Pentium III Xeon;
Mobile;;Coppermine MMC2 (PIII);B0;08;683;;;Pentium III Mobile;
Desktop;;Coppermine FC-PGA (PIII);B0;10;683;;;Pentium III;
Mobile;;Coppermine Micro-PGA2 (PIII);B0;20;683;;;Pentium III Mobile;
Desktop;;Coppermine SECC/SECC2 (PIII);C0;01;686;;;Pentium III;
Mobile;;Coppermine (PIII);C0;02;686;;;Pentium III Mobile;
Server;;Cascades SECC (PIII);C0;04;686;;;Pentium III Xeon;
Mobile;;Coppermine MMC2 (PIII);C0;08;686;;;Pentium III Mobile;
Desktop;;Coppermine FC-PGA (PIII);C0;10;686;;;Pentium III;
Mobile;;Coppermine Micro-PGA2 (PIII);C0;20;686;;;Pentium III Mobile;
Desktop;;Coppermine FC-PGA2 (PIII);C0;20;686;;;Pentium III;
Desktop;;Coppermine (PIII);C0;80;686;;;Pentium III;
Desktop;;Coppermine (PIII);D0;ff;68a;;;Pentium III;
Mobile;;Banias (P-M);B1;b0;695;;;Pentium M, Celeron M;
Server;;Cascades (PIII);A0;04;6a0;;;Pentium III Xeon;
Server;;Cascades (PIII);A1;04;6a1;;;Pentium III Xeon;
Server;;Cascades (PIII);B0;04;6a4;;;Pentium III Xeon;
Desktop;;Tualatin FC-PGA2 (PIII);A0;10;6b0;;;Pentium III;
Desktop;;Tualatin FC-PGA2 (PIII);A1;10;6b1;;;Pentium III;
Mobile;;Tualatin Micro-PGA2 (PIII);A1;20;6b1;;;Pentium III Mobile;
Desktop;;Tualatin FC-PGA2 (PIII);B1;10;6b4;;;Pentium III;
Mobile;;Tualatin Micro-PGA2 (PIII);B1;20;6b4;;;Pentium III Mobile;
Mobile;;Dothan (P-M);B0;20;6d6;;;Pentium M;
Mobile;;Dothan (P-M);C0;20;6d8;;;Pentium M;
Mobile;;Yonah;B0;20;6e4;;;Core Duo, Core Solo;
Mobile;;Yonah;C0;20;6e8;;;Core Duo, Core Solo;
Server;;Sossaman (Yonah);C0;00;6e8;;;Xeon LV;
Mobile;;Yonah;E0;a0;6ec;;;Core Duo, Core Solo;
Server;;Sossaman (Yonah);D0;00;6ec;;;Xeon LV, Xeon ULV;
Mobile;;Yonah;M0;20;6ed;;;Core Duo Mobile;
Desktop;;Conroe (Merom);L2;01;6f2;;;Core2 Duo E4xxx, E6xxx;
Mobile;;Merom;L2;20;6f2;;;Core2 Duo Mobile;
Server;;Conroe Xeon (Merom);L2;01;6f2;;;;Xeon 3040, 3050
Desktop;;Conroe (Merom);B0;01;6f4;;;Core2 Duo E4xxx, E6xxx;
Server;;Woodcrest (Merom);B0;04;6f4;;;Xeon 51xx;
Desktop;;Conroe (Merom);B2;01;6f6;;;Core2 Duo E4xxx, E6xxx;
Mobile;;Merom;B2;20;6f6;;;Core2 Duo Mobile;
Server;;Conroe Xeon (Merom);B2;01;6f6;;;;Xeon 3040, 3050, 3060, 3070
Server;;Woodcrest (Merom);B2;04;6f6;;;;Xeon 5110, 5120, 5130, 5140, 5150, 5160, Xeon LV 5128, 5133, 5138, 5148
Desktop;;Kentsfield (Merom);B3;10;6f7;;;;
Server;;Kentsfield Xeon (Merom);B3;10;6f7;;;;Xeon X3210, X3220
Server;;Clovertown (Merom);B3;40;6f7;;;;Xeon E5310, E5320, E5335, E5345, X5355, X5365, L5310, L5320
Desktop;;Tigerton (Merom);E0;01;6f9;;;;
Mobile;;Merom;E1;80;6fa;;;Core 2 Duo Mobile, Celeron Processor 500;
Desktop;;Conroe (Merom);G0;01;6fb;;;;
Desktop;;Kentsfield (Merom);G0;10;6fb;;;;
Mobile;;Merom;G0;a0;6fb;;;;
Server;;Conroe Xeon (Merom);G0;01;6fb;;;;Xeon 3065, 3075, 3085
Server;;Woodcrest (Merom);G0;04;6fb;;;;Xeon 5110, 5120, 5130, 5140, 5150, 5160, Xeon LV 5113, 5128, 5133, 5138, 5148
Server;;Tigerton (Merom);G0;08;6fb;;;;Xeon E7210, E7220, E7310, E7320, E7330, E7340, X7350, L7345
Server;;Kentsfield Xeon (Merom);G0;10;6fb;;;;Xeon X3210, X3220, X3230
Server;;Clovertown (Merom);G0;40;6fb;;;;Xeon E5310, E5320, E5335, E5345, X5355, X5365, L5310, L5318, L5320, L5335
Desktop;;Conroe (Merom);M0;01;6fd;;;;
Mobile;;Merom;M0;a0;6fd;;;;
Desktop;;Willamette (NetBurst);B2;01;f07;;;Pentium 4 (Socket 423);
Server;;Foster DP (NetBurst);B2;02;f07;;;Pentium 4 Xeon (Socket 603);
Desktop;;Willamette (NetBurst);B2;04;f07;;;Pentium 4 (Willamette, Socket 478);
Desktop;;Willamette (NetBurst);C1;01;f0a;;;Pentium 4 (Socket 423);
Server;;Foster DP (NetBurst);C1;02;f0a;;;Pentium 4 Xeon (Socket 603);
Desktop;;Willamette (NetBurst);C1;04;f0a;;;Pentium 4 (Willamette, Socket 478);
Server;;Foster MP (NetBurst);C0;02;f11;;;Pentium 4 Xeon MP (Socket 603);
Desktop;;Willamette (NetBurst);D0;01;f12;;;Pentium 4 (Socket 423);
Server;;Foster DP (NetBurst);D0;02;f12;;;Pentium 4 Xeon (Socket 603);
Desktop;;Willamette (NetBurst);D0;04;f12;;;Pentium 4 (Willamette, Socket 478);
Desktop;;Willamette (NetBurst);E0;04;f13;;;Pentium 4 (Willamette, Socket 478), Celeron (Willamette, Socket 478);
Server;;Prestonia (NetBurst);A0;02;f22;;;Pentium 4 Xeon MP (Socket 603);
Desktop;;Northwood (NetBurst);B0;04;f24;;;Pentium 4 (Northwood);
Mobile;;Northwood (NetBurst);B0;08;f24;;;Pentium 4-M;
Mobile;;Northwood (NetBurst);B0;10;f24;;;Pentium 4 Mobile;
Server;;Prestonia (NetBurst);B0;02;f24;;;Pentium 4 Xeon (Socket 603/604);
Desktop;;Northwood (NetBurst);B1,M0;14;f25;;;Pentium 4 (Northwood);
Server;;Prestonia (NetBurst);B1,M0;01;f25;;;Pentium 4 Xeon (Socket 603/604);
Server;;Gallatin (NetBurst);B1;02;f25;;;Pentium 4 Xeon (Socket 603/604);
Server;;Gallatin (NetBurst);B1;02;f26;;;Pentium 4 Xeon (Socket 603/604);
Desktop;;Northwood (NetBurst);C1;04;f27;;;Pentium 4 (Northwood), Celeron (Northwood);
Mobile;;Northwood (NetBurst);C1;08;f27;;;Pentium 4-M, Celeron Mobile;
Server;;Prestonia (NetBurst);C1;02;f27;;;Pentium 4 Xeon (Socket 603/604);
Desktop;;Northwood (NetBurst);D1;04;f29;;;Pentium 4 (Northwood), Celeron (Northwood);
Mobile;;Northwood (NetBurst);D1;08;f29;;;Pentium 4-M, Celeron Mobile;
Server;;Prestonia (NetBurst);D1;02;f29;;;Pentium 4 Xeon (Socket 603/604);
Desktop;;Prescott (NetBurst);B1;0d;f32;;;Pentium 4 (Prescott);
Desktop;;Prescott (NetBurst);C0;0d;f33;;;Pentium 4 (Prescott), Celeron D;
Desktop;;Prescott (NetBurst);D0;1d;f34;;;Pentium 4 (Prescott), Celeron D;
Server;;Nocona (NetBurst);D0;1d;f34;;;Pentium 4 (Prescott);
Desktop;;Prescott (NetBurst);E0;bd;f41;;;Pentium 4 (Prescott), Celeron D;
Server;;Protomac (NetBurst);C0;02;f41;;;Pentium 4 Xeon MP (Socket 604);
Server;;Cranford (NetBurst);A0;bd;f41;;;Pentium 4 Xeon MP (Socket 604);
Server;;Nocona (NetBurst);E0;bd;f41;;;Pentium 4 Xeon (Socket 604);
Desktop;;Prescott (NetBurst);N0;9d;f43;;;Pentium 4 (Prescott);
Server;;Irwindale (NetBurst);N0;9d;f43;;;Pentium 4 Xeon (Socket 604);
Desktop;;Smithfield (NetBurst);A0;9d;f44;;;Pentium D 8x0 (Smithfield);
Desktop;;Smithfield (NetBurst);B0;9d;f47;;;Pentium D 8x0 (Smithfield);
Server;;Paxwille (NetBurst);A0;01;f48;;;Pentium 4 Dual-Core Xeon 70xx;
Server;;Paxwille (NetBurst);A0;02;f48;;;Pentium 4 Dual-Core Xeon MP 70xx;
Desktop;;Prescott (NetBurst);G1;bd;f49;;;Pentium 4 (Prescott), Celeron D;
Server;;Cranford (NetBurst);B0;bd;f49;;;Pentium 4 Xeon MP (Socket 604);
Server;;Nocona (NetBurst);G1;bd;f49;;;Pentium 4 Xeon (Socket 604);
Desktop;;Prescott (NetBurst);R0;5c;f4a;;;Pentium 4 (Prescott);
Server;;Irwindale (NetBurst);R0;5d;f4a;;;Pentium 4 Xeon (Socket 604);
Desktop;;Cedar Mill (NetBurst);B1;04;f62;;;;Pentium 4 HT 631, 641, 651, 661
Desktop;;Presler (NetBurst);B1;04;f62;;;;Pentium D 920, 930, 940, 950, Pentium Extreme Edition 955
Desktop;;Cedar Mill (NetBurst);C1;34;f64;;;;Pentium 4 HT 631, 641, 651, 661, Celeron D 347, 352, 356
Desktop;;Presler (NetBurst);C1;34;f64;;;;Pentium D 915, 920, 925, 930, 940, 945, 950, 960, Pentium Extreme Edition 965
Server;;Dempsey (NetBurst);C1;01;f64;;;Xeon 50xx;
Desktop;;Cedar Mill (NetBurst);D0;04;f65;;;;Pentium 4 HT 631, 641, 651, 661, Celeron D 347, 352, 356, 360, 365
Desktop;;Presler (NetBurst);D0;04;f65;;;;Pentium D 915, 925, 935, 945, 950, 960
Server;;Dempsey (NetBurst);D0;01;f65;;;Xeon 50xx;
Server;;Tulsa (NetBurst);B0;22;f68;;;;Xeon 7110N, 7110M, 7120N, 7120M, 7130N, 7130M, 7140N, 7140M, 7150N
Server;;Deschutes (PII);B0;00;01632;;;Pentium II Xeon;
SOC;;Tolapai (P-M);B0;ff;10650;;;;EP80579
Desktop;;Conroe-L (Merom);A1;01;10661;;;;Celeron 220, 420, 430, 440, 450
Mobile;;Merom-L;A1;82;10661;;;;
Desktop;;Wolfdale (Penryn);M0;91;10676;;;;Core2 Duo E7200, E7300, E8190, E8200, E8300, E8400, E8500, Core2 Quad Q9450, Q9550, Core2 Extreme QX9650, QX9770, QX9775
Desktop;;Yorkfield (Penryn);C0;91;10676;;;;Core2 Quad Q9450, Q9550, Core2 Extreme QX9650, QX9770, QX9775
Mobile;;Penryn;C0;91;10676;;;;Core2 Duo E8135, E8235, E8335, E8435, T8100, T8300, T9300, T9400, T9500, T9600, P7350, P7450, P8400, P8600, P9500, SP9300, SP9400, SL9300, SL9380, SL9400, SU9300, SU9400, Core2 Extreme X9000, X9100
Server;;Wolfdale Xeon (Penryn);C0;91;10676;;;;Xeon E3110
Server;;Yorkfield Xeon (Penryn);C0;91;10676;;;;Xeon X3350, X3360
Server;;Wolfdale-DP (Penryn);M0;04;10676;;;;Xeon E5205, E5220, E5240, X5260, X5272
Server;;Harpertown (Penryn);C0;40;10676;;;;Xeon L5408, L5410, L5420, E5405,E5410,E5420,E5430, E5440, E5450, E5462, E5472, X5450, X5460, X5470, X5472, X5482
Desktop;;Yorkfield (Penryn);C1,M1;10;10677;;;Core2 Extreme, Core2 Quad;Core2 Extreme QX9650, QX9770, QX9775, Core2 Quad Q8200, Q8200S, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650
Server;;Yorkfield Xeon (Penryn);C1,M1;10;10677;;;Xeon L33xx, X33xx;Xeon L3360, X3320, X3330, X3350, X3360, X3370, X3380
Desktop;;Wolfdale (Penryn);E0,R0;b1;1067a;;;Core2 Extreme, Core2 Quad, Core2 Duo;Core2 Extreme QX9650, QX9770, QX9775, Core2 Quad Q8200, Q8200S, Q8300, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650, Core2 Duo E7200, E7300, E7400, E7500, E7600, E8190, E8200, E8300, E8400, E8500, E8600, Pentium E5200, E5300, E5400, E5500, E5700, E5800, E6300, E6500, E6500K, E6600, E6700, E6800, Celeron E3200, E3300, E3400, E3500
Mobile;;Wolfdale (Penryn);E0,R0;b1;1067a;;;Core2 Extreme, Core2 Quad, Core2 Duo, Core2 Solo, Pentium T4x00;Core2 Extreme QX9300, X9000, X9100, Core2 Quad Q9000, Q9100, Core2 Duo T6400, T6500, T6670, T8100, T8300, T9300, T9400, T9500, T9550, T9600, T9800, T9900, SU9300, SU9400, SU9600, SP9300, SP9400, SP9600, SL9380, SL9400, SL9600, SL9300, P7350, P7370, P7450, P7550, P7570, P8400, P8600, P8700, P8800, P9500, P9600, P9700, Core2 Solo SU3500, ULV SU3500, ULV SU3300, Pentium T4200, T4300, T4400, T4500, Celeron 900, 925, SU2300, T3100, T3300, T3500, ULV 763, Celeron M Processor ULV 722, ULV 723, ULV 743
Server;;Harpertown (Penryn);E0;44;1067a;;;;Xeon L5408, L5410, L5420, L5430, E5405, E5410, E5420, E5430, E5440, E5450, E5462, E5472, X5450, X5460, X5470, X5492
Server;;Wolfdale-DP (Penryn);E0;44;1067a;;;;Xeon E3110, E3120, E5205, E5220, L3110, L5215, L5240, X5260, X5270, X5272
Dekstop;;Bloomfield (Nehalem);C0;03;106a4;NHM;;Core i7-9xx;
Dekstop;;Bloomfield (Nehalem);D0;03;106a5;NHM;;Core i7-9xx;
Server;;Bloomfield Xeon (Nehalem);D0;03;106a5;NHM;EP,WS;Xeon E/L/X/W55xx;
Mobile;;Silverthorne (Bonnell);C0;01;106c2;;;Intel Atom Z5x0;
Desktop;;Diamondville (Bonnell);C0;04;106c2;;;;Intel Atom 230
Desktop;;Diamondville (Bonnell);C0;08;106c2;;;;Intel Atom 330
Mobile;;Diamondville (Bonnell);C0;04;106c2;;;;Intel Atom N270, N280
Desktop;;Pineview (Bonnell);A0;05;106ca;;;;Intel Atom D410, D425
Desktop;;Pineview (Bonnell);B0;18;106ca;;;;Intel Atom D510, D525
Mobile;;Pineview (Bonnell);A0;05;106ca;;;;Intel Atom N435, N450, N455, N470, N475
Mobile;;Pineview (Bonnell);B0;18;106ca;;;;Intel Atom N550, N570
Server;;Dunnington (Penryn);A1;08;106d1;;;Intel Xeon MP;Intel Xeon E7420, E7430, E7440, E7450, E7458, L7445, X7460
Server;;Jasper Forest (Nehalem);B0;09;106e4;NHM;;;Xeon EC3528, EC3529, EC5509, EC5539, EC5549, LC3518, LC3528, LC5518, LC5528, Celeron P1053
Dekstop;;Lynnfield (Nehalem);B1;13;106e5;NHM;;Core i7-8xx, i5-7xx;
Mobile;;Clarksfield (Nehalem);B1;13;106e5;NHM;;Core i7-9xxXM, i7-8xxQM, i7-7xxQM;
Server;;Lynnfield Xeon (Nehalem);B1;13;106e5;NHM;;Xeon L3426, X24xx;
Desktop;;Westmere;K0,C2;12;20652;WSM;;Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeon P45xx/U3xxx;
Mobile;;Westmere;K0,C2;12;20652;WSM;;Core i7-6xxM, i5-6xxM/4xxM, i3-5xxM/3xxM;
Server;;Westmere;K0,C2;12;20652;WSM;;Xeon L3406;
Desktop;;Clarkdale (Westmere);K0;92;20655;WSM;;Core i7-6xxE/LE/UE, i5-5xxE, i3-3xxE;
Mobile;;Arrandale (Westmere);K0;92;20655;WSM;;Core i7-6xxM/LM/UM, i5-5xxM/UM, i3-3xxM/UM, Pentium Mobile P6xxx/U5xxx, Celeron Mobile P4xxx/U3xxx;
SOC;;Lincroft (Bonnell);C0;01;20661;;;;Intel Atom Z600, Z605, Z610, Z612, Z615, Z620, Z625, Z650, Z670
SOC;;Tunnell Creek (Bonnell);B0,B1;02;20661;;;;Intel Atom E620, E620T, E640, E640T, E660, E660T, E680, E680T
Desktop;;Sandy Bridge;D2,J1,Q0;12;206a7;SNB;;Core Gen2;
Mobile;;Sandy Bridge;D2,J1,Q0;12;206a7;SNB;;Core Gen2 Mobile;
Server;;Sandy Bridge;D2,Q0;12;206a7;SNB;Xeon E3;Xeon E3;
Desktop;;Gulftown (Westmere);B1;03;206c2;WSM;;;Core i7-970/980/980X/990X
Server;;Westmere-EP;B1;03;206c2;WSM;EP;Xeon E/L/X56xx;
Server;;Westmere-WS;B1;03;206c2;WSM;WS;Xeon W36xx;
Desktop;;Sandy Bridge;C1,M0;6d;206d6;SNB;E;Core i7-39xx, i7-38xx;
Server;;Sandy Bridge;C1,M0;6d;206d6;SNB;EN,EP;Xeon E5;
Desktop;;Sandy Bridge;C2,M1;6d;206d7;SNB;E;Core i7-39xx, i7-38xx;
Server;;Sandy Bridge;C2,M1;6d;206d7;SNB;EN,EP;Xeon E5;
Server;;Nehalem;D0;04;206e6;NHM;EX;Xeon E/L/X65xx/75xx;
Server;;Westmere-EX;A2;05;206f2;WSM;EX;Xeon E7;
SOC;;Valleyview;C0;02;30678;VLV;;Atom Z36xx, Z37xx, Z38xx, Z39xx;
SOC;;Valleyview;C0;0C;30678;VLV;;Celeron N2xxx, Pentium N35xx;
SOC;;Valleyview;D0;0F;30679;VLV;;Atom E38xx;
Desktop;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Core Gen3;
Mobile;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Core Gen3 Mobile;
Server;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Xeon E3 v2;
Desktop;;Haswell;Cx,Dx;32;306c3;HSW;S;Core Gen4;
Mobile;;Haswell;Cx,Dx;32;306c3;HSW;H;Core Gen4 Mobile;
Server;;Haswell;Cx,Dx;32;306c3;HSW;Xeon E3;Xeon E3 v3;
Mobile;;Broadwell;E0,F0;c0;306d4;BDW;U,Y;Core Gen5 Mobile;
Desktop;;Ivy Bridge;S1;ed;306e4;IVB;E;Core-i7 49xx/48xx;Core i7-4960X/4930K/4820K
Server;;Ivy Bridge;C0,C1,M1,S1;ed;306e4;IVB;EP;Xeon E5 v2;
Server;;Ivy Bridge;;ed;306e6;IVB;EX;Xeon E7 v2 ES;
Server;;Ivy Bridge;D1;ed;306e7;IVB;EX;Xeon E7 v2;
Desktop;;Haswell;C0,C1,M1,R2;6f;306f2;HSX;E;Core i7-59xx/58xx;
Server;;Haswell;C0,C1,M1,R2;6f;306f2;HSX;EN,EP,EP 4S;Xeon E5 v3;
Server;;Haswell;E0;80;306f4;HSX;EX;Xeon E7 v3;
Mobile;;Haswell;Cx,Dx;72;40651;HSW;U;Core Gen4 Mobile;
Desktop;;Broadwell;E0,G0;22;40671;BDW;S;Core Gen5;
Mobile;;Broadwell;E0,G0;22;40671;BDW;H;Core Gen5 Mobile;
Server;;Broadwell;E0,G0;22;40671;BDW;Xeon E3;Xeon E3 v4;
Desktop;;Haswell;Cx,Dx;32;40661;HSW;R;Core Gen4;
Mobile;;Haswell;Cx,Dx;32;40661;HSW;H;Core Gen4 Mobile;
SOC;;Cherry View;C0;01;406c3;CHV;;Atom x5-Zxxxx;
SOC;;Cherry View;D0;01;406c4;CHV;;Celeron Jxxxx, N3xxx, Pentium J3xxx, N3xxx, Atom x5-E8000;
SOC;;Avoton;B0,C0;01;406d8;AVN;;Atom C2xxx;
Mobile;;Skylake;D0;c0;406e3;SKL;U,Y;Core Gen6 Mobile;
Mobile;;Skylake;K1;c0;406e3;SKL;U 2+3e;Core Gen6 Mobile;
Desktop;;Broadwell;B0,M0,R0;ef;406f1;BDX;E;Core i7-69xx/68xx;
Server;;Broadwell;B0,M0,R0;ef;406f1;BDX;EP,EX;Xeon E5/E7 v4;
Server;;Broadwell;B0,M0,R0;ef;406f1;BDX;ML;Xeon E5/E7 v4;
Server;;Skylake;B1;97;50653;SKX;SP;Xeon Scalable;
Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX;
Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable;
Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx;
Server;;Cascade Lake;A0;b7;50655;CLX;SP;Xeon Scalable Gen2;
Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2;
Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;;
Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2;
Server;;Cascade Lake;B1,L1;bf;50657;CLX;W;;Xeon W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223
Server;;Cooper Lake;A1;bf;5065b;CPX;SP;Xeon Scalable Gen3;
Server;;Broadwell;V1;10;50662;BDX;DE;;Xeon D-1520/40
Server;;Broadwell;V2,V3;10;50663;BDX;DE;;Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
Server;;Broadwell;Y0;10;50664;BDX;DE;;Xeon D-1557/59/67/71/77/81/87
Server;;Broadwell;A0,A1;10;50665;BDX;NS;;Xeon D-1513N/23/33/43/53
Server;;Hewitt Lake (Broadwell);A1;10;50665;HWL;;;Xeon D-1602/22/23N/27/33N/37/49N/53N
Server;;Knights Landing;B0;78;50671;KNL;;Xeon Phi x200;Xeon Phi 7210, 7210F, 7230, 7230F, 7250, 7250F, 7290, 7290F
SOC;;Broxton;C0;01;506c2;BXT;;Atom T5500/5700
SOC;;Apollo Lake;D0;03;506c9;APL;;Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx;
SOC;;Apollo Lake;B1,F1;03;506ca;APL;;Atom 3900 Series;Atom x5-E3930, x5-E3940, x7-E3950
Desktop;;Skylake;N0,R0,S0;36;506e3;SKL;S;Core Gen6;
Mobile;;Skylake;N0,R0,S0;36;506e3;SKL;H;Core Gen6 Mobile;
Server;;Skylake;N0,R0,S0;36;506e3;SKL;Xeon E3;Xeon E3 v5;
SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx;
SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272
Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile;
Server;;Ice Lake;C0;87;606a5;ICX;SP;Xeon Scalable Gen3;
Server;;Ice Lake;D0;87;606a6;ICX;SP;Xeon Scalable Gen3;
Server;;Ice Lake;B0;10;606c1;ICL;D;;Xeon D-17xx, D-27xx
SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100
SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile;
Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295
SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB;
SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB;
SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB;
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile;
Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile;
Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile;
Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile;
Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile;
Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile;
Mobile;;Coffee Lake;D0;c0;806ea;CFL;U 4+3e;Core Gen8 Mobile;
Mobile;;Kaby Lake;Y0;c0;806ea;KBL;R;Core Gen8 Mobile;
Mobile;;Amber Lake;V0;94;806ec;AML;Y 4+2;Core Gen10 Mobile;
Mobile;;Comet Lake;V0;94;806ec;CML;U 4+2;Core Gen10 Mobile;
Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile;
Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile;
Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile;
Server;;Sapphire Rapids;E0,S1;87;806f4;SPR;SP;Xeon Scalable Gen4;
Server;;Sapphire Rapids;B1;10;806f5;SPR;HBM;Xeon Max;
Server;;Sapphire Rapids;E2;87;806f5;SPR;SP;Xeon Scalable Gen4;
Server;;Sapphire Rapids;E3;87;806f6;SPR;SP;Xeon Scalable Gen4;
Server;;Sapphire Rapids;E4,S2;87;806f7;SPR;SP;Xeon Scalable Gen4;
Server;;Sapphire Rapids;B3;10;806f8;SPR;HBM;Xeon Max;
Server;;Sapphire Rapids;E5,S3;87;806f8;SPR;SP;Xeon Scalable Gen4;
SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E;
Desktop;;Alder Lake;C0;02;90672;ADL;S 8+8;Core Gen12;
Mobile;;Alder Lake;C0;03;90672;ADL;HX;Core Gen12 Mobile;
Desktop;;Alder Lake;K0;01;90675;ADL;S 6+0;Core Gen12;
Mobile;;Alder Lake;L0;82;906a3;ADL;P 6+8;Core Gen12 Mobile;
Mobile;;Alder Lake;R0;80;906a3;ADL;U 9W;Core Gen12 Mobile;
Mobile;;Arizona Beach;A0;40;906a4;AZB;;;Intel(R) Atom(R) C1100
Mobile;;Alder Lake;R0;82;906a4;ADL;P 2+8;Core Gen12 Mobile;
Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7;
Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile;
Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6;
Desktop;;Coffee Lake;U0;22;906ea;CFL;S;Core Gen8 Desktop;
Mobile;;Coffee Lake;U0;22;906ea;CFL;H;Core Gen8 Mobile;
Server;;Coffee Lake;U0;22;906ea;CFL;Xeon E;Xeon E;
Desktop;;Coffee Lake;B0;02;906eb;CFL;S;Core Gen8 Desktop;
Mobile;;Coffee Lake;B0;02;906eb;CFL;H;Core Gen8 Mobile;
Server;;Coffee Lake;B0;02;906eb;CFL;E;Xeon E;
Desktop;;Coffee Lake;P0;22;906ec;CFL;S;Core Gen9 Desktop;
Mobile;;Coffee Lake;P0;22;906ec;CFL;H;Core Gen9 Mobile;
Server;;Coffee Lake;P0;22;906ec;CFL;Xeon E;Xeon E;
Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop;
Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile;
Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E;
SOC;;Jasper Lake;A0,A1;01;906c0;JSL;;Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105;
Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile;
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
Mobile;;Comet Lake;K1;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11;
Desktop;;Raptor Lake;B0;32;b0671;RPL;S;Core Gen13;
Mobile;;Raptor Lake;J0;e0;b06a2;RPL;P 6+8,H 6+8;Core Gen13;
Mobile;;Raptor Lake;Q0;e0;b06a3;RPL;U 2+8;Core Gen13;
SOC;;Alder Lake;A0;01;b06e0;ADL;N;;Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
Desktop;;Alder Lake;C0;03;b06f2;ADL;;Core Gen12;
Desktop;;Alder Lake;C0;03;b06f5;ADL;;Core Gen12;
# sources:
# https://en.wikichip.org/wiki/intel/cpuid
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/include/asm/intel-family.h
# releasenote from microcode releases
# https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
# https://en.wikipedia.org/wiki/Cascade_Lake_(microarchitecture)
# https://en.wikipedia.org/wiki/List_of_Intel_Broadwell-based_Xeon_microprocessors
# https://github.com/InstLatx64/InstLatx64
# https://fossies.org/linux/cpuid/cpuid.c
# https://software.intel.com/content/www/us/en/develop/articles/intel-architecture-and-processor-identification-with-cpuid-model-and-family-numbers.html
# http://ixbtlabs.com/articles/cpuerrata/index.html
# http://bios.rom.by/ROMutils/BIOS_Patcher/ALLCODES.TXT

126
SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
View File

@ -13,6 +13,7 @@ install() {
local DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
local CFG_DIR="/etc/microcode_ctl/ucode_with_caveats"
local check_caveats=/usr/libexec/microcode_ctl/check_caveats
local fw_path_para=$(< /sys/module/firmware_class/parameters/path)
local verbose_opt
local cc_out
@ -36,40 +37,22 @@ install() {
}
# Reset fw_dir to avoid inclusion of kernel-version-specific directories
# populated with microcode for the late load
[ "x$fw_dir" != \
"x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" ] || {
# populated with microcode for the late load, only in case it is set
# to the default value to avoid meddling with user-enforced changes.
# The second variant has been introduced in dracut-057~5.
[ \( "x$fw_dir" != \
"x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" \) -a \
\( "x$fw_dir" != \
"x${fw_path_para:+$fw_path_para }/lib/firmware/updates/$kernel /lib/firmware/updates /lib/firmware/$kernel /lib/firmware" \) ] || {
fw_dir="/lib/firmware/updates /lib/firmware"
dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\""
}
while read -d "/" -r i; do
fw_dir_add=""
while read -d $'\n' -r i; do
dinfo " microcode_ctl: processing data directory " \
"\"$DATA_DIR/$i\"..."
if ! cc_out=$($check_caveats -e -k "$kernel" -c "$i" $verbose_opt)
then
dinfo " microcode_ctl: kernel version \"$kernel\"" \
"failed early load check for \"$i\", skipping"
continue
fi
path=$(printf "%s" "$cc_out" | sed -n 's/^paths //p')
[ -n "$path" ] || {
ignored=$(printf "%s" "$cc_out" | \
sed -n 's/^skip_cfgs //p')
if [ -n "$ignored" ]; then
dinfo " microcode_ctl: configuration" \
"\"$i\" is ignored"
else
dinfo " microcode_ctl: no microcode paths" \
"are associated with \"$i\", skipping"
fi
continue
}
if [ "x" != "x$hostonly" ]; then
do_skip_host_only=0
@ -91,60 +74,42 @@ install() {
do_skip_host_only=1
fi
if [ 0 -eq "$do_skip_host_only" ]; then
local hostonly_passed=0
local ucode
local uvendor
local ucode_dir=""
match_model_opt=""
[ 1 = "$do_skip_host_only" ] || match_model_opt="-m"
ucode=$(get_ucode_file)
uvendor=$(get_cpu_vendor)
case "$uvendor" in
Intel)
ucode_dir="intel-ucode"
;;
AMD)
ucode_dir="amd-ucode"
;;
*)
dinfo " microcode_ctl: unknown CPU" \
"vendor: \"$uvendor\", bailing out of" \
"Host-Only check"
continue
;;
esac
# $path is a list of globs, so it needs special care
for p in $(printf "%s" "$path"); do
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
-print0 \
| grep -zFxq \
"$DATA_DIR/$i/$ucode_dir/$ucode" \
|| continue
dinfo " microcode_ctl: $i: Host-Only" \
"mode is enabled and" \
"\"$ucode_dir/$ucode\" matches \"$p\""
hostonly_passed=1
break
done
[ 1 -eq "$hostonly_passed" ] || {
dinfo " microcode_ctl: $i: Host-Only mode" \
"is enabled and ucode name does not" \
"match the expected one, skipping" \
"caveat (\"$ucode\" not in \"$path\")"
continue
}
if ! cc_out=$($check_caveats -e -k "$kernel" -c "$i" \
$verbose_opt $match_model_opt)
then
dinfo " microcode_ctl: kernel version \"$kernel\"" \
"failed early load check for \"$i\", skipping"
continue
fi
path=$(printf "%s" "$cc_out" | sed -n 's/^paths //p')
[ -n "$path" ] || {
ignored=$(printf "%s" "$cc_out" | \
sed -n 's/^skip_cfgs //p')
if [ -n "$ignored" ]; then
dinfo " microcode_ctl: configuration" \
"\"$i\" is ignored"
else
dinfo " microcode_ctl: no microcode paths" \
"are associated with \"$i\", skipping"
fi
continue
}
dinfo " microcode_ctl: $i: caveats check for kernel" \
"version \"$kernel\" passed, adding" \
"\"$DATA_DIR/$i\" to fw_dir variable"
fw_dir="$DATA_DIR/$i $fw_dir"
if [ 0 -eq "$do_skip_host_only" ]; then
fw_dir_add="$DATA_DIR/$i "
else
fw_dir_add="$DATA_DIR/$i $fw_dir_add"
fi
# The list of directories is reverse-sorted in order to preserve the
# "last wins" policy in case of presence of multiple microcode
# revisions.
@ -153,11 +118,20 @@ install() {
# but since the microcode search is done with the "first wins" policy
# by the (early) microcode loading code, the correct microcode revision
# still has to be picked.
#
# Note that dracut without patch [1] puts only the last directory
# in the early cpio; we try to address this by putting only the last
# matching caveat in the search path, but that workaround works only
# for host-only mode; non-host-only mode early cpio generation is still
# broken without that patch.
#
# [1] https://github.com/dracutdevs/dracut/commit/c44d2252bb4b
done <<-EOF
$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/" \
| sort -r)
$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f\n" \
| LC_ALL=C sort)
EOF
fw_dir="${fw_dir_add}${fw_dir}"
dinfo " microcode_ctl: final fw_dir: \"${fw_dir}\""
}

128
SOURCES/gen_provides.sh
View File

@ -1,4 +1,4 @@
#! /bin/bash -efux
#! /bin/bash -efu
# Generator of RPM "Provides:" tags for Intel microcode files.
#
@ -21,31 +21,75 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
ucode_fname="$ucode_caveat/$ucode"
file_sz="$(stat -c "%s" "$f")"
skip=0
ext_hdr=0
ext_sig_cnt=0
ext_sig_pos=0
next_skip=0
# Microcode header format description:
# https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c
while :; do
[ "$skip" -lt "$file_sz" ] || break
# Microcode header format description:
# https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c
IFS=' ' read hdrver rev \
date_y date_d date_m \
cpuid cksum ldrver \
pf_mask datasz totalsz <<- EOF
$(dd if="$f" bs=1 skip="$skip" count=36 status=none \
| hexdump -e '"" 1/4 "%u " 1/4 "%#x " \
1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"')
EOF
# Do we parse ext_sig table or another microcode header?
if [ 0 != "$next_skip" ]; then
# Check whether we should abort ext_sig table parsing
[ \( "${skip}" -lt "${next_skip}" \) -a \
\( "${ext_sig_pos}" -lt "${ext_sig_cnt}" \) ] || {
skip="${next_skip}"
next_skip=0
continue
}
[ 0 != "$datasz" ] || datasz=2000
[ 0 != "$totalsz" ] || totalsz=2048
# ext_sig, 12 bytes in size
IFS=' ' read cpuid pf_mask <<- EOF
$(hexdump -s "$skip" -n 8 \
-e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f")
EOF
# TODO: add some sanity/safety checks here. As of now, there's
# a (pretty fragile) assumption that all the matched files
# are valid Intel microcode files in the expected format.
skip="$((skip + 12))"
ext_sig_pos="$((ext_sig_pos + 1))"
else
# Microcode header, 48 bytes, last 3 fields reserved
IFS=' ' read hdrver rev \
date_y date_d date_m \
cpuid cksum ldrver \
pf_mask datasz totalsz <<- EOF
$(hexdump -s "$skip" -n 36 \
-e '"" 1/4 "%u " 1/4 "%#x " \
1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
EOF
skip=$((skip + totalsz))
[ 0 != "$datasz" ] || datasz=2000
[ 0 != "$totalsz" ] || totalsz=2048
# TODO: add some sanity/safety checks here. As of now,
# there's a (pretty fragile) assumption that all
# the matched files are valid Intel microcode
# files in the expected format.
# ext_sig table is after the microcode payload,
# check for its presence
if [ 48 -lt "$((totalsz - datasz))" ]; then
next_skip="$((skip + totalsz))"
skip="$((skip + datasz + 48))"
ext_sig_pos=0
# ext_sig table header, 20 bytes in size,
# last 3 fields are reserved.
IFS=' ' read ext_sig_cnt <<- EOF
$(hexdump -s "$skip" -n 4 \
-e '"" 1/4 "%u" "\n"' "$f")
EOF
skip="$((skip + 20))"
else
skip="$((skip + totalsz))"
next_skip=0
fi
fi
#[ -n "$rev" ] || continue
@ -83,23 +127,41 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
# Generate tags with codename information, in case
# it is available
cpuid_up="$(echo "$cpuid" | tr 'a-z' 'A-Z')"
if [ -e "$CODENAMES" ]; then
grep ' '"$cpuid_up"' ' "$CODENAMES" \
| while IFS=$'\t' read segm int_fname codename stepping candidate_pf rest; do
cpuid_up="$(echo "$cpuid" | tr 'a-z' 'A-Z')"
cpuid_short="$(printf "%x" "0x$cpuid")"
(grep ' '"$cpuid_up"' ' "$CODENAMES" || :; grep ';'"$cpuid_short"';' "$CODENAMES" || :) \
| while IFS=$';\t' read segm int_fname codename stepping candidate_pf cpuid_cn cname variants rest; do
[ "x${segm###}" = "x$segm" ] || continue
[ -n "${segm}" ] || continue
codename=$(echo "$codename" | tr ' (),' '_[];')
candidate_pf=$(printf "%u" "0x${candidate_pf}")
[ \( 0 -ne "$pf_mask" \) -a \
\( "$candidate_pf" -ne "$((candidate_pf & pf_mask))" \) ] || { \
printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \
"$ucode_fname" "$cpuid" "$pf_mask" \
"$segm" "$codename" "$stepping" "$candidate_pf" \
"$rev";
printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \
"$ucode_fname" "$cpuid" "$pf_mask" \
"$segm" "$codename" "$stepping" "$candidate_pf" \
"$date_y" "$date_m" "$date_d";
}
(IFS=','; for s in $stepping; do
[ \( 0 -ne "$pf_mask" \) -a \
\( 0 -eq "$((candidate_pf & pf_mask))" \) ] || { \
printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \
"$ucode_fname" "$cpuid" "$pf_mask" \
"$segm" "$codename" "$s" "$candidate_pf" \
"$rev";
printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \
"$ucode_fname" "$cpuid" "$pf_mask" \
"$segm" "$codename" "$s" "$candidate_pf" \
"$date_y" "$date_m" "$date_d";
if [ "$cpuid_short" = "$cpuid_cn" -a -n "$variants" ]; then
(IFS=','; for v in $variants; do
v=$(echo "$v" | tr ' (),' '_[];')
printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s_%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \
"$ucode_fname" "$cpuid" "$pf_mask" \
"$segm" "$codename" "$v" "$s" "$candidate_pf" \
"$rev";
printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s_%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \
"$ucode_fname" "$cpuid" "$pf_mask" \
"$segm" "$codename" "$v" "$s" "$candidate_pf" \
"$date_y" "$date_m" "$date_d";
done)
fi
}
done)
done
fi

999
SOURCES/gen_updates2.py Executable file
View File

@ -0,0 +1,999 @@
#! /usr/bin/python
# SPDX-License-Identifier: CC0-1.0
import argparse
import errno
import fnmatch
import io
import itertools
import os
import re
import shutil
import struct
import sys
import tarfile
import tempfile
from subprocess import PIPE, Popen, STDOUT
# Python 3 shims
try:
from functools import reduce
except:
pass
try:
from itertools import zip_longest as izip_longest
except:
from itertools import izip_longest
# revs:
# [ { "path", "cpuid", "pf", "rev", "date" } ]
# artifacts:
# * content summary (per-file)
# * overlay summary (per-fms/pf)
# * changelog (per-file?)
# * discrepancies (per-fms/pf)
log_level = 0
print_date = False
file_glob = ["*??-??-??", "*microcode*.dat"]
def log_status(msg, level=0):
global log_level
if log_level >= level:
sys.stderr.write(msg + "\n")
def log_info(msg, level=2):
global log_level
if log_level >= level:
sys.stderr.write("INFO: " + msg + "\n")
def log_warn(msg, level=1):
global log_level
if log_level >= level:
sys.stderr.write("WARNING: " + msg + "\n")
def log_error(msg, level=-1):
global log_level
if log_level >= level:
sys.stderr.write("ERROR: " + msg + "\n")
def remove_prefix(text, prefix):
if isinstance(prefix, str):
prefix = [prefix, ]
for p in prefix:
pfx = p if p.endswith(os.sep) else p + os.sep
if text.startswith(pfx):
return text[len(pfx):]
return text
def file_walk(args, yield_dirs=False):
for content in args:
if os.path.isdir(content):
if yield_dirs:
yield ("", content)
for root, dirs, files in os.walk(content):
if yield_dirs:
for f in dirs:
p = os.path.join(root, f)
yield (remove_prefix(p, content), p)
for f in files:
p = os.path.join(root, f)
yield (remove_prefix(p, content), p)
elif os.path.exists(content):
yield ("", content)
else:
raise IOError(errno.ENOENT, os.strerror(errno.ENOENT), content)
def cpuid_fname(c):
# Note that the Extended Family is summed up with the Family,
# while the Extended Model is concatenated with the Model.
return "%02x-%02x-%02x" % (
((c >> 20) & 0xff) + ((c >> 8) & 0xf),
((c >> 12) & 0xf0) + ((c >> 4) & 0xf),
c & 0xf)
def read_revs_dir(path, args, src=None, ret=None):
if ret is None:
ret = []
ucode_re = re.compile('[0-9a-f]{2}-[0-9a-f]{2}-0[0-9a-f]$')
ucode_dat_re = re.compile('microcode.*\.dat$')
for rp, ap in file_walk([path, ]):
rp_fname = os.path.basename(rp)
if not ucode_re.match(rp_fname) and not ucode_dat_re.match(rp_fname):
continue
# Text-based format
data = None
if ucode_dat_re.match(rp_fname):
data = io.BytesIO()
with open(ap, "r") as f:
for line in f:
if line.startswith("/"):
continue
vals = line.split(",")
for val in vals:
val = val.strip()
if not val:
continue
data.write(struct.pack("<I", int(val, 16)))
sz = data.seek(0, os.SEEK_CUR)
data.seek(0, os.SEEK_SET)
else:
sz = os.stat(ap).st_size
try:
with data or open(ap, "rb") as f:
log_info("Processing %s" % ap)
offs = 0
while offs < sz:
f.seek(offs, os.SEEK_SET)
hdr = struct.unpack("IiIIIIIIIIII", f.read(48))
ret.append({"path": rp, "src": src or path,
"cpuid": hdr[3], "pf": hdr[6], "rev": hdr[1],
"date": hdr[2], "offs": offs, "cksum": hdr[4],
"data_size": hdr[7], "total_size": hdr[8]})
if hdr[8] and hdr[8] - hdr[7] > 48:
f.seek(hdr[7], os.SEEK_CUR)
ext_tbl = struct.unpack("IIIII", f.read(20))
log_status("Found %u extended signatures for %s:%#x" %
(ext_tbl[0], rp, offs), level=1)
cur_offs = offs + hdr[7] + 48 + 20
ext_sig_cnt = 0
while cur_offs < offs + hdr[8] \
and ext_sig_cnt <= ext_tbl[0]:
ext_sig = struct.unpack("III", f.read(12))
ignore = args.ignore_ext_dups and \
(ext_sig[0] == hdr[3])
if not ignore:
ret.append({"path": rp, "src": src or path,
"cpuid": ext_sig[0],
"pf": ext_sig[1],
"rev": hdr[1], "date": hdr[2],
"offs": offs, "ext_offs": cur_offs,
"cksum": hdr[4],
"ext_cksum": ext_sig[2],
"data_size": hdr[7],
"total_size": hdr[8]})
log_status(("Got ext sig %#x/%#x for " +
"%s:%#x:%#x/%#x%s") %
(ext_sig[0], ext_sig[1],
rp, offs, hdr[3], hdr[6],
" (ignored)" if ignore else ""),
level=2)
cur_offs += 12
ext_sig_cnt += 1
offs += hdr[8] or 2048
except Exception as e:
log_error("a problem occurred while processing %s: %s" % (ap, e),
level=1)
return ret
def read_revs_rpm(path, args, ret=None):
if ret is None:
ret = []
dir_tmp = tempfile.mkdtemp()
log_status("Trying to extract files from RPM \"%s\"..." % path,
level=1)
rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE,
close_fds=True)
cpio = Popen(args=["cpio", "-idmv"] + file_glob,
cwd=dir_tmp, stdin=rpm2cpio.stdout,
stdout=PIPE, stderr=STDOUT)
out, cpio_stderr = cpio.communicate()
rpm2cpio_out, rpm2cpio_err = rpm2cpio.communicate()
rpm2cpio_ret = rpm2cpio.returncode
cpio_ret = cpio.returncode
log_info("rpm2cpio exit code: %d, cpio exit code: %d" %
(rpm2cpio_ret, cpio_ret))
if rpm2cpio_err:
log_info("rpm2cpio stderr:\n%s" % rpm2cpio_err, level=3)
if out:
log_info("cpio output:\n%s" % out, level=3)
if cpio_stderr:
log_info("cpio stderr:\n%s" % cpio_stderr, level=3)
if rpm2cpio_ret == 0 and cpio_ret == 0:
ret = read_revs_dir(dir_tmp, args, path)
shutil.rmtree(dir_tmp)
return ret
def read_revs_tar(path, args, ret=None):
if ret is None:
ret = []
dir_tmp = tempfile.mkdtemp()
log_status("Trying to extract files from tarball \"%s\"..." % path,
level=1)
try:
with tarfile.open(path, "r:*") as tar:
for ti in tar:
if any(fnmatch.fnmatchcase(ti.name, p) for p in file_glob):
d = os.path.normpath(os.path.join("/",
os.path.dirname(ti.name)))
# For now, strip exactl one level
d = os.path.join(*(d.split(os.path.sep)[2:]))
n = os.path.join(d, os.path.basename(ti.name))
if not os.path.exists(d):
os.makedirs(d)
t = tar.extractfile(ti)
with open(n, "wb") as f:
shutil.copyfileobj(t, f)
t.close()
ret = read_revs_dir(dir_tmp, args, path)
except Exception as err:
log_error("Error while reading \"%s\" as a tarball: \"%s\"" %
(path, str(err)))
shutil.rmtree(dir_tmp)
return ret
def read_revs(path, args, ret=None):
if ret is None:
ret = []
if os.path.isdir(path):
return read_revs_dir(path, args, ret)
elif tarfile.is_tarfile(path):
return read_revs_tar(path, args, ret)
else:
return read_revs_rpm(path, args, ret)
def gen_mc_map(mc_data, merge=False, merge_path=False):
"""
Converts an array of microcode file information to a map with path/sig/pf
as a key.
merge: whether to leave only the newest mc variant in the map or leave all
possible variants.
"""
res = dict()
for mc in mc_data:
key = (None if merge_path else mc["path"], mc["cpuid"], mc["pf"])
if key not in res:
res[key] = dict()
cpuid = mc["cpuid"]
cur_pf = mc["pf"]
pid = 1
while cur_pf > 0:
if cur_pf & 1 and not (merge and pid in res[key]
and res[key][pid]["rev"][0] >= mc["rev"]):
if pid not in res[cpuid] or merge:
res[cpuid][pid] = []
res[cpuid][pid].append(mc)
cur_pf = cur_pf / 2
pid = pid * 2
return res
def gen_fn_map(mc_data, merge=False, merge_path=False):
res = dict()
for mc in mc_data:
key = (None if merge_path else mc["path"], mc["cpuid"], mc["pf"])
if key in res:
log_warn("Duplicate path/cpuid/pf: %s/%#x/%#x" % key)
else:
res[key] = []
if merge and len(res[key]):
if mc["rev"] > res[key][0]["rev"]:
res[key][0] = mc
else:
res[key].append(mc)
return res
def revcmp(a, b):
return b["rev"] - a["rev"]
class ChangeLogEntry:
ADDED = 0
REMOVED = 1
UPDATED = 2
DOWNGRADED = 3
OTHER = 4
def mc_stripped_path(mc):
paths = ("usr/share/microcode_ctl/ucode_with_caveats/intel",
"usr/share/microcode_ctl/ucode_with_caveats",
"usr/share/microcode_ctl",
"lib/firmware",
"etc/firmware",
)
return remove_prefix(mc["path"], paths)
class mcnm:
MCNM_ABBREV = 0
MCNM_FAMILIES = 1
MCNM_MODELS = 2
MCNM_FAMILIES_MODELS = 3
MCNM_CODENAME = 4
def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True,
segment=False):
if not isinstance(mc, dict):
mc = mc_from_mc_key(mc)
sig = mc["cpuid"]
pf = mc["pf"]
res = []
if not cmap:
return None
if sig not in cmap:
log_info("No codename information for sig %#x" % sig)
return None
cnames = cmap[sig]
if mode in (mcnm.MCNM_FAMILIES, mcnm.MCNM_MODELS,
mcnm.MCNM_FAMILIES_MODELS):
for c in cnames:
if not (pf & c["pf_mask"]):
continue
for m, f in ((mcnm.MCNM_FAMILIES, "families"),
(mcnm.MCNM_MODELS, "models")):
if m & mode == 0:
continue
if f not in c or not c[f]:
log_info("No %s for sig %#x in %r" % (f, sig, c))
continue
res.append(c[f])
return ", ".join(res) or None
steppings = dict()
suffices = dict()
for c in cnames:
if pf and not (pf & c["pf_mask"]):
continue
if mode == mcnm.MCNM_ABBREV and "abbrev" in c and c["abbrev"]:
cname = c["abbrev"]
else:
cname = c["codename"]
if segment:
cname = c["segment"] + " " + cname
if cname not in suffices:
suffices[cname] = set()
if "variant" in c and c["variant"]:
suffices[cname] |= set(c["variant"])
if cname not in steppings:
steppings[cname] = set()
if c["stepping"]:
steppings[cname] |= set(c["stepping"])
for cname in sorted(steppings.keys()):
cname_res = [cname]
if len(suffices[cname]):
cname_res[0] += "-" + "/".join(sorted(suffices[cname]))
if len(steppings[cname]):
cname_res.append("/".join(sorted(steppings[cname])))
res.append(" ".join(cname_res) if stringify else cname_res)
return (", ".join(res) or None) if stringify else res
def mc_from_mc_key(k):
return dict(zip(("path", "cpuid", "pf"), k))
def mc_path(mc, pf_sfx=True, midword=None, cmap=None, cname_segment=False):
if not isinstance(mc, dict):
mc = mc_from_mc_key(mc)
path = mc_stripped_path(mc) if mc["path"] is not None else None
cpuid_fn = cpuid_fname(mc["cpuid"])
fname = os.path.basename(mc["path"] or cpuid_fn)
midword = "" if midword is None else " " + midword
cname = get_mc_cnames(mc, cmap, segment=cname_segment)
cname_str = " (" + cname + ")" if cname else ""
if pf_sfx:
sfx = "/0x%02x" % mc["pf"]
else:
sfx = ""
if not path or path == os.path.join("intel-ucode", cpuid_fn):
return "%s%s%s%s" % (fname, sfx, cname_str, midword)
else:
return "%s%s%s%s (in %s)" % (cpuid_fn, sfx, cname_str, midword, path)
def gen_changelog_file(old, new):
pass
def mc_cmp(old_mc, new_mc):
res = []
old_mc_revs = [x["rev"] for x in old_mc]
new_mc_revs = [x["rev"] for x in new_mc]
common = set(old_mc_revs) & set(new_mc_revs)
old_rev_list = [x for x in sorted(old_mc_revs) if x not in common]
new_rev_list = [x for x in sorted(new_mc_revs) if x not in common]
if len(old_rev_list) != 1 or len(new_rev_list) != 1:
for i in new_mc:
if i["rev"] in new_rev_list:
res.append((ChangeLogEntry.ADDED, None, i))
for i in old_mc:
if i["rev"] in old_rev_list:
res.append((ChangeLogEntry.REMOVED, i, None))
else:
for old in old_mc:
if old["rev"] == old_rev_list[0]:
break
for new in new_mc:
if new["rev"] == new_rev_list[0]:
break
if new["rev"] > old["rev"]:
res.append((ChangeLogEntry.UPDATED, old, new))
elif new["rev"] < old["rev"]:
res.append((ChangeLogEntry.DOWNGRADED, old, new))
return res
def gen_changelog(old, new):
res = []
old_map = gen_fn_map(old)
new_map = gen_fn_map(new)
old_files = set(old_map.keys())
new_files = set(new_map.keys())
both = old_files & new_files
added = new_files - old_files
removed = old_files - new_files
for f in sorted(added):
p = mc_path(new_map[f][0])
for old_f in sorted(removed):
old_p = mc_path(old_map[old_f][0])
if p == old_p and f[1] == old_f[1] and f[2] == old_f[2]:
log_info("Matched %s (%s and %s)" %
(p, old_map[old_f][0]["path"], new_map[f][0]["path"]))
added.remove(f)
removed.remove(old_f)
res += mc_cmp(old_map[old_f], new_map[f])
for f in sorted(added):
for i in new_map[f]:
res.append((ChangeLogEntry.ADDED, None, i))
for f in sorted(removed):
for i in old_map[f]:
res.append((ChangeLogEntry.REMOVED, i, None))
for f in sorted(both):
res += mc_cmp(old_map[f], new_map[f])
return res
def mc_date(mc):
if isinstance(mc, dict):
mc = mc["date"]
return "%04x-%02x-%02x" % (mc & 0xffff, mc >> 24, (mc >> 16) & 0xff)
def mc_rev(mc, date=None):
'''
While revision is signed for comparison purposes, historically
it is printed as unsigned, Oh well.
'''
global print_date
if mc["rev"] < 0:
rev = 2**32 + mc["rev"]
else:
rev = mc["rev"]
if date if date is not None else print_date:
return "%#x (%s)" % (rev, mc_date(mc))
else:
return "%#x" % rev
def print_changelog_rpm(clog, cmap, args):
for e, old, new in clog:
mc_str = mc_path(new if e == ChangeLogEntry.ADDED else old,
midword="microcode",
cmap=cmap, cname_segment=args.segment)
if e == ChangeLogEntry.ADDED:
print("Addition of %s at revision %s" % (mc_str, mc_rev(new)))
elif e == ChangeLogEntry.REMOVED:
print("Removal of %s at revision %s" % (mc_str, mc_rev(old)))
elif e == ChangeLogEntry.UPDATED:
print("Update of %s from revision %s up to %s" %
(mc_str, mc_rev(old), mc_rev(new)))
elif e == ChangeLogEntry.DOWNGRADED:
print("Downgrade of %s from revision %s down to %s" %
(mc_str, mc_rev(old), mc_rev(new)))
elif e == ChangeLogEntry.OTHER:
print("Other change in %s:" % old["path"])
print(" old: %#x/%#x: rev %s (offs %#x)" %
(old["cpuid"], old["pf"], mc_rev(old), old["offs"]))
print(" new: %#x/%#x: rev %s (offs %#x)" %
(new["cpuid"], new["pf"], mc_rev(new), new["offs"]))
def print_changelog_intel(clog, cmap, args):
def clog_sort_key(x):
res = str(x[0])
if x[0] != ChangeLogEntry.ADDED:
res += "%08x%02x" % (x[1]["cpuid"], x[1]["pf"])
else:
res += "0" * 10
if x[0] != ChangeLogEntry.REMOVED:
res += "%08x%02x" % (x[2]["cpuid"], x[2]["pf"])
else:
res += "0" * 10
return res
sorted_clog = sorted(clog, key=clog_sort_key)
sections = (("New Platforms", (ChangeLogEntry.ADDED, )),
("Updated Platforms", (ChangeLogEntry.UPDATED,
ChangeLogEntry.DOWNGRADED)),
("Removed Platforms", (ChangeLogEntry.REMOVED, )))
def print_line(e, old, new, types):
if e not in types:
return
if not print_line.hdr:
print("""
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------""")
print_line.hdr = True
mc = new if e == ChangeLogEntry.ADDED else old
cnames = get_mc_cnames(mc, cmap, stringify=False,
segment=args.segment) or (("???", ""), )
for cn in cnames:
cname = cn[0]
stepping = cn[1] if len(cn) > 1 else ""
print("| %-14s | %-8s | %8s/%02x | %8s | %8s | %s" %
(cname,
stepping,
cpuid_fname(mc["cpuid"]), mc["pf"],
("%08x" % old["rev"]) if e != ChangeLogEntry.ADDED else "",
("%08x" % new["rev"]) if e != ChangeLogEntry.REMOVED else "",
get_mc_cnames(mc, cmap, mode=mcnm.MCNM_FAMILIES,
segment=args.segment) or ""))
for h, types in sections:
print("\n### %s" % h)
print_line.hdr = False
for e, old, new in sorted_clog:
print_line(e, old, new, types)
def print_changelog(clog, cmap, args):
if args.format == "rpm":
print_changelog_rpm(clog, cmap, args)
elif args.format == "intel":
print_changelog_intel(clog, cmap, args)
else:
log_error(("unknown changelog format: \"%s\". " +
"Supported formats are: rpm, intel.") % args.format)
class TableStyles:
TS_CSV = 0
TS_FANCY = 1
def print_line(line, column_sz):
print(" | ".join([str(x).ljust(column_sz[i])
for i, x in zip(itertools.count(),
itertools.chain(line,
[""] * (len(column_sz) -
len(line))))]).rstrip())
def print_table(items, header=[], style=TableStyles.TS_CSV):
if style == TableStyles.TS_CSV:
for i in items:
print(";".join(i))
elif style == TableStyles.TS_FANCY:
column_sz = list(reduce(lambda x, y:
map(max, izip_longest(x, y, fillvalue=0)),
[[len(x) for x in i]
for i in itertools.chain(header, items)]))
for i in header:
print_line(i, column_sz)
if header:
print("-+-".join(["-" * x for x in column_sz]))
for i in items:
print_line(i, column_sz)
def print_summary(revs, cmap, args):
m = gen_fn_map(revs)
cnames_mode = mcnm.MCNM_ABBREV if args.abbrev else mcnm.MCNM_CODENAME
header = []
if args.header:
header.append(["Path", "Offset", "Ext. Offset", "Data Size",
"Total Size", "CPUID", "Platform ID Mask", "Revision",
"Date", "Checksum", "Codenames"] +
(["Models"] if args.models else []))
tbl = []
for k in sorted(m.keys()):
for mc in m[k]:
tbl.append([mc_stripped_path(mc),
"0x%x" % mc["offs"],
"0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-",
"0x%05x" % mc["data_size"],
"0x%05x" % mc["total_size"],
"0x%05x" % mc["cpuid"],
"0x%02x" % mc["pf"],
mc_rev(mc, date=False),
mc_date(mc),
"0x%08x" % (mc["ext_cksum"]
if "ext_cksum" in mc else mc["cksum"]),
get_mc_cnames(mc, cmap, cnames_mode,
segment=args.segment) or ""] +
([get_mc_cnames(mc, cmap,
mcnm.MCNM_FAMILIES_MODELS,
segment=args.segment)]
if args.models else []))
print_table(tbl, header, style=TableStyles.TS_FANCY)
def read_codenames_file(path):
'''
Supports two formats: new and old
* old: tab-separated. Field order:
Segment, (unused), Codename, (dash-separated) Stepping,
Platform ID mask, CPUID, (unused) Update link, (unused) Specs link
* new: semicolon-separated; support comments. Distinguished
by the first line that starts with octothorp. Field order:
Segment, Unused, Codename, Stepping, Platform ID mask, CPUID,
Abbreviation, Variant(s), Families, Models
'''
old_fields = ["segment", "_", "codename", "stepping", "pf_mask", "sig",
"_update", "_specs"]
new_fields = ["segment", "_", "codename", "stepping", "pf_mask", "sig",
"abbrev", "variant", "families", "models"]
new_fmt = False
field_names = old_fields
res = dict()
try:
with open(path, "r") as f:
for line in f:
line = line.strip()
if len(line) == 0:
continue
if line[0] == '#':
new_fmt = True
field_names = new_fields
continue
fields = line.split(";" if new_fmt else "\t",
1 + len(field_names))
fields = dict(zip(field_names, fields))
if "sig" not in fields:
log_warn("Skipping %r (from \"%s\")" % (fields, line))
continue
sig = fields["sig"] = int(fields["sig"], 16)
fields["pf_mask"] = int(fields["pf_mask"], 16)
fields["stepping"] = fields["stepping"].split(",")
if "variant" in fields:
if fields["variant"]:
fields["variant"] = fields["variant"].split(",")
else:
fields["variant"] = []
if sig not in res:
res[sig] = list()
res[sig].append(fields)
except Exception as e:
log_error("a problem occurred while reading code names: %s" % e)
return res
def print_discrepancies(rev_map, deps, cmap, args):
"""
rev_map: dict "name": revs
deps: list of tuples (name, parent/None)
"""
sigs = set()
for p, r in rev_map.items():
sigs |= set(r.keys())
if args.header:
header1 = ["sig"]
if args.print_vs:
header2 = [""]
for p, n, d in deps:
header1.append(n)
if args.print_vs:
add = ""
if d:
for pd, nd, dd in deps:
if pd == d:
add = "(vs. %s)" % nd
break
header2.append(add)
if args.models:
header1.append("Model names")
if args.print_vs:
header2.append("")
header = [header1] + ([header2] if args.print_vs else [])
tbl = []
for s in sorted(sigs):
out = [mc_path(s)]
print_out = not args.print_filter
print_date = args.min_date is None
for p, n, d in deps:
cur = dict([(x["rev"], x) for x in rev_map[p][s]]) \
if s in rev_map[p] else []
v = "/".join([mc_rev(y) for x, y in sorted(cur.items())]) \
if cur else "-"
if d is not None:
prev = [x["rev"] for x in rev_map[d][s]] if s in rev_map[d] \
else []
if [x for x in cur if x not in prev]:
v += " (*)"
print_out = True
if args.min_date is not None and s in rev_map[p]:
for x in rev_map[p][s]:
print_date |= mc_date(x) > args.min_date
out.append(v)
if print_out and print_date:
if args.models:
out.append(get_mc_cnames(s, cmap, segment=args.segment) or "")
tbl.append(out)
print_table(tbl, header, style=TableStyles.TS_FANCY)
def cmd_summary(args):
revs = []
for p in args.filelist:
revs = read_revs(p, args, ret=revs)
codenames_map = read_codenames_file(args.codenames)
print_summary(revs, codenames_map, args)
return 0
def cmd_changelog(args):
codenames_map = read_codenames_file(args.codenames)
base_path = args.filelist[0]
upd_path = args.filelist[1]
base = read_revs(base_path, args)
upd = read_revs(upd_path, args)
print_changelog(gen_changelog(base, upd), codenames_map, args)
return 0
def cmd_discrepancies(args):
"""
filenames:
* "<" prefix (possibly multiple times) to refer to a previous entry
to compare against
* "[name]" prefix is a name reference
"""
codenames_map = read_codenames_file(args.codenames)
rev_map = dict()
deps = list()
cur = -1
for path in args.filelist:
orig_path = path
name = None
cur += 1
dep = None
while True:
if path[0] == '<':
path = path[1:]
dep = cur - 1 if dep is None else dep - 1
elif path[0] == '[' and path.find(']') > 0:
pos = path.find(']')
name = path[1:pos]
path = path[pos + 1:]
else:
break
if name is None:
name = path
if dep is not None and dep < 0:
log_error("Incorrect dep reference for '%s' (points to index %d)" %
(orig_path, dep))
return 1
deps.append((path, name, deps[dep][0] if dep is not None else None))
rev_map[path] = gen_fn_map(read_revs(path, args), merge=args.merge,
merge_path=True)
print_discrepancies(rev_map, deps, codenames_map, args)
return 0
def parse_cli():
root_parser = argparse.ArgumentParser(prog="gen_updates",
description="Intel CPU Microcode " +
"parser")
root_parser.add_argument("-C", "--codenames", default='codenames',
help="Code names file")
root_parser.add_argument("-v", "--verbose", action="count", default=0,
help="Increase output verbosity")
root_parser.add_argument("-E", "--no-ignore-ext-duplicates",
action="store_const", dest="ignore_ext_dups",
default=False, const=False,
help="Do not ignore duplicates of the main " +
"signature in the extended signature header")
root_parser.add_argument("-e", "--ignore-ext-duplicates",
action="store_const", dest="ignore_ext_dups",
const=True,
help="Ignore duplicates of the main signature " +
"in the extended signature header")
root_parser.add_argument("-t", "--print-segment", action="store_const",
dest="segment", const=True,
help="Print model segment")
root_parser.add_argument("-T", "--no-print-segment", action="store_const",
dest="segment", const=False, default=False,
help="Do not print model segment")
cmdparsers = root_parser.add_subparsers(title="Commands",
help="main gen_updates commands")
parser_s = cmdparsers.add_parser("summary",
help="Generate microcode summary")
parser_s.add_argument("-a", "--abbreviate", action="store_const",
dest="abbrev", const=True, default=True,
help="Abbreviate code names")
parser_s.add_argument("-A", "--no-abbreviate", action="store_const",
dest="abbrev", const=False,
help="Do not abbreviate code names")
parser_s.add_argument("-m", "--print-models", action="store_const",
dest="models", const=True, default=False,
help="Print models")
parser_s.add_argument("-M", "--no-print-models",
action="store_const", dest="models",
const=False, help="Do not print models")
parser_s.add_argument("-H", "--no-print-header",
action="store_const", dest="header",
const=False, default=True,
help="Do not print hader")
parser_s.add_argument("filelist", nargs="*", default=[],
help="List or RPMs/directories to process")
parser_s.set_defaults(func=cmd_summary)
parser_c = cmdparsers.add_parser("changelog",
help="Generate changelog")
parser_c.add_argument("-F", "--format", choices=["rpm", "intel"],
default="rpm", help="Changelog format")
parser_c.add_argument("filelist", nargs=2,
help="RPMs/directories to compare")
parser_c.set_defaults(func=cmd_changelog)
parser_d = cmdparsers.add_parser("discrepancies",
help="Generate discrepancies")
parser_d.add_argument("-s", "--merge-revs", action="store_const",
dest="merge", const=True, default=False,
help="Merge revisions that come" +
" from different files")
parser_d.add_argument("-S", "--no-merge-revs", action="store_const",
dest="merge", const=False,
help="Do not Merge revisions that come" +
" from different files")
parser_d.add_argument("-v", "--print-vs", action="store_const",
dest="print_vs", const=True, default=False,
help="Print base version ")
parser_d.add_argument("-V", "--no-print-vs", action="store_const",
dest="print_vs", const=False,
help="Do not Merge revisions that come" +
" from different files")
parser_d.add_argument("-m", "--print-models", action="store_const",
dest="models", const=True, default=True,
help="Print model names")
parser_d.add_argument("-M", "--no-print-models", action="store_const",
dest="models", const=False,
help="Do not print model names")
parser_d.add_argument("-H", "--no-print-header", action="store_const",
dest="header", const=False, default=True,
help="Do not print hader")
parser_d.add_argument("-a", "--print-all-files", action="store_const",
dest="print_filter", const=False, default=True,
help="Print all files")
parser_d.add_argument("-c", "--print-changed-files", action="store_const",
dest="print_filter", const=True,
help="Print only changed files")
parser_d.add_argument("-d", "--min-date", action="store",
help="Minimum date filter")
parser_d.add_argument("filelist", nargs='*',
help="RPMs/directories to compare")
parser_d.set_defaults(func=cmd_discrepancies)
args = root_parser.parse_args()
if not hasattr(args, "func"):
root_parser.print_help()
return None
global log_level
log_level = args.verbose
return args
def main():
args = parse_cli()
if args is None:
return 1
return args.func(args)
if __name__ == "__main__":
sys.exit(main())

2
SOURCES/intel_config
View File

@ -1,5 +1,5 @@
path intel-ucode/*
vendor_id GenuineIntel
vendor GenuineIntel
kernel_early 4.10.0
kernel_early 3.10.0-930
kernel_early 3.10.0-862.14.1

10
SOURCES/intel_disclaimer Normal file
View File

@ -0,0 +1,10 @@
This kernel doesn't handle early microcode load properly (it tries to load
microcode even in virtualised environment, which may lead to a panic on some
hypervisors), thus the microcode files have not been added to the initramfs
image. Please update your kernel to one of the following:
RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
RHEL 7.3: kernel-3.10.0-514.57.1 or newer;
RHEL 7.2: kernel-3.10.0-327.73.1 or newer.
Please refer to /usr/share/doc/microcode_ctl/caveats/intel_readme
and /usr/share/doc/microcode_ctl/README.caveats for details.

13
SOURCES/intel_readme
View File

@ -18,8 +18,7 @@ If you want to avoid early load of microcode for a specific kernel, please
create "disallow-early-intel" file inside /lib/firmware/<kernel_version>
directory and run dracut -f --kver "<kernel_version>":
touch /lib/firmware/3.10.0-862.9.1/disallow-intel
/usr/libexec/microcode_ctl/update_ucode
touch /lib/firmware/3.10.0-862.9.1/disallow-early-intel
dracut -f --kver 3.10.0-862.9.1
If you want to avoid early load of microcode for all kernels, please create
@ -27,14 +26,13 @@ If you want to avoid early load of microcode for all kernels, please create
directory and run dracut -f --regenerate-all:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel
dracut -f --kver 3.10.0-862.9.1
touch /etc/microcode_ctl/ucode_with_caveats/disallow-early-intel
dracut -f --regenerate-all
If you want to enforce early load of microcode for a specific kernel, please
create "force-early-intel" file inside /lib/firmware/<kernel_version> directory
and run dracut -f --kver "<kernel_version>":
modir -p/lib/firmware/3.10.0-862.9.1/
touch /lib/firmware/3.10.0-862.9.1/force-early-intel
dracut -f --kver 3.10.0-862.9.1
@ -46,8 +44,9 @@ directory and run dracut -f --kver "<kernel_version>":
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel
dracut -f --regenerate-all
In order to override late load behaviour, the "early" part of file names should
be replaced with "late" (and there is no need to call dracut in that case).
In order to override the late load behaviour, the "early" part of file names
should be replaced with "late" (and there is no need to call dracut
in that case).
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional

2
SOURCES/reload_microcode
View File

@ -5,6 +5,8 @@
#
# SPDX-License-Identifier: CC0-1.0
export LC_ALL=C
CHECK_CAVEATS=/usr/libexec/microcode_ctl/check_caveats
IGNORE_HYPERVISOR="/etc/microcode_ctl/ignore-hypervisor-flag"

43
SOURCES/update_ucode
View File

@ -5,6 +5,8 @@
#
# SPDX-License-Identifier: CC0-1.0
export LC_ALL=C
usage()
{
echo "Usage: update_ucode [--action {add|remove|refresh|list}]" \
@ -15,6 +17,11 @@ usage()
debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }
# Calls find only if the first argument exists and is a directory.
# Avoids spurious "find: '...' No such file or directory" for the directories
# that may not exist.
find_d() { [ \! -d "$1" ] || find "$@"; }
MC_DIR=/usr/share/microcode_ctl
INTEL_UCODE_DIR=intel-ucode
DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
@ -79,7 +86,7 @@ add|remove|refresh|list)
if [ -z "$kernel" ]; then
debug "No kernel versions provided, scanning..."
kvers=$(find /lib/modules/ -name '[2-9].*' -print)
kvers=$(find_d /lib/modules/ -name '[2-9].*' -print)
for k_dir in $kvers; do
k="${k_dir#/lib/modules/}"
[ ! -e "${k_dir}/symvers.gz" ] || {
@ -88,7 +95,7 @@ add|remove|refresh|list)
}
done
kvers=$(find /lib/firmware/ -name '[2-9].*' -print)
kvers=$(find_d /lib/firmware/ -name '[2-9].*' -print)
for k_dir in $kvers; do
k="${k_dir#/lib/firmware/}"
[ ! -d "$k_dir" ] || {
@ -129,7 +136,7 @@ while :; do
refresh|remove|list)
debug " Removing old files from ${FW_DIR}/${INTEL_UCODE_DIR}"
if [ 0 = "$remove_cleanup" ]; then
find "${MC_DIR}/${INTEL_UCODE_DIR}" \
find_d "${MC_DIR}/${INTEL_UCODE_DIR}" \
-maxdepth 1 -mindepth 1 \
-type f -printf '%f\n'
else
@ -151,6 +158,17 @@ while :; do
$cmd rm -f $verbose_opt "$name"
done
[ "xlist" = "x$action" ] || {
# Removing possible dangling symlinks
find_d "${FW_DIR}/${INTEL_UCODE_DIR}" \
-maxdepth 1 -mindepth 1 \
-type l -printf '%p\n' \
| while read -r fname; do
[ -e "$fname" ] || {
debug " Removing danging symlink \"$fname\""
$cmd rm -f $verbose_opt "$fname"
}
done
$cmd rmdir -p $verbose_opt \
"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
|| true
@ -203,7 +221,7 @@ fi | while read -r i; do
debug " Removing \"$paths\" (part of $action)..."
for p in $(printf "%s" "$paths"); do
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
find_d "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
-printf "%P\n"
done | while read -r path; do
[ -e "$FW_DIR/$k/readme-$i" ] || {
@ -225,6 +243,7 @@ fi | while read -r i; do
fi
done
if [ -e "$FW_DIR/$k/readme-$i" ]; then
if [ "xlist" = "x$action" ]; then
echo "$FW_DIR/$k/readme-$i"
@ -260,7 +279,7 @@ fi | while read -r i; do
}
for p in $(printf "%s" "$paths"); do
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
find_d "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
-printf "%P\n"
done | while read -r path; do
[ ! -e "$FW_DIR/$k/$path" ] || {
@ -288,3 +307,17 @@ fi | while read -r i; do
esac
done
done
# Removing possible dangling symlinks in kernel-specific directories
debug "Checking for dangling symlinks..."
for k in $(echo "$kernel"); do
debug " Processing kernel version \"$k\""
find_d "${FW_DIR}/${k}" \
-mindepth 1 -type l -printf '%p\n' \
| while read -r fname; do
[ -e "$fname" ] || {
debug " Removing danging symlink \"$fname\""
$cmd rm -f $verbose_opt "$fname"
}
done
done

1819
SPECS/microcode_ctl.spec
View File

File diff suppressed because it is too large Load Diff