Compare commits
No commits in common. "imports/c9/microcode_ctl-20230808-2.20231009.1.el9_3" and "c8" have entirely different histories.
imports/c9
...
c8
@ -10,8 +10,8 @@ behaviour.
|
||||
|
||||
General behaviour
|
||||
=================
|
||||
In RHEL 9 (as well as in RHEL 7 and RHEL 8 before it), there are currently
|
||||
two main handlers for CPU microcode update:
|
||||
In RHEL 8 (as well as RHEL 7 before it), there are currently two main handlers
|
||||
for CPU microcode update:
|
||||
* Early microcode update. It uses GenuineIntel.bin or AuthenticAMD.bin file
|
||||
placed at the beginning of an initramfs image
|
||||
(/boot/initramfs-KERNEL_VERSION.img, where "KERNEL_VERSION" is a kernel
|
||||
@ -45,10 +45,10 @@ zero-filled.
|
||||
|
||||
The early microcode is placed into initramfs image by the "dracut" script, which
|
||||
scans the aforementioned subdirectories of the configured list of firmware
|
||||
directories (by default, the list consists of two directories in RHEL 9,
|
||||
directories (by default, the list consists of two directories in RHEL 8,
|
||||
"/lib/firmware/updates" and "/lib/firmware").
|
||||
|
||||
In RHEL 9, AMD CPU microcode is shipped as a part of the linux-firmware package,
|
||||
In RHEL 8, AMD CPU microcode is shipped as a part of the linux-firmware package,
|
||||
and Intel microcode is shipped as a part of the microcode_ctl package.
|
||||
|
||||
The microcode_ctl package currently includes the following:
|
||||
@ -613,7 +613,7 @@ Mitigation: microcode loading is disabled for the affected CPU model.
|
||||
|
||||
Minimum versions of the kernel package that contain the aforementioned patch
|
||||
series:
|
||||
- Upstream/RHEL 8/RHEL 9: 4.17.0
|
||||
- Upstream/RHEL 8: 4.17.0
|
||||
- RHEL 7.6 onwards: 3.10.0-894
|
||||
- RHEL 7.5: 3.10.0-862.6.1
|
||||
- RHEL 7.4: 3.10.0-693.35.1
|
||||
@ -628,7 +628,7 @@ series:
|
||||
|
||||
Early microcode load inside a virtual machine
|
||||
---------------------------------------------
|
||||
RHEL 9 kernel supports performing microcode update during early boot stage
|
||||
RHEL 8 kernel supports performing microcode update during early boot stage
|
||||
from a cpio archive placed at the beginning of the initramfs image. However,
|
||||
when an early microcode update is attempted inside some virtualised
|
||||
environments, that may result in unexpected system behaviour.
|
||||
@ -643,7 +643,7 @@ Mitigation: early microcode loading is disabled for all CPU models on kernels
|
||||
without the fix.
|
||||
|
||||
Minimum versions of the kernel package that contain the fix:
|
||||
- Upstream/RHEL 8/RHEL 9: 4.10.0
|
||||
- Upstream/RHEL 8: 4.10.0
|
||||
- RHEL 7.6 onwards: 3.10.0-930
|
||||
- RHEL 7.5: 3.10.0-862.14.1
|
||||
- RHEL 7.4: 3.10.0-693.38.1
|
||||
|
@ -43,43 +43,25 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
|
||||
|
||||
# ext_sig, 12 bytes in size
|
||||
IFS=' ' read cpuid pf_mask <<- EOF
|
||||
$(dd if="$f" ibs=1 skip="$skip" count=8 status=none \
|
||||
| xxd -e -g4 | xxd -r | hexdump -n 8 \
|
||||
-e '"" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
|
||||
$(hexdump -s "$skip" -n 8 \
|
||||
-e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f")
|
||||
EOF
|
||||
# Converting values from the constructed %#08x format
|
||||
pf_mask="$((pf_mask))"
|
||||
|
||||
skip="$((skip + 12))"
|
||||
ext_sig_pos="$((ext_sig_pos + 1))"
|
||||
else
|
||||
# Microcode header, 48 bytes, last 3 fields reserved
|
||||
# cksum, ldrver are ignored
|
||||
IFS=' ' read hdrver rev \
|
||||
date_m date_d date_y \
|
||||
date_y date_d date_m \
|
||||
cpuid cksum ldrver \
|
||||
pf_mask datasz totalsz <<- EOF
|
||||
$(dd if="$f" ibs=1 skip="$skip" count=36 status=none \
|
||||
| xxd -e -g4 | xxd -r | hexdump -n 36 \
|
||||
-e '"0x" 4/1 "%02x" " 0x" 4/1 "%02x" " " \
|
||||
1/1 "%02x " 1/1 "%02x " 2/1 "%02x" " " \
|
||||
4/1 "%02x" " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" \
|
||||
" 0x" 4/1 "%x" \
|
||||
" 0x" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
|
||||
$(hexdump -s "$skip" -n 36 \
|
||||
-e '"" 1/4 "%u " 1/4 "%#x " \
|
||||
1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
|
||||
1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
|
||||
1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
|
||||
EOF
|
||||
|
||||
# Converting values from the constructed %#08x format
|
||||
rev="$(printf '%#x' "$((rev))")"
|
||||
pf_mask="$((pf_mask))"
|
||||
datasz="$((datasz))"
|
||||
totalsz="$((totalsz))"
|
||||
|
||||
# Skipping files with unexpected hdrver value
|
||||
[ 1 = "$((hdrver))" ] || {
|
||||
echo "$f+$skip@$file_sz: incorrect hdrver $((hdrver))" >&2
|
||||
break
|
||||
}
|
||||
|
||||
[ 0 != "$datasz" ] || datasz=2000
|
||||
[ 0 != "$totalsz" ] || totalsz=2048
|
||||
|
||||
@ -98,12 +80,9 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
|
||||
# ext_sig table header, 20 bytes in size,
|
||||
# last 3 fields are reserved.
|
||||
IFS=' ' read ext_sig_cnt <<- EOF
|
||||
$(dd if="$f" ibs=1 skip="$skip" count=4 status=none \
|
||||
| xxd -e -g4 | hexdump -n 4 \
|
||||
-e '"0x" 4/1 "%02x" "\n"')
|
||||
$(hexdump -s "$skip" -n 4 \
|
||||
-e '"" 1/4 "%u" "\n"' "$f")
|
||||
EOF
|
||||
# Converting values from the constructed format
|
||||
ext_sig_cnt="$((ext_sig_cnt))"
|
||||
|
||||
skip="$((skip + 20))"
|
||||
else
|
||||
|
@ -144,7 +144,7 @@ def read_revs_dir(path, args, src=None, ret=None):
|
||||
offs = 0
|
||||
while offs < sz:
|
||||
f.seek(offs, os.SEEK_SET)
|
||||
hdr = struct.unpack("<IiIIIIIIIIII", f.read(48))
|
||||
hdr = struct.unpack("IiIIIIIIIIII", f.read(48))
|
||||
ret.append({"path": rp, "src": src or path,
|
||||
"cpuid": hdr[3], "pf": hdr[6], "rev": hdr[1],
|
||||
"date": hdr[2], "offs": offs, "cksum": hdr[4],
|
||||
@ -152,7 +152,7 @@ def read_revs_dir(path, args, src=None, ret=None):
|
||||
|
||||
if hdr[8] and hdr[8] - hdr[7] > 48:
|
||||
f.seek(hdr[7], os.SEEK_CUR)
|
||||
ext_tbl = struct.unpack("<IIIII", f.read(20))
|
||||
ext_tbl = struct.unpack("IIIII", f.read(20))
|
||||
log_status("Found %u extended signatures for %s:%#x" %
|
||||
(ext_tbl[0], rp, offs), level=1)
|
||||
|
||||
@ -160,7 +160,7 @@ def read_revs_dir(path, args, src=None, ret=None):
|
||||
ext_sig_cnt = 0
|
||||
while cur_offs < offs + hdr[8] \
|
||||
and ext_sig_cnt <= ext_tbl[0]:
|
||||
ext_sig = struct.unpack("<III", f.read(12))
|
||||
ext_sig = struct.unpack("III", f.read(12))
|
||||
ignore = args.ignore_ext_dups and \
|
||||
(ext_sig[0] == hdr[3])
|
||||
if not ignore:
|
||||
|
@ -1,4 +1,5 @@
|
||||
%define intel_ucode_version 20231009
|
||||
%global debug_package %{nil}
|
||||
|
||||
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
|
||||
%define microcode_ctl_libexec %{_libexecdir}/microcode_ctl
|
||||
@ -134,12 +135,10 @@ Patch0009: 0009-releasenote.md-fix-old-revisions-for-06-8e-09-10-and.patch
|
||||
Patch0010: 0010-releasenote.md-add-old-revisions-for-06-be-00-11-06-.patch
|
||||
Patch0011: 0011-releasenote.md-add-stub-release-notes-for-microcode-.patch
|
||||
|
||||
BuildArch: noarch
|
||||
ExclusiveArch: %{ix86} x86_64
|
||||
BuildRequires: systemd-units
|
||||
# dd, hexdump, and xxd are used in gen_provides.sh
|
||||
BuildRequires: coreutils util-linux /usr/bin/xxd
|
||||
# gen_updates2.py requires python interpreter
|
||||
BuildRequires: /usr/bin/python3
|
||||
# hexdump is used in gen_provides.sh
|
||||
BuildRequires: coreutils util-linux
|
||||
Requires: coreutils
|
||||
Requires(post): systemd coreutils
|
||||
Requires(preun): systemd coreutils
|
||||
@ -339,7 +338,7 @@ install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
|
||||
# SUMMARY.intel-ucode generation
|
||||
# It is to be done only after file population, so, it is here,
|
||||
# at the end of the install stage
|
||||
/usr/bin/python3 "%{SOURCE1002}" -C "%{SOURCE1001}" \
|
||||
/usr/libexec/platform-python "%{SOURCE1002}" -C "%{SOURCE1001}" \
|
||||
summary -A "%{buildroot}" \
|
||||
> "%{buildroot}/%{_pkgdocdir}/SUMMARY.intel-ucode"
|
||||
|
||||
@ -575,7 +574,7 @@ rm -rf %{buildroot}
|
||||
%changelog
|
||||
* Wed Nov 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230808-2.20231009.1
|
||||
- Update Intel CPU microcode to microcode-20231009 release, addresses
|
||||
CVE-2023-23583 (RHEL-3683):
|
||||
CVE-2023-23583 (RHEL-3684):
|
||||
- Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
|
||||
intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xac up to 0xb4;
|
||||
- Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003a5
|
||||
@ -733,8 +732,8 @@ rm -rf %{buildroot}
|
||||
|
||||
* Thu Aug 10 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230808-1
|
||||
- Update Intel CPU microcode to microcode-20230808 release, addresses
|
||||
CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213124, #2223992, #2230677,
|
||||
#2230689):
|
||||
CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213125, #2223993, #2230678,
|
||||
#2230690):
|
||||
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
|
||||
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006f05 up
|
||||
to 0x2007006;
|
||||
@ -934,7 +933,7 @@ rm -rf %{buildroot}
|
||||
to 0x11 (old pf 0x1).
|
||||
|
||||
* Mon Aug 07 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230516-1
|
||||
- Update Intel CPU microcode to microcode-20230516 release (#2213124):
|
||||
- Update Intel CPU microcode to microcode-20230516 release (#2213125):
|
||||
- Addition of 06-be-00/0x01 (ADL-N A0) microcode at revision 0x10;
|
||||
- Addition of 06-9a-04/0x40 (AZB A0) microcode at revision 0x4;
|
||||
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
|
||||
@ -1107,19 +1106,19 @@ rm -rf %{buildroot}
|
||||
|
||||
* Tue Aug 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-4
|
||||
- Avoid spurious find failures due to calls on directories that may not exist
|
||||
(#2225681).
|
||||
(#2231065).
|
||||
|
||||
* Wed Jun 28 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-3
|
||||
- Force locale to C in check_caveats, reload_microcode, and update_ucode
|
||||
(#2218104).
|
||||
(#2218096).
|
||||
|
||||
* Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
|
||||
- Cleanup the dangling symlinks in update_ucode (#2213022).
|
||||
- Cleanup the dangling symlinks in update_ucode (#2135376).
|
||||
|
||||
* Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
|
||||
- Update Intel CPU microcode to microcode-20230214 release, addresses
|
||||
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171237,
|
||||
#2171262):
|
||||
CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234,
|
||||
#2171259):
|
||||
- Addition of 06-6c-01/0x10 (ICL-D B0) microcode at revision 0x1000211;
|
||||
- Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode at revision
|
||||
0x2b000181;
|
||||
@ -1295,11 +1294,11 @@ rm -rf %{buildroot}
|
||||
|
||||
* Tue Oct 25 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-2
|
||||
- Change the logger severity level to warning to align with the kmsg one
|
||||
(#2136506).
|
||||
(#2136224).
|
||||
|
||||
* Tue Aug 09 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-1
|
||||
- Update Intel CPU microcode to microcode-20220510 release, addresses
|
||||
CVE-2022-21233 (#2115663):
|
||||
CVE-2022-21233 (#2115667):
|
||||
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
|
||||
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up
|
||||
to 0x2006e05;
|
||||
@ -1362,8 +1361,7 @@ rm -rf %{buildroot}
|
||||
|
||||
* Tue May 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220510-1
|
||||
- Update Intel CPU microcode to microcode-20220510 release, addresses
|
||||
CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090248,
|
||||
#2090261, #2086751, #2040069):
|
||||
CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743):
|
||||
- Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
|
||||
- Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
|
||||
intel-ucode/06-97-02) at revision 0x1f;
|
||||
@ -1486,8 +1484,13 @@ rm -rf %{buildroot}
|
||||
to 0x53.
|
||||
|
||||
* Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
|
||||
- Update Intel CPU microcode to microcode-20220207 release, addresses
|
||||
CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#2053253):
|
||||
- Update Intel CPU microcode to microcode-20220207 release:
|
||||
- Fixes in releasenote.md file.
|
||||
|
||||
* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
|
||||
- Update Intel CPU microcode to microcode-20220204 release, addresses
|
||||
CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
|
||||
#2049554, #2049571):
|
||||
- Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
|
||||
- Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
|
||||
at revision 0xb00000f;
|
||||
@ -1591,10 +1594,6 @@ rm -rf %{buildroot}
|
||||
- Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up
|
||||
to 0x50.
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:20210608-2
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Mon Jul 05 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1
|
||||
- Update Intel CPU microcode to microcode-20210608 release (#1921773):
|
||||
- Fixes in releasenote.md file.
|
||||
|
Loading…
Reference in New Issue
Block a user