rpms/microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c8s
microcode_ctl/06-8c-01_readme
Eugene Syromiatnikov 1a60aff579 Update Intel CPU microcode to microcode-20240910 release 
- Update Intel CPU microcode to microcode-20240910 release, addresses
  CVE-2024-23984, CVE-2024-24853, CVE-2024-24968, CVE-2024-24980,
  CVE-2024-25939:
  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb6 up to 0xb8;
  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xf4 up
    to 0xf6;
  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xf4 up
    to 0xf6;
  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xf4 up
    to 0xf6;
  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xf4 up
    to 0xf6;
  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
    revision 0xfa up to 0xfc;
  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xf6 up
    to 0xf8;
  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xf4 up
    to 0xf6;
  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xf6 up
    to 0xf8;
  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xfc up
    to 0x100;
  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
    0x5003605 up to 0x5003707;
  - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802
    up to 0x7002904;
  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1
    up to 0xd0003e7;
  - Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290
    up to 0x10002b0;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4
    up to 0xc6;
  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up
    to 0x38;
  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up
    to 0x52;
  - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up
    to 0x1a;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
    0x35 up to 0x36;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-97-02) from revision 0x35 up to 0x36;
  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
    from revision 0x35 up to 0x36;
  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
    from revision 0x35 up to 0x36;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-97-05) from revision 0x35 up to 0x36;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35
    up to 0x36;
  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
    from revision 0x35 up to 0x36;
  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
    from revision 0x35 up to 0x36;
  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
    0x433 up to 0x434;
  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
    intel-ucode/06-9a-03) from revision 0x433 up to 0x434;
  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
    intel-ucode/06-9a-04) from revision 0x433 up to 0x434;
  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433
    up to 0x434;
  - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up
    to 0xfc;
  - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa
    up to 0xfc;
  - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa
    up to 0xfc;
  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa
    up to 0xfe;
  - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
    0xfa up to 0xfc;
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up
    to 0x62;
  - Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c
    up to 0x1f;
  - Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up
    to 0x129;
  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
    0x4121 up to 0x4122;
  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
    intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;
  - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
    revision 0x4121 up to 0x4122;
  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
    intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;
  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121
    up to 0x4122;
  - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
    revision 0x4121 up to 0x4122;
  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
    intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
    intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
  - Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
  - Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up
    to 0x36;
  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
    from revision 0x35 up to 0x36;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
    from revision 0x35 up to 0x36;
  - Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up
    to 0x36;
  - Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up
    to 0x1a (old pf 0x11).

* .gitignore: Add /microcode-20240910.tar.gz entry.
* 06-8c-01_readme: Add a checksum for revision 0xb8.
* 06-8e-9e-0x-0xca_readme: Add checksum for new microcode revisions
of 06-8e-0[9abc] and 06-9e-0[abcd] CPUIDs.
* 06-8e-9e-0x-dell_readme: Likewise.
* microcode_ctl.spec (intel_ucode_version): Bump to 20240910.
(%changelog): Add a record.
* sources: Replace microcode-20240531.tar.gz record with
microcode-20240910.tar.gz.

Resolves: RHEL-59081
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2024-10-08 19:26:30 +02:00

67 lines
3.4 KiB
Plaintext
Raw Permalink Blame History

Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
had reports of system hangs when a microcode update, that was included
since microcode-20201110 update, was applied[1]. In order to address this,
microcode update had been disabled by default on these systems. The revision
0x88 seems to have fixed the aforementioned issue, hence it is enabled
by default (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
For the reference, SHA1 checksums of 06-8c-01 microcode files containing
microcode revisions in question are listed below:
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
* 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
* 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f
* 06-8c-01, revision 0xa6: fdcf89e3a15a20df8aeee215b78bf5d13d731044
* 06-8c-01, revision 0xaa: cf84883f6b3184690c25ccade0b10fa839ac8657
* 06-8c-01, revision 0xac: b9f342e564a0be372ed1f4709263bf811feb022a
* 06-8c-01, revision 0xb4: 6596bb8696cde85538bb833d090f0b7a42d6ae14
* 06-8c-01, revision 0xb6: 76556e8248a89f38cd55a6c83dccc995ba176091
* 06-8c-01, revision 0xb8: 6e9b138d1db2934479b179af4a3a19e843c4b4e4
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
https://access.redhat.com/articles/6716541
* CVE-2022-21123 (Shared Buffers Data Read):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To disable 06-8c-01 microcode updates for a specific kernel
version, please create a file "disallow-intel-06-8c-01" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
directory where microcode is available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To avoid addition of this microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
Reference in New Issue View Git Blame Copy Permalink