rpms/microcode_ctl
6
0
Fork 0
Code Issues Pull Requests Releases Activity
c8s
microcode_ctl/06-8c-01_readme
Denys Vlasenko d636529d85 Update Intel CPU microcode to microcode-20250512 release 
- Add a caveat to provide ability to persistently disable SPR-EE updates
  beyond 0x2b0005c0 on systems where absence of latency spikes
  is more important than lack of the latest CVE mitigations (RHEL-95245)
- Update Intel CPU microcode to microcode-20250512 release, addresses
  CVE-2024-28956, CVE-2025-20103, CVE-2025-20054, CVE-2024-43420,
  CVE-2025-20623, CVE-2024-45332, CVE-2025-24495, CVE-2025-20012
  (RHEL-92231)
  - Addition of 06-8f-04/0x10 microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
  - Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
  - Addition of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
  - Addition of 06-8f-05/0x87 (SPR-SP E2) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
  - Addition of 06-8f-06/0x10 microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
  - Addition of 06-8f-06/0x87 (SPR-SP E3) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
  - Addition of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
  - Addition of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2c0003f7;
  - Addition of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
    intel-06-8f-08/intel-ucode/06-8f-08) at revision 0x2b000639;
  - Addition of 06-ad-01/0x20 (GNR-AP/SP H0) microcode at revision
    0xa0000d1;
  - Addition of 06-ad-01/0x95 (GNR-AP/SP B0) microcode at revision
    0x10003a2;
  - Addition of 06-b5-00/0x80 (ARL-U A1) microcode at revision 0xa;
  - Addition of 06-bd-01/0x80 (LNL B0) microcode at revision 0x11f;
  - Addition of 06-c5-02/0x82 (ARL-H A1) microcode at revision 0x118;
  - Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode (in
    intel-ucode/06-c5-02) at revision 0x118;
  - Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c5-02) at
    revision 0x118;
  - Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c5-02) at
    revision 0x118;
  - Addition of 06-c5-02/0x82 (ARL-H A1) microcode (in
    intel-ucode/06-c6-02) at revision 0x118;
  - Addition of 06-c6-02/0x82 (ARL-HX 8P/S B0) microcode at revision
    0x118;
  - Addition of 06-c6-04/0x82 microcode (in intel-ucode/06-c6-02) at
    revision 0x118;
  - Addition of 06-ca-02/0x82 microcode (in intel-ucode/06-c6-02) at
    revision 0x118;
  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb8 up to 0xbc;
  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
    revision 0xfc up to 0x100;
  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0x102 up
    to 0x104;
  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
    0x5003707 up to 0x5003901;
  - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002904
    up to 0x7002b01;
  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003f5
    up to 0xd000404;
  - Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x10002c0
    up to 0x10002d0;
  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x24 up
    to 0x26;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc6
    up to 0xca;
  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x38 up
    to 0x3c;
  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x52 up
    to 0x56;
  - Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from
    revision 0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
    intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision
    0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b000620
    up to 0x2b000639;
  - Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from
    revision 0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
    intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
    intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
    intel-ucode/06-8f-05) from revision 0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
    intel-ucode/06-8f-05) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from
    revision 0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
    intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in
    intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
    intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-06/0x10 microcode from revision 0x2c0003e0 up to
    0x2c0003f7;
  - Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b000620
    up to 0x2b000639;
  - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in
    intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in
    intel-ucode/06-8f-06) from revision 0x2c0003e0 up to 0x2c0003f7;
  - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
    intel-ucode/06-8f-06) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in
    intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in
    intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in
    intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision
    0x2b000620 up to 0x2b000639;
  - Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in
    intel-ucode/06-8f-07) from revision 0x2b000620 up to 0x2b000639;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
    0x38 up to 0x3a;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-97-02) from revision 0x38 up to 0x3a;
  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
    from revision 0x38 up to 0x3a;
  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
    from revision 0x38 up to 0x3a;
  - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) from
    revision 0x38 up to 0x3a;
  - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) from
    revision 0x38 up to 0x3a;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-97-05) from revision 0x38 up to 0x3a;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x38
    up to 0x3a;
  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
    from revision 0x38 up to 0x3a;
  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
    from revision 0x38 up to 0x3a;
  - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) from
    revision 0x38 up to 0x3a;
  - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) from
    revision 0x38 up to 0x3a;
  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
    0x436 up to 0x437;
  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
    intel-ucode/06-9a-03) from revision 0x436 up to 0x437;
  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
    intel-ucode/06-9a-04) from revision 0x436 up to 0x437;
  - Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x9 up
    to 0xa;
  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x436
    up to 0x437;
  - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfc up
    to 0x100;
  - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfc
    up to 0x100;
  - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfc
    up to 0x100;
  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfe
    up to 0x102;
  - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
    0xfc up to 0x100;
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x63 up
    to 0x64;
  - Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x20
    up to 0x24;
  - Update of 06-af-03/0x01 (SRF-SP C0) microcode from revision 0x3000330
    up to 0x3000341;
  - Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x12c up
    to 0x12f;
  - Update of 06-b7-04/0x32 microcode (in intel-ucode/06-b7-01) from
    revision 0x12c up to 0x12f;
  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
    0x4124 up to 0x4128;
  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
    intel-ucode/06-ba-02) from revision 0x4124 up to 0x4128;
  - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
    revision 0x4124 up to 0x4128;
  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
    intel-ucode/06-ba-03) from revision 0x4124 up to 0x4128;
  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4124
    up to 0x4128;
  - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
    revision 0x4124 up to 0x4128;
  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
    intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128;
  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
    intel-ucode/06-ba-08) from revision 0x4124 up to 0x4128;
  - Update of 06-ba-08/0xe0 microcode from revision 0x4124 up to 0x4128;
  - Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x1c up
    to 0x1d;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-bf-02) from revision 0x38 up to 0x3a;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-02) from revision 0x38 up to 0x3a;
  - Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x38 up
    to 0x3a;
  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
    from revision 0x38 up to 0x3a;
  - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-02) from
    revision 0x38 up to 0x3a;
  - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-02) from
    revision 0x38 up to 0x3a;
  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-bf-05) from revision 0x38 up to 0x3a;
  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-05) from revision 0x38 up to 0x3a;
  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
    from revision 0x38 up to 0x3a;
  - Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x38 up
    to 0x3a;
  - Update of 06-bf-06/0x07 microcode (in intel-ucode/06-bf-05) from
    revision 0x38 up to 0x3a;
  - Update of 06-bf-07/0x07 microcode (in intel-ucode/06-bf-05) from
    revision 0x38 up to 0x3a;
  - Update of 06-cf-01/0x87 (EMR-SP A0) microcode from revision 0x21000291
    up to 0x210002a9;
  - Update of 06-cf-02/0x87 (EMR-SP A1) microcode (in
    intel-ucode/06-cf-01) from revision 0x21000291 up to 0x210002a9;
  - Update of 06-cf-01/0x87 (EMR-SP A0) microcode (in
    intel-ucode/06-cf-02) from revision 0x21000291 up to 0x210002a9;
  - Update of 06-cf-02/0x87 (EMR-SP A1) microcode from revision 0x21000291
    up to 0x210002a9.

Resolves: RHEL-92231, RHEL-95245

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
2025-06-11 14:48:08 +02:00

68 lines
3.5 KiB
Plaintext
Raw Permalink Blame History

Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
had reports of system hangs when a microcode update, that was included
since microcode-20201110 update, was applied[1]. In order to address this,
microcode update had been disabled by default on these systems. The revision
0x88 seems to have fixed the aforementioned issue, hence it is enabled
by default (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
For the reference, SHA1 checksums of 06-8c-01 microcode files containing
microcode revisions in question are listed below:
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
* 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
* 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f
* 06-8c-01, revision 0xa6: fdcf89e3a15a20df8aeee215b78bf5d13d731044
* 06-8c-01, revision 0xaa: cf84883f6b3184690c25ccade0b10fa839ac8657
* 06-8c-01, revision 0xac: b9f342e564a0be372ed1f4709263bf811feb022a
* 06-8c-01, revision 0xb4: 6596bb8696cde85538bb833d090f0b7a42d6ae14
* 06-8c-01, revision 0xb6: 76556e8248a89f38cd55a6c83dccc995ba176091
* 06-8c-01, revision 0xb8: 6e9b138d1db2934479b179af4a3a19e843c4b4e4
* 06-8c-01, revision 0xbc: 7d529358aaf77df57c122db0b2eceb03989ea9ce
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
https://access.redhat.com/articles/6716541
* CVE-2022-21123 (Shared Buffers Data Read):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To disable 06-8c-01 microcode updates for a specific kernel
version, please create a file "disallow-intel-06-8c-01" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
directory where microcode is available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To avoid addition of this microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
Reference in New Issue View Git Blame Copy Permalink