rpms/microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity
04d5905f0e
microcode_ctl/06-5e-03_readme
Eugene Syromiatnikov 4f40bcbef1 Update Intel CPU microcode to microcode-20220510 release 
- Update Intel CPU microcode to microcode-20220510 release, addresses
  CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743):
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-97-02) at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
    at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
    at revision 0x1f;
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
    intel-ucode/06-97-05) at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
    at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
    at revision 0x1f;
  - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
    revision 0x41c;
  - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
    intel-ucode/06-9a-03) at revision 0x41c;
  - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
    intel-ucode/06-9a-04) at revision 0x41c;
  - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
    intel-ucode/06-bf-02) at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-02) at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
    at revision 0x1f;
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
    intel-ucode/06-bf-05) at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-05) at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
    at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xec up to 0xf0;
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006c0a up
    to 0x2006d05;
  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xec up to 0xf0;
  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x9a up to 0xa4;
  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
    revision 0xec up to 0xf0;
  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xec up
    to 0xf0;
  - Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
    to 0x90d;
  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
    up to 0x100015d;
  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
    up to 0x4003302;
  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
    0x500320a up to 0x5003302;
  - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
    up to 0x7002501;
  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
    to 0x48;
  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up
    to 0x28;
  - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
    to 0x38;
  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
    up to 0xd000363;
  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
    to 0x3a;
  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
    to 0x1e;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
    up to 0xb0;
  - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
    to 0x31;
  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
    to 0x26;
  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
    to 0x3e;
  - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
    to 0x16;
  - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
    up to 0x24000023;
  - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
    to 0xf0;
  - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
    up to 0xf0;
  - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
    up to 0xf0;
  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
    up to 0xf0;
  - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
    0xec up to 0xf0;
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
    to 0x53.

* .gitignore: Replace /microcode-20220207.tar.gz entry with
/microcode-20220510.tar.gz.
* 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch: New
patch.
* 06-4e-03_readme: Add a checksum for revision 0xf0, add the link
to the 2022.1 IPU KB article.
* 06-55-04_readme: Add a checksum for revision 0x2006d05, add the link
to the 2022.1 IPU KB article.
* 06-5e-03_readme: Add a checksum for revision 0xf0, add the link
to the 2022.1 IPU KB article.
* 06-8c-01_readme: Add a checksum for revision 0xa4, add the link
to the 2022.1 IPU KB article.
* 06-8e-9e-0x-0xca_readme: Add checksums for revision 0xf0, add the link
to the 2022.1 IPU KB article.
* 06-8e-9e-0x-dell_readme: Likewise.
* codenames.list: Add an entry for CPU signatures 90672 (ADL-S/HX C0),
90675 (ADL-S K0), 906a3 (ADL-P L0, ADL-U R0), 906a4 (ADL-P R0),
b06f2 (ADL C0), and b06f5 (ADL C0).
* microcode_ctl.spec (intel_ucode_version): Bump to 20220510.
(Patch1001): New patch (fixes in releasenote.md).
(%prep): Apply it.
(%changelog): Add a record.
* sources: Replace microcode-20220207.tar.gz record with
microcode-20220510.tar.gz.

Resolves: #2090248
Resolves: #2090261
Resolves: #2086751
Resolves: #2040069
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2022-06-14 18:04:13 +02:00

90 lines
4.7 KiB
Plaintext
Raw Blame History

Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
stepping 3) had reports of possible system hangs when revision 0xdc
of microcode, that is included in microcode-20200609 update to address
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order
to address this, microcode updates to the newer revision had been disabled
by default on these systems, and the previously published microcode revision
0xd6 was used by default for the OS-driven microcode update. The revision
0xea seems[2] to have fixed the aforementioned issue, hence it is enabled
by default (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
microcode revisions in question are listed below:
* 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
* 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8
* 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01
* 06-5e-03, revision 0xf0: 0683706bbbf470abbdad4b9923aa9647bfec9616
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To prevent usage of the latest 06-5e-03 microcode revision for a specific kernel
version, please create a file "disallow-intel-06-5e-03" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to remove it to firmware directory
where microcode is available for late microcode update, and run
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-5e-03
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To avoid addition of the latest microcode for all kernels, please create file
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03", run
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
and "dracut -f --regenerate-all" for early microcode updates:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
Reference in New Issue View Git Blame Copy Permalink