rpms/microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity
04d5905f0e
microcode_ctl/06-8e-9e-0x-0xca_readme
Eugene Syromiatnikov 4f40bcbef1 Update Intel CPU microcode to microcode-20220510 release 
- Update Intel CPU microcode to microcode-20220510 release, addresses
  CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743):
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-97-02) at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
    at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
    at revision 0x1f;
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
    intel-ucode/06-97-05) at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
    at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
    at revision 0x1f;
  - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode at
    revision 0x41c;
  - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
    intel-ucode/06-9a-03) at revision 0x41c;
  - Addition of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
    intel-ucode/06-9a-04) at revision 0x41c;
  - Addition of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode at revision 0x41c;
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
    intel-ucode/06-bf-02) at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-02) at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
    at revision 0x1f;
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode (in
    intel-ucode/06-bf-05) at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-05) at revision 0x1f;
  - Addition of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
    at revision 0x1f;
  - Addition of 06-bf-05/0x03 (ADL C0) microcode at revision 0x1f;
  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xec up to 0xf0;
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006c0a up
    to 0x2006d05;
  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xec up to 0xf0;
  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x9a up to 0xa4;
  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xec up
    to 0xf0;
  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
    revision 0xec up to 0xf0;
  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xec up
    to 0xf0;
  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xec up
    to 0xf0;
  - Update of 06-37-09/0x0f (VLV D0) microcode from revision 0x90c up
    to 0x90d;
  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015c
    up to 0x100015d;
  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400320a
    up to 0x4003302;
  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
    0x500320a up to 0x5003302;
  - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002402
    up to 0x7002501;
  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x46 up
    to 0x48;
  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x24 up
    to 0x28;
  - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x36 up
    to 0x38;
  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000331
    up to 0xd000363;
  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x38 up
    to 0x3a;
  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1c up
    to 0x1e;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa8
    up to 0xb0;
  - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2d up
    to 0x31;
  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x22 up
    to 0x26;
  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3c up
    to 0x3e;
  - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x15 up
    to 0x16;
  - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x2400001f
    up to 0x24000023;
  - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xec up
    to 0xf0;
  - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xec
    up to 0xf0;
  - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xee
    up to 0xf0;
  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xea
    up to 0xf0;
  - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
    0xec up to 0xf0;
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x50 up
    to 0x53.

* .gitignore: Replace /microcode-20220207.tar.gz entry with
/microcode-20220510.tar.gz.
* 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch: New
patch.
* 06-4e-03_readme: Add a checksum for revision 0xf0, add the link
to the 2022.1 IPU KB article.
* 06-55-04_readme: Add a checksum for revision 0x2006d05, add the link
to the 2022.1 IPU KB article.
* 06-5e-03_readme: Add a checksum for revision 0xf0, add the link
to the 2022.1 IPU KB article.
* 06-8c-01_readme: Add a checksum for revision 0xa4, add the link
to the 2022.1 IPU KB article.
* 06-8e-9e-0x-0xca_readme: Add checksums for revision 0xf0, add the link
to the 2022.1 IPU KB article.
* 06-8e-9e-0x-dell_readme: Likewise.
* codenames.list: Add an entry for CPU signatures 90672 (ADL-S/HX C0),
90675 (ADL-S K0), 906a3 (ADL-P L0, ADL-U R0), 906a4 (ADL-P R0),
b06f2 (ADL C0), and b06f5 (ADL C0).
* microcode_ctl.spec (intel_ucode_version): Bump to 20220510.
(Patch1001): New patch (fixes in releasenote.md).
(%prep): Apply it.
(%changelog): Add a record.
* sources: Replace microcode-20220207.tar.gz record with
microcode-20220510.tar.gz.

Resolves: #2090248
Resolves: #2090261
Resolves: #2086751
Resolves: #2040069
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2022-06-14 18:04:13 +02:00

182 lines
9.7 KiB
Plaintext
Raw Blame History

Some Dell systems that use some models of Intel CPUs are susceptible to hangs
and system instability during or after microcode update to revision 0xc6/0xca
(included as part of microcode-20191113/microcode-20191115 update that addressed
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
and/or revision 0xd6 (included as part of microcode-20200609 update
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
revision has been disabled by default on these systems, and the previously
published microcode revisions 0xae/0xb4/0xb8 are used by default
for the OS-driven microcode update.
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
This caveat contains revision 0xca of 06-[89]e-0x microcode publicly released
by Intel; for the latest revision of the microcode files, please refer to caveat
06-8e-9e-0x-dell.
For the reference, microarchitectures of the affected CPU models:
* Amber Lake-Y
* Kaby Lake-G/H/S/U/Y/Xeon E3
* Coffee Lake-H/S/U/Xeon E
* Comet Lake-U 4+2
* Whiskey Lake-U
Family names of the affected CPU models:
* 7th Generation Intel® Core™ Processor Family
* 8th Generation Intel® Core™ Processor Family
* 9th Generation Intel® Core™ Processor Family
* 10th Generation Intel® Core™ Processor Family (selected models)
* Intel® Celeron® Processor G Series
* Intel® Celeron® Processor 5000 Series
* Intel® Core™ X-series Processors (i7-7740X, i5-7640X only)
* Intel® Pentium® Gold Processor Series
* Intel® Pentium® Processor Series (selected models)
* Intel® Xeon® Processor E Family
* Intel® Xeon® Processor E3 v6 Family
SHA1 checksums of the microcode files containing microcode revisions
in question:
* 06-8e-09, revision 0xb4: e253c95c29c3eef6576db851dfa069d82a91256f
* 06-8e-0a, revision 0xb4: 45bcba494be07df9eeccff9627578095a97fba4d
* 06-8e-0b, revision 0xb8: 3e54bf91d642ad81ff07fe274d0cfb5d10d09c43
* 06-8e-0c, revision 0xb8: bf635c87177d6dc4e067ec11e1caeb19d3c325f0
* 06-9e-09, revision 0xb4: 42f68eec4ddb79dd6be0c95c4ce60e514e4504b1
* 06-9e-0a, revision 0xb4: 37c7cb394dd36610b57943578343723da67d50f0
* 06-9e-0b, revision 0xb4: b5399109d0a5ce8f5fb623ff942da0322b438b95
* 06-9e-0c, revision 0xae: 131bce89e4d210de8322ffbc6bd787f1af66a7df
* 06-9e-0d, revision 0xb8: 22511b007d1df55558d115abb13a1c23ea398317
* 06-8e-09, revision 0xca: 9afa1bae40995207afef13247f114be042d88083
* 06-8e-0a, revision 0xca: 1d90291cc25e17dc6c36c764cf8c06b41fed4c16
* 06-8e-0b, revision 0xca: 3fb1246a6594eff5e2c2076c63c600d734f10777
* 06-8e-0c, revision 0xca: e871540671f59b4fa5d0d454798f09a4d412aace
* 06-9e-09, revision 0xca: b5eed11108ab7ac1e675fe75d0e7454a400ddd35
* 06-9e-0a, revision 0xca: e472304aaa2f3815a32822cb111ab3f43bf3dfe4
* 06-9e-0b, revision 0xca: 78f47c5162da680878ed057dc7c853f9737c524b
* 06-9e-0c, revision 0xca: f23848a009928796a153cb9e8f44522136969408
* 06-9e-0d, revision 0xca: c7a3d469469ee828ba9faf91b67af881fceec3b7
* 06-8e-09, revision 0xd6: 2272c621768437d20e602207752201e0966e5a8c
* 06-8e-0a, revision 0xd6: 0b145afb88e028e612f04c2a86385e7d7c3fefc4
* 06-8e-0b, revision 0xd6: c3831b05da83be54f3acc451a1bce90f75e2e9e5
* 06-8e-0c, revision 0xd6: 4b8938a93e23f4b5a2d9de40b87f6afcfdc27c05
* 06-9e-09, revision 0xd6: 4bacba8c598508e7dd4e87e179586abe7a1a987f
* 06-9e-0a, revision 0xd6: 4c236afeef9f80ff3a286698fe7cef72926722f0
* 06-9e-0b, revision 0xd6: 2f9ab9b2ba29559ce177632281d7290a24fed2ef
* 06-9e-0c, revision 0xd6: 4b9059e519bcab6085b6c103f5d99e509fe0b2bb
* 06-9e-0d, revision 0xd6: 3a3b7edfd8126bb34b761b46a32102a622047899
* 06-8e-09, revision 0xde: 84d7514101eb8904834a3dacdee684b3c574245f
* 06-8e-0a, revision 0xe0: 080b9e3ebbcf6bb1eca0fb5f640e6bfbfe3a1e6e
* 06-8e-0b, revision 0xde: 80fed976231bbff4c7103e373498e07eef0bff31
* 06-8e-0c, revision 0xde: 84f160587fea4acb81451c8ff53dc51afba06343
* 06-9e-09, revision 0xde: 422026ffb2cca446693c586be98d0d9e7dfeb116
* 06-9e-0a, revision 0xde: b6c44b9fe26e1d6bafa27f37ffe010284294bf1c
* 06-9e-0b, revision 0xde: 6452937a0d359066b95f9e679a41a15490770312
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create a file "disallow-intel-06-8e-9e-0x-0xca" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8e-9e-0x-0xca
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To disable usage of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0x-0xca",
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0xca
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
Reference in New Issue View Git Blame Copy Permalink