rpms/microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity
b234bf3fc6
microcode_ctl/06-55-04_readme
Eugene Syromiatnikov b234bf3fc6 Update Intel CPU microcode to microcode-20220809 release 
- Update Intel CPU microcode to microcode-20220510 release, addresses
  CVE-2022-21233:
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up
    to 0x2006e05;
  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015d
    up to 0x100015e;
  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd000363
    up to 0xd000375;
  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3a up
    to 0x3c;
  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1e up
    to 0x20;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xb0
    up to 0xb2;
  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x26 up
    to 0x28;
  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x3e up
    to 0x40;
  - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode from revision
    0x1f up to 0x22;
  - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-97-02) from revision 0x1f up to 0x22;
  - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
    from revision 0x1f up to 0x22;
  - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-02)
    from revision 0x1f up to 0x22;
  - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-97-05) from revision 0x1f up to 0x22;
  - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode from revision 0x1f
    up to 0x22;
  - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
    from revision 0x1f up to 0x22;
  - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-97-05)
    from revision 0x1f up to 0x22;
  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
    0x41c up to 0x421;
  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
    intel-ucode/06-9a-03) from revision 0x41c up to 0x421;
  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
    intel-ucode/06-9a-04) from revision 0x41c up to 0x421;
  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x41c
    up to 0x421;
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x53 up
    to 0x54;
  - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-bf-02) from revision 0x1f up to 0x22;
  - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-02) from revision 0x1f up to 0x22;
  - Update of 06-bf-02/0x03 (ADL C0) microcode from revision 0x1f up
    to 0x22;
  - Update of 06-bf-05/0x03 (ADL C0) microcode (in intel-ucode/06-bf-02)
    from revision 0x1f up to 0x22;
  - Update of 06-97-02/0x03 (ADL-HX/S 8+8 C0) microcode (in
    intel-ucode/06-bf-05) from revision 0x1f up to 0x22;
  - Update of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-bf-05) from revision 0x1f up to 0x22;
  - Update of 06-bf-02/0x03 (ADL C0) microcode (in intel-ucode/06-bf-05)
    from revision 0x1f up to 0x22;
  - Update of 06-bf-05/0x03 (ADL C0) microcode from revision 0x1f up
    to 0x22.

* .gitignore: Replace /microcode-20220510.tar.gz entry with
/microcode-20220809.tar.gz.
* 0001-releasenote.md-changes-summary-fixes-for-microcode-2.patch: Remove.
* 06-55-04_readme: Add a checksum for revision 0x2006e05, add the link
to the 2022.2 IPU KB article.
* README.caveats: Add the link to the 2022.2 IPU KB article.
* microcode_ctl.spec (intel_ucode_version): Bump to 20220809.
(Patch1001): Remove.
(%prep): No longer apply %patch1001.
(%changelog): Add a record.
* sources: Replace microcode-20220510.tar.gz record with
microcode-20220809.tar.gz.

Resolves: #2115663
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2022-09-20 07:28:04 +02:00

98 lines
5.2 KiB
Plaintext
Raw Blame History

Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
of system hangs on reboot when revision 0x2000065 of microcode, that was included
from microcode-20191112 update up to microcode-20200520 update, was applied[1].
In order to address this, microcode update to the newer revision had been
disabled by default on these systems, and the previously published microcode
revision 0x2000064 is used by default for the OS-driven microcode update.
Since revision 0x2006906 (included with the microcode-20200609 release)
it is reported that the issue is no longer present, so the newer microcode
revision is enabled by default now (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
For the reference, SHA1 checksums of 06-55-04 microcode files containing
microcode revisions in question are listed below:
* 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
* 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
* 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f
* 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
* CVE-2022-0005 (Informational disclosure via JTAG),
CVE-2022-21123 (Shared Buffers Data Read),
CVE-2022-21125 (Shared Buffers Data Sampling),
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
CVE-2022-21136 (Overclocking service access protection),
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
CVE-2022-21166 (Device Register Partial Write):
https://access.redhat.com/articles/6963124
* CVE-2022-21233 (Stale Data Read from legacy xAPIC):
https://access.redhat.com/articles/6976398
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create a file "disallow-intel-06-55-04" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To disable usage of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
Reference in New Issue View Git Blame Copy Permalink