rpms/microcode_ctl
7
0
Fork 0
Code Issues Pull Requests Releases Activity
b314ff2835
microcode_ctl/06-55-04_readme
Eugene Syromiatnikov b314ff2835 Intel microcode update 20220207 
- Update Intel CPU microcode to microcode-20220207 release, addresses
  CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120:
  - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
  - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
    at revision 0xb00000f;
  - Removal of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05)
    at revision 0xb00000f;
  - Removal of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f;
  - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
    intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xea up to 0xec;
  - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in
    intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb00003e up
    to 0xb000040;
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006b06 up
    to 0x2006c0a;
  - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
    intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xea up to 0xec;
  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x88 up to 0x9a;
  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up
    to 0xec;
  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up
    to 0xec;
  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xea up
    to 0xec;
  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xea up
    to 0xec;
  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
    revision 0xea up to 0xec;
  - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xea up
    to 0xec;
  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xea up
    to 0xec;
  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xea up
    to 0xec;
  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xea up
    to 0xec;
  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xea up
    to 0xec;
  - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
    from revision 0x46 up to 0x49;
  - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x19 up
    to 0x1a;
  - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015b
    up to 0x100015c;
  - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003102
    up to 0x400320a;
  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
    0x5003102 up to 0x500320a;
  - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002302
    up to 0x7002402;
  - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision
    0x700001b up to 0x700001c;
  - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000019
    up to 0xf00001a;
  - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision
    0xe000012 up to 0xe000014;
  - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x44 up
    to 0x46;
  - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x20 up
    to 0x24;
  - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x34 up
    to 0x36;
  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0002a0
    up to 0xd000331;
  - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x36 up
    to 0x38;
  - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1a up
    to 0x1c;
  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa6
    up to 0xa8;
  - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2a up
    to 0x2d;
  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x16 up
    to 0x22;
  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x2c up
    to 0x3c;
  - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x11 up
    to 0x15;
  - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x1d up
    to 0x2400001f;
  - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xea up
    to 0xec;
  - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xea
    up to 0xec;
  - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xec
    up to 0xee;
  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe8
    up to 0xea;
  - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
    0xea up to 0xec;
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up
    to 0x50.

* .gitignore (/microcode-20210608.tar.gz): Replace with...
(/microcode-20220207.tar.gz): ...this.
* 06-4e-03_readme: Add a checksum for revision 0xec;  add a link to the KB
article dedicated to 2021.2 IPU.
* 06-55-04_readme: Add a checksum for revision 0x2006c0a;  add a link
to the KB article dedicated to 2021.2 IPU.
* 06-5e-03_readme: Add a checksum for revision 0xec;  add a link to the KB
article dedicated to 2021.2 IPU.
* 06-8c-01_readme: Add a checksum for revision 0x9a;  add a link to the KB
article dedicated to 2021.2 IPU.
* 06-8e-9e-0x-0xca_readme: Add checksums for revision 0xec;  add links
to 2021.1 IPU and 2021.2 IPU KB articles.
* 06-8e-9e-0x-dell_readme: Likewise.
* README.caveats: Add a link to the KB article dedicated to 2021.2 IPU.
* codenames.list: Add an entry for CPU signature 80667 (SNR C0).
* microcode_ctl.spec (intel_ucode_version): Bump to 20220207.
(Release): Reset to 1.
(%changelog): Add a record.
* sources: Replace microcode-20210608.tar.gz record with
microcode-20220207.tar.gz.

Resolves: #2053253
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
2022-02-14 21:50:48 +01:00

85 lines
4.4 KiB
Plaintext
Raw Blame History

Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
of system hangs on reboot when revision 0x2000065 of microcode, that was included
from microcode-20191112 update up to microcode-20200520 update, was applied[1].
In order to address this, microcode update to the newer revision had been
disabled by default on these systems, and the previously published microcode
revision 0x2000064 is used by default for the OS-driven microcode update.
Since revision 0x2006906 (included with the microcode-20200609 release)
it is reported that the issue is no longer present, so the newer microcode
revision is enabled by default now (but can be disabled explicitly; see below).
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
For the reference, SHA1 checksums of 06-55-04 microcode files containing
microcode revisions in question are listed below:
* 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
* 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
required for mitigating specific side-channel cache attacks, please refer
to the following knowledge base articles:
* CVE-2017-5715 ("Spectre"):
https://access.redhat.com/articles/3436091
* CVE-2018-3639 ("Speculative Store Bypass"):
https://access.redhat.com/articles/3540901
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
https://access.redhat.com/articles/3562741
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
("Microarchitectural Data Sampling"):
https://access.redhat.com/articles/4138151
* CVE-2019-0117 (Intel SGX Information Leak),
CVE-2019-0123 (Intel SGX Privilege Escalation),
CVE-2019-11135 (TSX Asynchronous Abort),
CVE-2019-11139 (Voltage Setting Modulation):
https://access.redhat.com/solutions/2019-microcode-nov
* CVE-2020-0543 (Special Register Buffer Data Sampling),
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
CVE-2020-8696 (Vector Register Leakage-Active),
CVE-2020-8698 (Fast Forward Store Predictor):
https://access.redhat.com/articles/5569051
* CVE-2020-24489 (VT-d-related Privilege Escalation),
CVE-2020-24511 (Improper Isolation of Shared Resources),
CVE-2020-24512 (Observable Timing Discrepancy),
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
https://access.redhat.com/articles/6101171
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
https://access.redhat.com/articles/6716541
The information regarding disabling microcode update is provided below.
To disable usage of the newer microcode revision for a specific kernel
version, please create a file "disallow-intel-06-55-04" inside
/lib/firmware/<kernel_version> directory, run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
so initramfs for this kernel version is regenerated, for example:
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
/usr/libexec/microcode_ctl/update_ucode
dracut -f --kver 3.10.0-862.9.1
To disable usage of the newer microcode revision for all kernels, please create
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
used for late microcode updates, and run "dracut -f --regenerate-all"
so initramfs images get regenerated, for example:
mkdir -p /etc/microcode_ctl/ucode_with_caveats
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
/usr/libexec/microcode_ctl/update_ucode
dracut -f --regenerate-all
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
information.
Reference in New Issue View Git Blame Copy Permalink