commit
35ee74a972
@ -0,0 +1,7 @@
|
|||||||
|
SOURCES/06-2d-07
|
||||||
|
SOURCES/06-4e-03
|
||||||
|
SOURCES/06-55-04
|
||||||
|
SOURCES/06-5e-03
|
||||||
|
SOURCES/microcode-20190918.tar.gz
|
||||||
|
SOURCES/microcode-20191115.tar.gz
|
||||||
|
SOURCES/microcode-20220809.tar.gz
|
@ -0,0 +1,7 @@
|
|||||||
|
bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
|
||||||
|
06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
|
||||||
|
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
|
||||||
|
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
|
||||||
|
bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
|
||||||
|
774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
|
||||||
|
13f53eed16b393325f1cf571113f102afb7ac27b SOURCES/microcode-20220809.tar.gz
|
@ -0,0 +1 @@
|
|||||||
|
early_microcode="yes"
|
@ -0,0 +1,3 @@
|
|||||||
|
model GenuineIntel 06-2d-07
|
||||||
|
path intel-ucode/06-2d-07
|
||||||
|
dependency required intel
|
@ -0,0 +1,4 @@
|
|||||||
|
MDS-related microcode update for Intel Sandy Bridge-EP (family 6, model 45,
|
||||||
|
stepping 7; CPUID 0x206d7) CPUs is disabled.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-2d-07_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,58 @@
|
|||||||
|
Intel Sandy Bridge-E/EN/EP CPU models (SNB-EP, family 6, model 45, stepping 7)
|
||||||
|
had issues with MDS-related microcode update that may lead to a system hang
|
||||||
|
after a microcode update[1][2]. In order to address this, microcode update
|
||||||
|
to the MDS-related revision 0x718 had been disabled, and the previously
|
||||||
|
published microcode revision 0x714 is used by default for the OS-driven
|
||||||
|
microcode update. The revision 0x71a of the microcode is intended to fix
|
||||||
|
the aforementioned issue, hence it is enabled by default (but can be disabled
|
||||||
|
explicitly; see below).
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
|
||||||
|
[2] https://access.redhat.com/solutions/4593951
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-2d-07 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430
|
||||||
|
* 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d
|
||||||
|
* 06-2d-07, revision 0x71a: 4512c8149e63e5ed15f45005d7fb5be0041f66f6
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
|
||||||
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for a specific kernel
|
||||||
|
version, please create file "disallow-intel-06-2d-07" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
||||||
|
where microcode will be available for late microcode update, and run
|
||||||
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
|
is regenerated and the microcode can be loaded early, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-2d-07
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
To avoid addition of the newer microcode revision for all kernels, please create
|
||||||
|
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for early microcode updates:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-2d-07
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,4 @@
|
|||||||
|
model GenuineIntel 06-4e-03
|
||||||
|
path intel-ucode/06-4e-03
|
||||||
|
dependency required intel
|
||||||
|
disable early late
|
@ -0,0 +1,5 @@
|
|||||||
|
Microcode revisions 0xda and higher for Intel Skylake-U/Y (family 6,
|
||||||
|
model 78, stepping 3; CPUID 0x406e3) are disabled as they may cause system
|
||||||
|
instability; the previously published revision 0xd6 is used instead.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-4e-03_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,90 @@
|
|||||||
|
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3)
|
||||||
|
have reports of system hangs when revision 0xdc of microcode, that is included
|
||||||
|
since microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548,
|
||||||
|
and CVE-2020-0549, is applied[1]. In order to address this, microcode update
|
||||||
|
to the newer revision has been disabled by default on these systems,
|
||||||
|
and the previously published microcode revision 0xd6 is used by default
|
||||||
|
for the OS-driven microcode update.
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-4e-03 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e
|
||||||
|
* 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c
|
||||||
|
* 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366
|
||||||
|
* 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55
|
||||||
|
* 06-4e-03, revision 0xec: d949a8543d2464d955f5dc4b0777cac863f48729
|
||||||
|
* 06-4e-03, revision 0xf0: 37475bac70457ba8df2c1a32bba81bd7bd27d5e8
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
||||||
|
CVE-2020-0548 (Vector Register Data Sampling),
|
||||||
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
||||||
|
https://access.redhat.com/solutions/5142751
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
||||||
|
https://access.redhat.com/articles/6716541
|
||||||
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
||||||
|
CVE-2022-21123 (Shared Buffers Data Read),
|
||||||
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
||||||
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
||||||
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
||||||
|
CVE-2022-21166 (Device Register Partial Write):
|
||||||
|
https://access.redhat.com/articles/6963124
|
||||||
|
|
||||||
|
The information regarding enforcing microcode update is provided below.
|
||||||
|
|
||||||
|
To enforce usage of the latest 06-4e-03 microcode revision for a specific kernel
|
||||||
|
version, please create a file "force-intel-06-4e-03" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
|
||||||
|
where microcode will be available for late microcode update, and run
|
||||||
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
|
is regenerated and the microcode can be loaded early, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/force-intel-06-4e-03
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
After that, it is possible to perform a late microcode update by executing
|
||||||
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
||||||
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
||||||
|
|
||||||
|
To enforce addition of this microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for enabling early microcode updates:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-4e-03
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,15 @@
|
|||||||
|
model GenuineIntel 06-4f-01
|
||||||
|
path intel-ucode/06-4f-01
|
||||||
|
kernel 4.17.0
|
||||||
|
kernel 3.10.0-894
|
||||||
|
kernel 3.10.0-862.6.1
|
||||||
|
kernel 3.10.0-693.35.1
|
||||||
|
kernel 3.10.0-514.52.1
|
||||||
|
kernel 3.10.0-327.70.1
|
||||||
|
kernel 2.6.32-754.1.1
|
||||||
|
kernel 2.6.32-573.58.1
|
||||||
|
kernel 2.6.32-504.71.1
|
||||||
|
kernel 2.6.32-431.90.1
|
||||||
|
kernel 2.6.32-358.90.1
|
||||||
|
dependency required intel skip=success match-model-mode=off
|
||||||
|
disable early late
|
@ -0,0 +1,4 @@
|
|||||||
|
Microcode update for Intel Broadwell-EP/EX (BDX-ML B/M/R0; family 6, model 79,
|
||||||
|
stepping 1; CPUID 0x406f1) CPUs is disabled as it may cause system instability.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,83 @@
|
|||||||
|
Intel Broadwell-EP/EX (BDX-ML B/M/R0, family 6, model 79, stepping 1) has issues
|
||||||
|
with microcode update that may lead to a system hang; while some changes
|
||||||
|
to the Linux kernel have been made in an attempt to address these issues,
|
||||||
|
they were not eliminated, so a possibility of unstable system behaviour
|
||||||
|
after a microcode update performed on a running system is still present even
|
||||||
|
on a kernels that contain aforementioned changes. As a result, microcode update
|
||||||
|
for this CPU model has been disabled by default.
|
||||||
|
|
||||||
|
For the reference, kernel versions for the respective RHEL minor versions
|
||||||
|
that contain the aforementioned changes, are listed below:
|
||||||
|
* Upstream/RHEL 8: kernel-4.17.0 or newer;
|
||||||
|
* RHEL 7.6 onwards: kernel-3.10.0-894 or newer;
|
||||||
|
* RHEL 7.5.z: kernel-3.10.0-862.6.1 or newer;
|
||||||
|
* RHEL 7.4.z: kernel-3.10.0-693.35.1 or newer;
|
||||||
|
* RHEL 7.3.z: kernel-3.10.0-514.52.1 or newer;
|
||||||
|
* RHEL 7.2.z: kernel-3.10.0-327.70.1 or newer.
|
||||||
|
|
||||||
|
Please contact you system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
|
||||||
|
The information regarding enforcing microcode load is provided below.
|
||||||
|
|
||||||
|
For enforcing addition of this microcode to the firmware directory
|
||||||
|
for a specific kernel, where it is available for a late microcode update,
|
||||||
|
please create a file "force-late-intel-06-4f-01" inside
|
||||||
|
/lib/firmware/<kernel_version> directory and run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode":
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/force-late-intel-06-4f-01
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
|
||||||
|
After that, it is possible to perform a late microcode update by executing
|
||||||
|
"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
|
||||||
|
"/sys/devices/system/cpu/microcode/reload" directly.
|
||||||
|
|
||||||
|
For enforcing addition of this microcode to firmware directories for all
|
||||||
|
kernels, please create a file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01"
|
||||||
|
and run "/usr/libexec/microcode_ctl/update_ucode":
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
|
||||||
|
For enforcing early load of this microcode for a specific kernel, please
|
||||||
|
create a file "force-early-intel-06-4f-01" inside
|
||||||
|
"/lib/firmware/<kernel_version>" directory and run
|
||||||
|
"dracut -f --kver <kernel_version>":
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/force-early-intel-06-4f-01
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
For enforcing early load of this microcode for all kernels, please
|
||||||
|
create a file "/etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01"
|
||||||
|
and run dracut -f --regenerate-all:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
If you want to avoid removal of the microcode file during cleanup performed by
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode, please remove the corresponding readme
|
||||||
|
file (/lib/firmware/<kernel_version>/readme-intel-06-4f-01).
|
||||||
|
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,12 @@
|
|||||||
|
model GenuineIntel 06-55-04
|
||||||
|
path intel-ucode/06-55-04
|
||||||
|
## Bug https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
|
||||||
|
## affects only SKX-W/X (Workstation and HEDT segments); product segment
|
||||||
|
## can be determined by checking bits 5..3 of the CAPID0 field in PCU registers
|
||||||
|
## device (see https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
|
||||||
|
## for Server/FPGA/Fabric segments description; for SKX-W/X no public
|
||||||
|
## documentation seems to be available). Specific device/function numbers
|
||||||
|
## are provided for speeding up the search only, VID:DID is the real selector.
|
||||||
|
## Commented out since revision 0x2006906 seems to fix the issue.
|
||||||
|
#pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
|
||||||
|
dependency required intel
|
@ -0,0 +1,5 @@
|
|||||||
|
Microcode revisions 0x2000065 and higher for Intel Skylake-X/W (family 6,
|
||||||
|
model 85, stepping 4; CPUID 0x50654) were disabled as they could cause system
|
||||||
|
hangs on reboot, so the previous revision 0x2000064 was used instead.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-55-04_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,97 @@
|
|||||||
|
Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
|
||||||
|
(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
|
||||||
|
of system hangs on reboot when revision 0x2000065 of microcode, that was included
|
||||||
|
from microcode-20191112 update up to microcode-20200520 update, was applied[1].
|
||||||
|
In order to address this, microcode update to the newer revision had been
|
||||||
|
disabled by default on these systems, and the previously published microcode
|
||||||
|
revision 0x2000064 is used by default for the OS-driven microcode update.
|
||||||
|
|
||||||
|
Since revision 0x2006906 (included with the microcode-20200609 release)
|
||||||
|
it is reported that the issue is no longer present, so the newer microcode
|
||||||
|
revision is enabled by default now (but can be disabled explicitly; see below).
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-55-04 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
|
||||||
|
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
|
||||||
|
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
|
||||||
|
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
|
||||||
|
* 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
|
||||||
|
* 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7
|
||||||
|
* 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085
|
||||||
|
* 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f
|
||||||
|
* 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
||||||
|
CVE-2020-0548 (Vector Register Data Sampling),
|
||||||
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
||||||
|
https://access.redhat.com/solutions/5142751
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
||||||
|
https://access.redhat.com/articles/6716541
|
||||||
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
||||||
|
CVE-2022-21123 (Shared Buffers Data Read),
|
||||||
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
||||||
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
||||||
|
CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection),
|
||||||
|
CVE-2022-21136 (Overclocking service access protection),
|
||||||
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
||||||
|
CVE-2022-21166 (Device Register Partial Write):
|
||||||
|
https://access.redhat.com/articles/6963124
|
||||||
|
* CVE-2022-21233 (Stale Data Read from legacy xAPIC):
|
||||||
|
https://access.redhat.com/articles/6976398
|
||||||
|
|
||||||
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for a specific kernel
|
||||||
|
version, please create a file "disallow-intel-06-55-04" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
|
||||||
|
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
|
||||||
|
so initramfs for this kernel version is regenerated, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for all kernels, please create
|
||||||
|
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
|
||||||
|
used for late microcode updates, and run "dracut -f --regenerate-all"
|
||||||
|
so initramfs images get regenerated, for example:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,3 @@
|
|||||||
|
model GenuineIntel 06-5e-03
|
||||||
|
path intel-ucode/06-5e-03
|
||||||
|
dependency required intel
|
@ -0,0 +1,5 @@
|
|||||||
|
Microcode revisions 0xda and higher for Intel Skylake-H/S/Xeon E3 v5 (family 6,
|
||||||
|
model 94, stepping 3; CPUID 0x506e3) are disabled as they may cause system
|
||||||
|
instability; the previously published revision 0xd6 is used instead.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-5e-03_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,89 @@
|
|||||||
|
Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94,
|
||||||
|
stepping 3) had reports of possible system hangs when revision 0xdc
|
||||||
|
of microcode, that is included in microcode-20200609 update to address
|
||||||
|
CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order
|
||||||
|
to address this, microcode updates to the newer revision had been disabled
|
||||||
|
by default on these systems, and the previously published microcode revision
|
||||||
|
0xd6 was used by default for the OS-driven microcode update. The revision
|
||||||
|
0xea seems[2] to have fixed the aforementioned issue, hence it is enabled
|
||||||
|
by default (but can be disabled explicitly; see below).
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
|
||||||
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-5e-03 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a
|
||||||
|
* 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7
|
||||||
|
* 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c
|
||||||
|
* 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8
|
||||||
|
* 06-5e-03, revision 0xec: 6458bf25da4906479a01ffdcaa6d466e22722e01
|
||||||
|
* 06-5e-03, revision 0xf0: 0683706bbbf470abbdad4b9923aa9647bfec9616
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
||||||
|
CVE-2020-0548 (Vector Register Data Sampling),
|
||||||
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
||||||
|
https://access.redhat.com/solutions/5142751
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
||||||
|
https://access.redhat.com/articles/6716541
|
||||||
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
||||||
|
CVE-2022-21123 (Shared Buffers Data Read),
|
||||||
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
||||||
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
||||||
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
||||||
|
CVE-2022-21166 (Device Register Partial Write):
|
||||||
|
https://access.redhat.com/articles/6963124
|
||||||
|
|
||||||
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
To prevent usage of the latest 06-5e-03 microcode revision for a specific kernel
|
||||||
|
version, please create a file "disallow-intel-06-5e-03" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to remove it to firmware directory
|
||||||
|
where microcode is available for late microcode update, and run
|
||||||
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
|
is regenerated, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-5e-03
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
To avoid addition of the latest microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for early microcode updates:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,3 @@
|
|||||||
|
model GenuineIntel 06-8c-01
|
||||||
|
path intel-ucode/06-8c-01
|
||||||
|
dependency required intel skip=success match-model-mode=off
|
@ -0,0 +1,4 @@
|
|||||||
|
Microcode updates for Intel Tiger Lake-UP3/UP4 (family 6, model 140, stepping 1;
|
||||||
|
CPUID 0x806c1) are disabled as they may cause system instability.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-8c-01_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,60 @@
|
|||||||
|
Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
|
||||||
|
had reports of system hangs when a microcode update, that was included
|
||||||
|
since microcode-20201110 update, was applied[1]. In order to address this,
|
||||||
|
microcode update had been disabled by default on these systems. The revision
|
||||||
|
0x88 seems to have fixed the aforementioned issue, hence it is enabled
|
||||||
|
by default (but can be disabled explicitly; see below).
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
|
||||||
|
|
||||||
|
For the reference, SHA1 checksums of 06-8c-01 microcode files containing
|
||||||
|
microcode revisions in question are listed below:
|
||||||
|
* 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04
|
||||||
|
* 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290
|
||||||
|
* 06-8c-01, revision 0x9a: 48b3ae8d27d8138b5b47052d2f8184bf555ad18e
|
||||||
|
* 06-8c-01, revision 0xa4: 70753f54f5be84376bdebeb710595e4dc2f6d92f
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
* CVE-2021-0145 (Fast store forward predictor - Cross Domain Training):
|
||||||
|
https://access.redhat.com/articles/6716541
|
||||||
|
* CVE-2022-21123 (Shared Buffers Data Read):
|
||||||
|
https://access.redhat.com/articles/6963124
|
||||||
|
|
||||||
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
To disable 06-8c-01 microcode updates for a specific kernel
|
||||||
|
version, please create a file "disallow-intel-06-8c-01" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware
|
||||||
|
directory where microcode is available for late microcode update, and run
|
||||||
|
"dracut -f --kver <kernel_version>", so initramfs for this kernel version
|
||||||
|
is regenerated, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
To avoid addition of this microcode for all kernels, please create file
|
||||||
|
"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates,
|
||||||
|
and "dracut -f --regenerate-all" for early microcode updates:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,5 @@
|
|||||||
|
path intel-ucode/*
|
||||||
|
vendor GenuineIntel
|
||||||
|
dmi mode=fail-equal key=bios_vendor val="Dell Inc."
|
||||||
|
dependency required intel
|
||||||
|
disable early late
|
@ -0,0 +1,181 @@
|
|||||||
|
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
||||||
|
and system instability during or after microcode update to revision 0xc6/0xca
|
||||||
|
(included as part of microcode-20191113/microcode-20191115 update that addressed
|
||||||
|
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
|
||||||
|
and/or revision 0xd6 (included as part of microcode-20200609 update
|
||||||
|
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
|
||||||
|
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
|
||||||
|
revision has been disabled by default on these systems, and the previously
|
||||||
|
published microcode revisions 0xae/0xb4/0xb8 are used by default
|
||||||
|
for the OS-driven microcode update.
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
|
||||||
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
|
||||||
|
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
|
||||||
|
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
|
||||||
|
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
|
||||||
|
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
|
||||||
|
|
||||||
|
This caveat contains revision 0xca of 06-[89]e-0x microcode publicly released
|
||||||
|
by Intel; for the latest revision of the microcode files, please refer to caveat
|
||||||
|
06-8e-9e-0x-dell.
|
||||||
|
|
||||||
|
For the reference, microarchitectures of the affected CPU models:
|
||||||
|
* Amber Lake-Y
|
||||||
|
* Kaby Lake-G/H/S/U/Y/Xeon E3
|
||||||
|
* Coffee Lake-H/S/U/Xeon E
|
||||||
|
* Comet Lake-U 4+2
|
||||||
|
* Whiskey Lake-U
|
||||||
|
|
||||||
|
Family names of the affected CPU models:
|
||||||
|
* 7th Generation Intel® Core™ Processor Family
|
||||||
|
* 8th Generation Intel® Core™ Processor Family
|
||||||
|
* 9th Generation Intel® Core™ Processor Family
|
||||||
|
* 10th Generation Intel® Core™ Processor Family (selected models)
|
||||||
|
* Intel® Celeron® Processor G Series
|
||||||
|
* Intel® Celeron® Processor 5000 Series
|
||||||
|
* Intel® Core™ X-series Processors (i7-7740X, i5-7640X only)
|
||||||
|
* Intel® Pentium® Gold Processor Series
|
||||||
|
* Intel® Pentium® Processor Series (selected models)
|
||||||
|
* Intel® Xeon® Processor E Family
|
||||||
|
* Intel® Xeon® Processor E3 v6 Family
|
||||||
|
|
||||||
|
SHA1 checksums of the microcode files containing microcode revisions
|
||||||
|
in question:
|
||||||
|
* 06-8e-09, revision 0xb4: e253c95c29c3eef6576db851dfa069d82a91256f
|
||||||
|
* 06-8e-0a, revision 0xb4: 45bcba494be07df9eeccff9627578095a97fba4d
|
||||||
|
* 06-8e-0b, revision 0xb8: 3e54bf91d642ad81ff07fe274d0cfb5d10d09c43
|
||||||
|
* 06-8e-0c, revision 0xb8: bf635c87177d6dc4e067ec11e1caeb19d3c325f0
|
||||||
|
* 06-9e-09, revision 0xb4: 42f68eec4ddb79dd6be0c95c4ce60e514e4504b1
|
||||||
|
* 06-9e-0a, revision 0xb4: 37c7cb394dd36610b57943578343723da67d50f0
|
||||||
|
* 06-9e-0b, revision 0xb4: b5399109d0a5ce8f5fb623ff942da0322b438b95
|
||||||
|
* 06-9e-0c, revision 0xae: 131bce89e4d210de8322ffbc6bd787f1af66a7df
|
||||||
|
* 06-9e-0d, revision 0xb8: 22511b007d1df55558d115abb13a1c23ea398317
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xca: 9afa1bae40995207afef13247f114be042d88083
|
||||||
|
* 06-8e-0a, revision 0xca: 1d90291cc25e17dc6c36c764cf8c06b41fed4c16
|
||||||
|
* 06-8e-0b, revision 0xca: 3fb1246a6594eff5e2c2076c63c600d734f10777
|
||||||
|
* 06-8e-0c, revision 0xca: e871540671f59b4fa5d0d454798f09a4d412aace
|
||||||
|
* 06-9e-09, revision 0xca: b5eed11108ab7ac1e675fe75d0e7454a400ddd35
|
||||||
|
* 06-9e-0a, revision 0xca: e472304aaa2f3815a32822cb111ab3f43bf3dfe4
|
||||||
|
* 06-9e-0b, revision 0xca: 78f47c5162da680878ed057dc7c853f9737c524b
|
||||||
|
* 06-9e-0c, revision 0xca: f23848a009928796a153cb9e8f44522136969408
|
||||||
|
* 06-9e-0d, revision 0xca: c7a3d469469ee828ba9faf91b67af881fceec3b7
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xd6: 2272c621768437d20e602207752201e0966e5a8c
|
||||||
|
* 06-8e-0a, revision 0xd6: 0b145afb88e028e612f04c2a86385e7d7c3fefc4
|
||||||
|
* 06-8e-0b, revision 0xd6: c3831b05da83be54f3acc451a1bce90f75e2e9e5
|
||||||
|
* 06-8e-0c, revision 0xd6: 4b8938a93e23f4b5a2d9de40b87f6afcfdc27c05
|
||||||
|
* 06-9e-09, revision 0xd6: 4bacba8c598508e7dd4e87e179586abe7a1a987f
|
||||||
|
* 06-9e-0a, revision 0xd6: 4c236afeef9f80ff3a286698fe7cef72926722f0
|
||||||
|
* 06-9e-0b, revision 0xd6: 2f9ab9b2ba29559ce177632281d7290a24fed2ef
|
||||||
|
* 06-9e-0c, revision 0xd6: 4b9059e519bcab6085b6c103f5d99e509fe0b2bb
|
||||||
|
* 06-9e-0d, revision 0xd6: 3a3b7edfd8126bb34b761b46a32102a622047899
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xde: 84d7514101eb8904834a3dacdee684b3c574245f
|
||||||
|
* 06-8e-0a, revision 0xe0: 080b9e3ebbcf6bb1eca0fb5f640e6bfbfe3a1e6e
|
||||||
|
* 06-8e-0b, revision 0xde: 80fed976231bbff4c7103e373498e07eef0bff31
|
||||||
|
* 06-8e-0c, revision 0xde: 84f160587fea4acb81451c8ff53dc51afba06343
|
||||||
|
* 06-9e-09, revision 0xde: 422026ffb2cca446693c586be98d0d9e7dfeb116
|
||||||
|
* 06-9e-0a, revision 0xde: b6c44b9fe26e1d6bafa27f37ffe010284294bf1c
|
||||||
|
* 06-9e-0b, revision 0xde: 6452937a0d359066b95f9e679a41a15490770312
|
||||||
|
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
||||||
|
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
|
||||||
|
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
|
||||||
|
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
|
||||||
|
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
|
||||||
|
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
|
||||||
|
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
|
||||||
|
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
|
||||||
|
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
|
||||||
|
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
|
||||||
|
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
|
||||||
|
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
|
||||||
|
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
|
||||||
|
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
|
||||||
|
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
|
||||||
|
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
|
||||||
|
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
|
||||||
|
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
|
||||||
|
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
|
||||||
|
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
|
||||||
|
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
|
||||||
|
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
|
||||||
|
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
|
||||||
|
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
|
||||||
|
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
|
||||||
|
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
||||||
|
CVE-2020-0548 (Vector Register Data Sampling),
|
||||||
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
||||||
|
https://access.redhat.com/solutions/5142751
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
||||||
|
https://access.redhat.com/articles/6716541
|
||||||
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
||||||
|
CVE-2022-21123 (Shared Buffers Data Read),
|
||||||
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
||||||
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
||||||
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
||||||
|
CVE-2022-21166 (Device Register Partial Write):
|
||||||
|
https://access.redhat.com/articles/6963124
|
||||||
|
|
||||||
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for a specific kernel
|
||||||
|
version, please create a file "disallow-intel-06-8e-9e-0x-0xca" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
|
||||||
|
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
|
||||||
|
so initramfs for this kernel version is regenerated, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8e-9e-0x-0xca
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for all kernels, please create
|
||||||
|
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0x-0xca",
|
||||||
|
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
|
||||||
|
used for late microcode updates, and run "dracut -f --regenerate-all"
|
||||||
|
so initramfs images get regenerated, for example:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0xca
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,7 @@
|
|||||||
|
path intel-ucode/*
|
||||||
|
vendor GenuineIntel
|
||||||
|
## It is deemed that blacklisting all 06-[89]e-0x models on all hardware
|
||||||
|
## in cases where no model filter is used is too broad, hence
|
||||||
|
## no-model-mode=success.
|
||||||
|
dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
|
||||||
|
dependency required intel
|
@ -0,0 +1,7 @@
|
|||||||
|
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
||||||
|
and system instability during or after microcode update to newer revisions.
|
||||||
|
In order to address this, microcode update to these newer revision
|
||||||
|
has been disabled by default on these systems, and the previously published
|
||||||
|
microcode revisions are used by default for the OS-driven microcode update.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-dell_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,181 @@
|
|||||||
|
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
|
||||||
|
and system instability during or after microcode update to revision 0xc6/0xca
|
||||||
|
(included as part of microcode-20191113/microcode-20191115 update that addressed
|
||||||
|
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
|
||||||
|
and/or revision 0xd6 (included as part of microcode-20200609 update
|
||||||
|
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
|
||||||
|
[1][2][3][4][5][6]. In order to address this, microcode update to the newer
|
||||||
|
revision has been disabled by default on these systems, and the previously
|
||||||
|
published microcode revisions 0xae/0xb4/0xb8 are used by default
|
||||||
|
for the OS-driven microcode update.
|
||||||
|
|
||||||
|
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
|
||||||
|
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
|
||||||
|
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
|
||||||
|
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
|
||||||
|
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
|
||||||
|
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
|
||||||
|
|
||||||
|
This caveat contains latest microcode revisions publicly released by Intel;
|
||||||
|
for the revision 0xca of the microcode files, please refer to caveat
|
||||||
|
06-8e-9e-0x-0xca.
|
||||||
|
|
||||||
|
For the reference, microarchitectures of the affected CPU models:
|
||||||
|
* Amber Lake-Y
|
||||||
|
* Kaby Lake-G/H/S/U/X/Y/Xeon E3
|
||||||
|
* Coffee Lake-H/S/U/Xeon E
|
||||||
|
* Comet Lake-U 4+2
|
||||||
|
* Whiskey Lake-U
|
||||||
|
|
||||||
|
Family names of the affected CPU models:
|
||||||
|
* 7th Generation Intel® Core™ Processor Family
|
||||||
|
* 8th Generation Intel® Core™ Processor Family
|
||||||
|
* 9th Generation Intel® Core™ Processor Family
|
||||||
|
* 10th Generation Intel® Core™ Processor Family (selected models)
|
||||||
|
* Intel® Celeron® Processor G Series
|
||||||
|
* Intel® Celeron® Processor 5000 Series
|
||||||
|
* Intel® Core™ X-series Processors (i7-7740X, i5-7640X only)
|
||||||
|
* Intel® Pentium® Gold Processor Series
|
||||||
|
* Intel® Pentium® Processor Series (selected models)
|
||||||
|
* Intel® Xeon® Processor E Family
|
||||||
|
* Intel® Xeon® Processor E3 v6 Family
|
||||||
|
|
||||||
|
SHA1 checksums of the microcode files containing microcode revisions
|
||||||
|
in question:
|
||||||
|
* 06-8e-09, revision 0xb4: e253c95c29c3eef6576db851dfa069d82a91256f
|
||||||
|
* 06-8e-0a, revision 0xb4: 45bcba494be07df9eeccff9627578095a97fba4d
|
||||||
|
* 06-8e-0b, revision 0xb8: 3e54bf91d642ad81ff07fe274d0cfb5d10d09c43
|
||||||
|
* 06-8e-0c, revision 0xb8: bf635c87177d6dc4e067ec11e1caeb19d3c325f0
|
||||||
|
* 06-9e-09, revision 0xb4: 42f68eec4ddb79dd6be0c95c4ce60e514e4504b1
|
||||||
|
* 06-9e-0a, revision 0xb4: 37c7cb394dd36610b57943578343723da67d50f0
|
||||||
|
* 06-9e-0b, revision 0xb4: b5399109d0a5ce8f5fb623ff942da0322b438b95
|
||||||
|
* 06-9e-0c, revision 0xae: 131bce89e4d210de8322ffbc6bd787f1af66a7df
|
||||||
|
* 06-9e-0d, revision 0xb8: 22511b007d1df55558d115abb13a1c23ea398317
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xca: 9afa1bae40995207afef13247f114be042d88083
|
||||||
|
* 06-8e-0a, revision 0xca: 1d90291cc25e17dc6c36c764cf8c06b41fed4c16
|
||||||
|
* 06-8e-0b, revision 0xca: 3fb1246a6594eff5e2c2076c63c600d734f10777
|
||||||
|
* 06-8e-0c, revision 0xca: e871540671f59b4fa5d0d454798f09a4d412aace
|
||||||
|
* 06-9e-09, revision 0xca: b5eed11108ab7ac1e675fe75d0e7454a400ddd35
|
||||||
|
* 06-9e-0a, revision 0xca: e472304aaa2f3815a32822cb111ab3f43bf3dfe4
|
||||||
|
* 06-9e-0b, revision 0xca: 78f47c5162da680878ed057dc7c853f9737c524b
|
||||||
|
* 06-9e-0c, revision 0xca: f23848a009928796a153cb9e8f44522136969408
|
||||||
|
* 06-9e-0d, revision 0xca: c7a3d469469ee828ba9faf91b67af881fceec3b7
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xd6: 2272c621768437d20e602207752201e0966e5a8c
|
||||||
|
* 06-8e-0a, revision 0xd6: 0b145afb88e028e612f04c2a86385e7d7c3fefc4
|
||||||
|
* 06-8e-0b, revision 0xd6: c3831b05da83be54f3acc451a1bce90f75e2e9e5
|
||||||
|
* 06-8e-0c, revision 0xd6: 4b8938a93e23f4b5a2d9de40b87f6afcfdc27c05
|
||||||
|
* 06-9e-09, revision 0xd6: 4bacba8c598508e7dd4e87e179586abe7a1a987f
|
||||||
|
* 06-9e-0a, revision 0xd6: 4c236afeef9f80ff3a286698fe7cef72926722f0
|
||||||
|
* 06-9e-0b, revision 0xd6: 2f9ab9b2ba29559ce177632281d7290a24fed2ef
|
||||||
|
* 06-9e-0c, revision 0xd6: 4b9059e519bcab6085b6c103f5d99e509fe0b2bb
|
||||||
|
* 06-9e-0d, revision 0xd6: 3a3b7edfd8126bb34b761b46a32102a622047899
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xde: 84d7514101eb8904834a3dacdee684b3c574245f
|
||||||
|
* 06-8e-0a, revision 0xe0: 080b9e3ebbcf6bb1eca0fb5f640e6bfbfe3a1e6e
|
||||||
|
* 06-8e-0b, revision 0xde: 80fed976231bbff4c7103e373498e07eef0bff31
|
||||||
|
* 06-8e-0c, revision 0xde: 84f160587fea4acb81451c8ff53dc51afba06343
|
||||||
|
* 06-9e-09, revision 0xde: 422026ffb2cca446693c586be98d0d9e7dfeb116
|
||||||
|
* 06-9e-0a, revision 0xde: b6c44b9fe26e1d6bafa27f37ffe010284294bf1c
|
||||||
|
* 06-9e-0b, revision 0xde: 6452937a0d359066b95f9e679a41a15490770312
|
||||||
|
* 06-9e-0c, revision 0xde: a95021a4e497e0bf3691ecf3d020728f25a3f542
|
||||||
|
* 06-9e-0d, revision 0xde: 03b20fdc2fa3f9586f93a7e40d3b61be5b7b788c
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xea: caa7192fb2223e3e52389aca84930aee326b384d
|
||||||
|
* 06-8e-0a, revision 0xea: ab4d5d3b51445d055763796a0362f8ab249cf4c8
|
||||||
|
* 06-8e-0b, revision 0xea: 5406c513f90286c02476ee0d4a6c8010a263c3ac
|
||||||
|
* 06-8e-0c, revision 0xea: 8c045b9056443862c95573efd4646e331a2310d3
|
||||||
|
* 06-9e-09, revision 0xea: a9f8a14ca3808f6380d6dff92e1fd693cc909668
|
||||||
|
* 06-9e-0a, revision 0xea: b7726bdba2fe74d8f419c68f417d796d569b9ec4
|
||||||
|
* 06-9e-0b, revision 0xea: 963dca66aedf2bfb0613d0d9515c6bcfb0589e0c
|
||||||
|
* 06-9e-0c, revision 0xea: 1329a4d8166fe7d70833d21428936254e11efbb4
|
||||||
|
* 06-9e-0d, revision 0xea: 9c73f2ac6c4edbf8b0aefdd5d6780c7219be702a
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xec: 78eb624be5e8084e438318bdad99f9ddc082def7
|
||||||
|
* 06-8e-0a, revision 0xec: 6c41a6ad412f48f81a9d5edf59dcdecc358398bf
|
||||||
|
* 06-8e-0b, revision 0xec: 89dd0de598c83eb9714f6839499f322dfce2b693
|
||||||
|
* 06-8e-0c, revision 0xec: 225ea349b9cb3b1b94e237deb797e0c60d14a84c
|
||||||
|
* 06-9e-09, revision 0xec: fc5c0206fe392a0ddad4dc9363fde2d3e3d1e681
|
||||||
|
* 06-9e-0a, revision 0xec: 128002076e4ac3c75697fb4efdf1f8ddcc971fbe
|
||||||
|
* 06-9e-0b, revision 0xec: ac8c3865a143b2e03869f15a5b86e560f60ad632
|
||||||
|
* 06-9e-0c, revision 0xec: 6e3d695290def517857c8e743dc65161479f0c04
|
||||||
|
* 06-9e-0d, revision 0xec: 58b1ec5fee7dd1a761ed901b374ccb978737a979
|
||||||
|
|
||||||
|
* 06-8e-09, revision 0xf0: 219e2b9168a09451b17813b97995cc59cc78b414
|
||||||
|
* 06-8e-0a, revision 0xf0: 3c4241d0b9d1a1a1e82d03b365fdd3b843006a7c
|
||||||
|
* 06-8e-0b, revision 0xf0: 79b61f034cba86e61641114bbab49ec0166c0f35
|
||||||
|
* 06-8e-0c, revision 0xf0: 11d166de440dbe9c440e90cb610ef4b9d48242b1
|
||||||
|
* 06-9e-09, revision 0xf0: 49e142da74e7298b2db738ff7dd1a9b0fa4e0c3e
|
||||||
|
* 06-9e-0a, revision 0xf0: 8de1d4a80cd683bf09854c33905c69d3d7ac7730
|
||||||
|
* 06-9e-0b, revision 0xf0: ff092c6ac8333f0abcd94f7d2e2088f31d960e62
|
||||||
|
* 06-9e-0c, revision 0xf0: 3702f21e87b75bea6f4b1ee0407b941ef31d4ad1
|
||||||
|
* 06-9e-0d, revision 0xf0: 226feaaa431eb76e734ab68efc2ea7b07aa3c7d9
|
||||||
|
|
||||||
|
Please contact your system vendor for a BIOS/firmware update that contains
|
||||||
|
the latest microcode version. For the information regarding microcode versions
|
||||||
|
required for mitigating specific side-channel cache attacks, please refer
|
||||||
|
to the following knowledge base articles:
|
||||||
|
* CVE-2017-5715 ("Spectre"):
|
||||||
|
https://access.redhat.com/articles/3436091
|
||||||
|
* CVE-2018-3639 ("Speculative Store Bypass"):
|
||||||
|
https://access.redhat.com/articles/3540901
|
||||||
|
* CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
|
||||||
|
https://access.redhat.com/articles/3562741
|
||||||
|
* CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
|
||||||
|
("Microarchitectural Data Sampling"):
|
||||||
|
https://access.redhat.com/articles/4138151
|
||||||
|
* CVE-2019-0117 (Intel SGX Information Leak),
|
||||||
|
CVE-2019-0123 (Intel SGX Privilege Escalation),
|
||||||
|
CVE-2019-11135 (TSX Asynchronous Abort),
|
||||||
|
CVE-2019-11139 (Voltage Setting Modulation):
|
||||||
|
https://access.redhat.com/solutions/2019-microcode-nov
|
||||||
|
* CVE-2020-0543 (Special Register Buffer Data Sampling),
|
||||||
|
CVE-2020-0548 (Vector Register Data Sampling),
|
||||||
|
CVE-2020-0549 (L1D Cache Eviction Sampling):
|
||||||
|
https://access.redhat.com/solutions/5142751
|
||||||
|
* CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
|
||||||
|
CVE-2020-8696 (Vector Register Leakage-Active),
|
||||||
|
CVE-2020-8698 (Fast Forward Store Predictor):
|
||||||
|
https://access.redhat.com/articles/5569051
|
||||||
|
* CVE-2020-24489 (VT-d-related Privilege Escalation),
|
||||||
|
CVE-2020-24511 (Improper Isolation of Shared Resources),
|
||||||
|
CVE-2020-24512 (Observable Timing Discrepancy),
|
||||||
|
CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors):
|
||||||
|
https://access.redhat.com/articles/6101171
|
||||||
|
* CVE-2021-0127 (Intel Processor Breakpoint Control Flow):
|
||||||
|
https://access.redhat.com/articles/6716541
|
||||||
|
* CVE-2022-0005 (Informational disclosure via JTAG),
|
||||||
|
CVE-2022-21123 (Shared Buffers Data Read),
|
||||||
|
CVE-2022-21125 (Shared Buffers Data Sampling),
|
||||||
|
CVE-2022-21127 (Update to Special Register Buffer Data Sampling),
|
||||||
|
CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure),
|
||||||
|
CVE-2022-21166 (Device Register Partial Write):
|
||||||
|
https://access.redhat.com/articles/6963124
|
||||||
|
|
||||||
|
The information regarding disabling microcode update is provided below.
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for a specific kernel
|
||||||
|
version, please create a file "disallow-intel-06-8e-9e-0x-dell" inside
|
||||||
|
/lib/firmware/<kernel_version> directory, run
|
||||||
|
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
|
||||||
|
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
|
||||||
|
so initramfs for this kernel version is regenerated, for example:
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8e-9e-0x-dell
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
To disable usage of the newer microcode revision for all kernels, please create
|
||||||
|
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-0x-dell",
|
||||||
|
run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
|
||||||
|
used for late microcode updates, and run "dracut -f --regenerate-all"
|
||||||
|
so initramfs images get regenerated, for example:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8e-9e-dell
|
||||||
|
/usr/libexec/microcode_ctl/update_ucode
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,7 @@
|
|||||||
|
## Uncomment the following line in order to disable
|
||||||
|
## microcode_ctl module that is used for $fw_dir variable overriding.
|
||||||
|
##
|
||||||
|
## Please refer to /usr/share/doc/microcode_ctl/README.caveats
|
||||||
|
## for additional information.
|
||||||
|
##
|
||||||
|
#omit_dracutmodules+=' microcode_ctl-fw_dir_override '
|
@ -0,0 +1,51 @@
|
|||||||
|
The microcode_ctl package contains microcode files (vendor-provided binary data
|
||||||
|
and/or code in proprietary format that affects behaviour of a device) for Intel
|
||||||
|
CPUs that may be loaded into the CPU during boot.
|
||||||
|
|
||||||
|
This directory contains information regarding various aspects of the provided
|
||||||
|
microcode files and their usage.
|
||||||
|
|
||||||
|
* LICENSE.intel-ucode
|
||||||
|
"license" file from the Intel x86 CPU microcode archive.
|
||||||
|
* README
|
||||||
|
This file.
|
||||||
|
* README.caveats
|
||||||
|
Caveats (mechanism for enabling/disabling usage of sets of microcode files
|
||||||
|
based on caveat configuration and user preferences) documentation.
|
||||||
|
Also contains general information about microcode update behaviour and links
|
||||||
|
with additional information about the relevant microarchitectural
|
||||||
|
vulnerabilities.
|
||||||
|
* README.intel-ucode
|
||||||
|
"README.md" file from the Intel x86 CPU microcode archive.
|
||||||
|
* RELEASE_NOTES.intel-ucode
|
||||||
|
"releasenote.md" file from the Intel x86 CPU microcode archive.
|
||||||
|
* SECURITY.intel-ucode
|
||||||
|
"security.md" file from the Intel x86 CPU microcode archive.
|
||||||
|
* SUMMARY.intel-ucode
|
||||||
|
Information about supplied microcode files extracted from their headers,
|
||||||
|
in a table form. Columns have the following meaning:
|
||||||
|
* "Path": path to the microcode file under one of the following directories:
|
||||||
|
* /usr/share/microcode_ctl/ucode_with_caveats/intel
|
||||||
|
* /usr/share/microcode_ctl/ucode_with_caveats
|
||||||
|
* /usr/share/microcode_ctl
|
||||||
|
* /lib/firmware
|
||||||
|
* /etc/firmware
|
||||||
|
* "Offset": offset of the microcode blob within the micocode file in bytes.
|
||||||
|
* "Ext. Offset": offset of the extended signature header within
|
||||||
|
the microcode file in bytes.
|
||||||
|
* "Data Size": size of microcode data in bytes. 0 means 2000 bytes.
|
||||||
|
* "Total Size": size of microcode blob in bytes, incuding headers.
|
||||||
|
0 means 2048 bytes.
|
||||||
|
* "CPUID": CPU ID signature (in format returned by the CPUID instruction).
|
||||||
|
* "Platform ID Mask": mask of suitable Platform IDs (provided in bits
|
||||||
|
52..50 of MSR 0x17).
|
||||||
|
* "Revision": microcode revision.
|
||||||
|
* "Date": microcode creation date.
|
||||||
|
* "Checksum": sum (in base 1<< 32) of all 32-bit values comprising
|
||||||
|
the microcode (from Offset up to Offset + Total Size).
|
||||||
|
* "Codenames": list of known CPU codenames associated with the CPUID
|
||||||
|
and Platform ID Mask combination.
|
||||||
|
Please refer to README.cavets, section "Microcode file structure"
|
||||||
|
for additional information regarding microcode header fields.
|
||||||
|
* caveats
|
||||||
|
Directory that contains readme files for each specific caveat.
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,332 @@
|
|||||||
|
# format=extended
|
||||||
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
# Segment; Unused; Codename; Stepping; PF; CPUID; Abbreviation; Variant(s); Families; Models
|
||||||
|
|
||||||
|
Server;;Pentium Pro;B0;00;611;;;Pentium Pro;
|
||||||
|
Server;;Pentium Pro;C0;00;612;;;Pentium Pro;
|
||||||
|
Server;;Pentium Pro;sA0;00;616;;;Pentium Pro;
|
||||||
|
Server;;Pentium Pro;sA1;00;617;;;Pentium Pro;
|
||||||
|
Server;;Pentium Pro;sB1;00;619;;;Pentium Pro;
|
||||||
|
Desktop;;Klamath (PII);C0;ff;633;;;Pentium II;
|
||||||
|
Desktop;;Klamath (PII);C1;ff;634;;;Pentium II;
|
||||||
|
Desktop;;Deschutes SEPP (PII);A0;01;650;;;Celeron;
|
||||||
|
Mobile;;Deschutes Mini-Cart (PII);A0;02;650;;;Pentium II Mobile;
|
||||||
|
Server;;Deschutes SECC (PII);A0;04;650;;;Pentium II Xeon;
|
||||||
|
Mobile;;Deschutes MMC1/MMC2 (PII);A0;08;650;;;Pentium II Mobile;
|
||||||
|
Mobile;;Deschutes Micro-PGA1 (PII);A0;20;650;;;Pentium II Mobile;
|
||||||
|
Mobile;;Deschutes (PII);A0;80;650;;;Pentium II Mobile;
|
||||||
|
Desktop;;Deschutes SECC/SECC2 (PII);A1;01;651;;;Celeron;
|
||||||
|
Desktop;;Deschutes SEPP (PII);A1;01;651;;;Celeron;
|
||||||
|
Mobile;;Deschutes Mini-Cart (PII);A1;02;651;;;Pentium II Mobile;
|
||||||
|
Mobile;;Deschutes MMC1/MMC2 (PII);A1;08;651;;;Pentium II Mobile;
|
||||||
|
Desktop;;Deschutes SECC/SECC2 (PII);B0;01;652;;;Pentium II;
|
||||||
|
Mobile;;Deschutes Mini-Cart (PII);B0;02;652;;;Pentium II Mobile;
|
||||||
|
Server;;Deschutes SECC (PII);B0;04;652;;;Pentium II Xeon;
|
||||||
|
Mobile;;Deschutes MMC1/MMC2 (PII);B0;08;652;;;Pentium II Mobile;
|
||||||
|
Desktop;;Deschutes SECC/SECC2 (PII);B1;01;653;;;Pentium II;
|
||||||
|
Mobile;;Deschutes Mini-Cart (PII);B1;02;653;;;Pentium II Mobile;
|
||||||
|
Server;;Deschutes SECC (PII);B1;04;653;;;Pentium II Xeon;
|
||||||
|
Mobile;;Deschutes MMC1/MMC2 (PII);B1;08;653;;;Pentium II Mobile;
|
||||||
|
Desktop;;Mendocino SEPP (PII);A0;01;660;;;Celeron;
|
||||||
|
Desktop;;Mendocino PPGA (PII);B0;10;665;;;Celeron;
|
||||||
|
Mobile;;Dixon Mini-Cart (PII);A1;02;66a;;;Pentium II Mobile;
|
||||||
|
Mobile;;Dixon MMC1/MMC2 (PII);A1;08;66a;;;Pentium II Mobile, Celeron Mobile;
|
||||||
|
Mobile;;Dixon Micro-PGA1 (PII);A1;20;66a;;;Pentium II Mobile, Celeron Mobile;
|
||||||
|
Mobile;;Dixon Mini-Cart (PII);A1;02;66d;;;Pentium II Mobile;
|
||||||
|
Mobile;;Dixon MMC1/MMC2 (PII);A1;08;66d;;;Pentium II Mobile;
|
||||||
|
Mobile;;Dixon Micro-PGA1 (PII);A1;20;66d;;;Pentium II Mobile;
|
||||||
|
Desktop;;Katmai SECC/SECC2 (PIII);B0;01;671;;;Pentium III;
|
||||||
|
Server;;Tanner SECC (PIII);B0;04;671;;;Pentium III Xeon;
|
||||||
|
Desktop;;Katmai SECC/SECC2 (PIII);B0;01;672;;;Pentium III;
|
||||||
|
Server;;Tanner SECC (PIII);B0;04;672;;;Pentium III Xeon;
|
||||||
|
Desktop;;Katmai SECC/SECC2 (PIII);C0;01;673;;;Pentium III;
|
||||||
|
Server;;Tanner SECC (PIII);C0;04;673;;;Pentium III Xeon;
|
||||||
|
Desktop;;Coppermine SECC/SECC2 (PIII);A2;01;681;;;Pentium III;
|
||||||
|
Server;;Cascades SECC (PIII);A2;04;681;;;Pentium III Xeon;
|
||||||
|
Mobile;;Coppermine MMC2 (PIII);A2;08;681;;;Pentium III Mobile;
|
||||||
|
Desktop;;Coppermine FC-PGA (PIII);A2;10;681;;;Pentium III;
|
||||||
|
Mobile;;Coppermine Micro-PGA2 (PIII);A2;20;681;;;Pentium III Mobile;
|
||||||
|
Desktop;;Coppermine SECC/SECC2 (PIII);B0;01;683;;;Pentium III;
|
||||||
|
Server;;Cascades SECC (PIII);B0;04;683;;;Pentium III Xeon;
|
||||||
|
Mobile;;Coppermine MMC2 (PIII);B0;08;683;;;Pentium III Mobile;
|
||||||
|
Desktop;;Coppermine FC-PGA (PIII);B0;10;683;;;Pentium III;
|
||||||
|
Mobile;;Coppermine Micro-PGA2 (PIII);B0;20;683;;;Pentium III Mobile;
|
||||||
|
Desktop;;Coppermine SECC/SECC2 (PIII);C0;01;686;;;Pentium III;
|
||||||
|
Mobile;;Coppermine (PIII);C0;02;686;;;Pentium III Mobile;
|
||||||
|
Server;;Cascades SECC (PIII);C0;04;686;;;Pentium III Xeon;
|
||||||
|
Mobile;;Coppermine MMC2 (PIII);C0;08;686;;;Pentium III Mobile;
|
||||||
|
Desktop;;Coppermine FC-PGA (PIII);C0;10;686;;;Pentium III;
|
||||||
|
Mobile;;Coppermine Micro-PGA2 (PIII);C0;20;686;;;Pentium III Mobile;
|
||||||
|
Desktop;;Coppermine FC-PGA2 (PIII);C0;20;686;;;Pentium III;
|
||||||
|
Desktop;;Coppermine (PIII);C0;80;686;;;Pentium III;
|
||||||
|
Desktop;;Coppermine (PIII);D0;ff;68a;;;Pentium III;
|
||||||
|
Mobile;;Banias (P-M);B1;b0;695;;;Pentium M, Celeron M;
|
||||||
|
Server;;Cascades (PIII);A0;04;6a0;;;Pentium III Xeon;
|
||||||
|
Server;;Cascades (PIII);A1;04;6a1;;;Pentium III Xeon;
|
||||||
|
Server;;Cascades (PIII);B0;04;6a4;;;Pentium III Xeon;
|
||||||
|
Desktop;;Tualatin FC-PGA2 (PIII);A0;10;6b0;;;Pentium III;
|
||||||
|
Desktop;;Tualatin FC-PGA2 (PIII);A1;10;6b1;;;Pentium III;
|
||||||
|
Mobile;;Tualatin Micro-PGA2 (PIII);A1;20;6b1;;;Pentium III Mobile;
|
||||||
|
Desktop;;Tualatin FC-PGA2 (PIII);B1;10;6b4;;;Pentium III;
|
||||||
|
Mobile;;Tualatin Micro-PGA2 (PIII);B1;20;6b4;;;Pentium III Mobile;
|
||||||
|
Mobile;;Dothan (P-M);B0;20;6d6;;;Pentium M;
|
||||||
|
Mobile;;Dothan (P-M);C0;20;6d8;;;Pentium M;
|
||||||
|
Mobile;;Yonah;B0;20;6e4;;;Core Duo, Core Solo;
|
||||||
|
Mobile;;Yonah;C0;20;6e8;;;Core Duo, Core Solo;
|
||||||
|
Server;;Sossaman (Yonah);C0;00;6e8;;;Xeon LV;
|
||||||
|
Mobile;;Yonah;E0;a0;6ec;;;Core Duo, Core Solo;
|
||||||
|
Server;;Sossaman (Yonah);D0;00;6ec;;;Xeon LV, Xeon ULV;
|
||||||
|
Mobile;;Yonah;M0;20;6ed;;;Core Duo Mobile;
|
||||||
|
Desktop;;Conroe (Merom);L2;01;6f2;;;Core2 Duo E4xxx, E6xxx;
|
||||||
|
Mobile;;Merom;L2;20;6f2;;;Core2 Duo Mobile;
|
||||||
|
Server;;Conroe Xeon (Merom);L2;01;6f2;;;;Xeon 3040, 3050
|
||||||
|
Desktop;;Conroe (Merom);B0;01;6f4;;;Core2 Duo E4xxx, E6xxx;
|
||||||
|
Server;;Woodcrest (Merom);B0;04;6f4;;;Xeon 51xx;
|
||||||
|
Desktop;;Conroe (Merom);B2;01;6f6;;;Core2 Duo E4xxx, E6xxx;
|
||||||
|
Mobile;;Merom;B2;20;6f6;;;Core2 Duo Mobile;
|
||||||
|
Server;;Conroe Xeon (Merom);B2;01;6f6;;;;Xeon 3040, 3050, 3060, 3070
|
||||||
|
Server;;Woodcrest (Merom);B2;04;6f6;;;;Xeon 5110, 5120, 5130, 5140, 5150, 5160, Xeon LV 5128, 5133, 5138, 5148
|
||||||
|
Desktop;;Kentsfield (Merom);B3;10;6f7;;;;
|
||||||
|
Server;;Kentsfield Xeon (Merom);B3;10;6f7;;;;Xeon X3210, X3220
|
||||||
|
Server;;Clovertown (Merom);B3;40;6f7;;;;Xeon E5310, E5320, E5335, E5345, X5355, X5365, L5310, L5320
|
||||||
|
Desktop;;Tigerton (Merom);E0;01;6f9;;;;
|
||||||
|
Mobile;;Merom;E1;80;6fa;;;Core 2 Duo Mobile, Celeron Processor 500;
|
||||||
|
Desktop;;Conroe (Merom);G0;01;6fb;;;;
|
||||||
|
Desktop;;Kentsfield (Merom);G0;10;6fb;;;;
|
||||||
|
Mobile;;Merom;G0;a0;6fb;;;;
|
||||||
|
Server;;Conroe Xeon (Merom);G0;01;6fb;;;;Xeon 3065, 3075, 3085
|
||||||
|
Server;;Woodcrest (Merom);G0;04;6fb;;;;Xeon 5110, 5120, 5130, 5140, 5150, 5160, Xeon LV 5113, 5128, 5133, 5138, 5148
|
||||||
|
Server;;Tigerton (Merom);G0;08;6fb;;;;Xeon E7210, E7220, E7310, E7320, E7330, E7340, X7350, L7345
|
||||||
|
Server;;Kentsfield Xeon (Merom);G0;10;6fb;;;;Xeon X3210, X3220, X3230
|
||||||
|
Server;;Clovertown (Merom);G0;40;6fb;;;;Xeon E5310, E5320, E5335, E5345, X5355, X5365, L5310, L5318, L5320, L5335
|
||||||
|
Desktop;;Conroe (Merom);M0;01;6fd;;;;
|
||||||
|
Mobile;;Merom;M0;a0;6fd;;;;
|
||||||
|
Desktop;;Willamette (NetBurst);B2;01;f07;;;Pentium 4 (Socket 423);
|
||||||
|
Server;;Foster DP (NetBurst);B2;02;f07;;;Pentium 4 Xeon (Socket 603);
|
||||||
|
Desktop;;Willamette (NetBurst);B2;04;f07;;;Pentium 4 (Willamette, Socket 478);
|
||||||
|
Desktop;;Willamette (NetBurst);C1;01;f0a;;;Pentium 4 (Socket 423);
|
||||||
|
Server;;Foster DP (NetBurst);C1;02;f0a;;;Pentium 4 Xeon (Socket 603);
|
||||||
|
Desktop;;Willamette (NetBurst);C1;04;f0a;;;Pentium 4 (Willamette, Socket 478);
|
||||||
|
Server;;Foster MP (NetBurst);C0;02;f11;;;Pentium 4 Xeon MP (Socket 603);
|
||||||
|
Desktop;;Willamette (NetBurst);D0;01;f12;;;Pentium 4 (Socket 423);
|
||||||
|
Server;;Foster DP (NetBurst);D0;02;f12;;;Pentium 4 Xeon (Socket 603);
|
||||||
|
Desktop;;Willamette (NetBurst);D0;04;f12;;;Pentium 4 (Willamette, Socket 478);
|
||||||
|
Desktop;;Willamette (NetBurst);E0;04;f13;;;Pentium 4 (Willamette, Socket 478), Celeron (Willamette, Socket 478);
|
||||||
|
Server;;Prestonia (NetBurst);A0;02;f22;;;Pentium 4 Xeon MP (Socket 603);
|
||||||
|
Desktop;;Northwood (NetBurst);B0;04;f24;;;Pentium 4 (Northwood);
|
||||||
|
Mobile;;Northwood (NetBurst);B0;08;f24;;;Pentium 4-M;
|
||||||
|
Mobile;;Northwood (NetBurst);B0;10;f24;;;Pentium 4 Mobile;
|
||||||
|
Server;;Prestonia (NetBurst);B0;02;f24;;;Pentium 4 Xeon (Socket 603/604);
|
||||||
|
Desktop;;Northwood (NetBurst);B1,M0;14;f25;;;Pentium 4 (Northwood);
|
||||||
|
Server;;Prestonia (NetBurst);B1,M0;01;f25;;;Pentium 4 Xeon (Socket 603/604);
|
||||||
|
Server;;Gallatin (NetBurst);B1;02;f25;;;Pentium 4 Xeon (Socket 603/604);
|
||||||
|
Server;;Gallatin (NetBurst);B1;02;f26;;;Pentium 4 Xeon (Socket 603/604);
|
||||||
|
Desktop;;Northwood (NetBurst);C1;04;f27;;;Pentium 4 (Northwood), Celeron (Northwood);
|
||||||
|
Mobile;;Northwood (NetBurst);C1;08;f27;;;Pentium 4-M, Celeron Mobile;
|
||||||
|
Server;;Prestonia (NetBurst);C1;02;f27;;;Pentium 4 Xeon (Socket 603/604);
|
||||||
|
Desktop;;Northwood (NetBurst);D1;04;f29;;;Pentium 4 (Northwood), Celeron (Northwood);
|
||||||
|
Mobile;;Northwood (NetBurst);D1;08;f29;;;Pentium 4-M, Celeron Mobile;
|
||||||
|
Server;;Prestonia (NetBurst);D1;02;f29;;;Pentium 4 Xeon (Socket 603/604);
|
||||||
|
Desktop;;Prescott (NetBurst);B1;0d;f32;;;Pentium 4 (Prescott);
|
||||||
|
Desktop;;Prescott (NetBurst);C0;0d;f33;;;Pentium 4 (Prescott), Celeron D;
|
||||||
|
Desktop;;Prescott (NetBurst);D0;1d;f34;;;Pentium 4 (Prescott), Celeron D;
|
||||||
|
Server;;Nocona (NetBurst);D0;1d;f34;;;Pentium 4 (Prescott);
|
||||||
|
Desktop;;Prescott (NetBurst);E0;bd;f41;;;Pentium 4 (Prescott), Celeron D;
|
||||||
|
Server;;Protomac (NetBurst);C0;02;f41;;;Pentium 4 Xeon MP (Socket 604);
|
||||||
|
Server;;Cranford (NetBurst);A0;bd;f41;;;Pentium 4 Xeon MP (Socket 604);
|
||||||
|
Server;;Nocona (NetBurst);E0;bd;f41;;;Pentium 4 Xeon (Socket 604);
|
||||||
|
Desktop;;Prescott (NetBurst);N0;9d;f43;;;Pentium 4 (Prescott);
|
||||||
|
Server;;Irwindale (NetBurst);N0;9d;f43;;;Pentium 4 Xeon (Socket 604);
|
||||||
|
Desktop;;Smithfield (NetBurst);A0;9d;f44;;;Pentium D 8x0 (Smithfield);
|
||||||
|
Desktop;;Smithfield (NetBurst);B0;9d;f47;;;Pentium D 8x0 (Smithfield);
|
||||||
|
Server;;Paxwille (NetBurst);A0;01;f48;;;Pentium 4 Dual-Core Xeon 70xx;
|
||||||
|
Server;;Paxwille (NetBurst);A0;02;f48;;;Pentium 4 Dual-Core Xeon MP 70xx;
|
||||||
|
Desktop;;Prescott (NetBurst);G1;bd;f49;;;Pentium 4 (Prescott), Celeron D;
|
||||||
|
Server;;Cranford (NetBurst);B0;bd;f49;;;Pentium 4 Xeon MP (Socket 604);
|
||||||
|
Server;;Nocona (NetBurst);G1;bd;f49;;;Pentium 4 Xeon (Socket 604);
|
||||||
|
Desktop;;Prescott (NetBurst);R0;5c;f4a;;;Pentium 4 (Prescott);
|
||||||
|
Server;;Irwindale (NetBurst);R0;5d;f4a;;;Pentium 4 Xeon (Socket 604);
|
||||||
|
Desktop;;Cedar Mill (NetBurst);B1;04;f62;;;;Pentium 4 HT 631, 641, 651, 661
|
||||||
|
Desktop;;Presler (NetBurst);B1;04;f62;;;;Pentium D 920, 930, 940, 950, Pentium Extreme Edition 955
|
||||||
|
Desktop;;Cedar Mill (NetBurst);C1;34;f64;;;;Pentium 4 HT 631, 641, 651, 661, Celeron D 347, 352, 356
|
||||||
|
Desktop;;Presler (NetBurst);C1;34;f64;;;;Pentium D 915, 920, 925, 930, 940, 945, 950, 960, Pentium Extreme Edition 965
|
||||||
|
Server;;Dempsey (NetBurst);C1;01;f64;;;Xeon 50xx;
|
||||||
|
Desktop;;Cedar Mill (NetBurst);D0;04;f65;;;;Pentium 4 HT 631, 641, 651, 661, Celeron D 347, 352, 356, 360, 365
|
||||||
|
Desktop;;Presler (NetBurst);D0;04;f65;;;;Pentium D 915, 925, 935, 945, 950, 960
|
||||||
|
Server;;Dempsey (NetBurst);D0;01;f65;;;Xeon 50xx;
|
||||||
|
Server;;Tulsa (NetBurst);B0;22;f68;;;;Xeon 7110N, 7110M, 7120N, 7120M, 7130N, 7130M, 7140N, 7140M, 7150N
|
||||||
|
Server;;Deschutes (PII);B0;00;01632;;;Pentium II Xeon;
|
||||||
|
SOC;;Tolapai (P-M);B0;ff;10650;;;;EP80579
|
||||||
|
Desktop;;Conroe-L (Merom);A1;01;10661;;;;Celeron 220, 420, 430, 440, 450
|
||||||
|
Mobile;;Merom-L;A1;82;10661;;;;
|
||||||
|
Desktop;;Wolfdale (Penryn);M0;91;10676;;;;Core2 Duo E7200, E7300, E8190, E8200, E8300, E8400, E8500, Core2 Quad Q9450, Q9550, Core2 Extreme QX9650, QX9770, QX9775
|
||||||
|
Desktop;;Yorkfield (Penryn);C0;91;10676;;;;Core2 Quad Q9450, Q9550, Core2 Extreme QX9650, QX9770, QX9775
|
||||||
|
Mobile;;Penryn;C0;91;10676;;;;Core2 Duo E8135, E8235, E8335, E8435, T8100, T8300, T9300, T9400, T9500, T9600, P7350, P7450, P8400, P8600, P9500, SP9300, SP9400, SL9300, SL9380, SL9400, SU9300, SU9400, Core2 Extreme X9000, X9100
|
||||||
|
Server;;Wolfdale Xeon (Penryn);C0;91;10676;;;;Xeon E3110
|
||||||
|
Server;;Yorkfield Xeon (Penryn);C0;91;10676;;;;Xeon X3350, X3360
|
||||||
|
Server;;Wolfdale-DP (Penryn);M0;04;10676;;;;Xeon E5205, E5220, E5240, X5260, X5272
|
||||||
|
Server;;Harpertown (Penryn);C0;40;10676;;;;Xeon L5408, L5410, L5420, E5405,E5410,E5420,E5430, E5440, E5450, E5462, E5472, X5450, X5460, X5470, X5472, X5482
|
||||||
|
Desktop;;Yorkfield (Penryn);C1,M1;10;10677;;;Core2 Extreme, Core2 Quad;Core2 Extreme QX9650, QX9770, QX9775, Core2 Quad Q8200, Q8200S, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650
|
||||||
|
Server;;Yorkfield Xeon (Penryn);C1,M1;10;10677;;;Xeon L33xx, X33xx;Xeon L3360, X3320, X3330, X3350, X3360, X3370, X3380
|
||||||
|
Desktop;;Wolfdale (Penryn);E0,R0;b1;1067a;;;Core2 Extreme, Core2 Quad, Core2 Duo;Core2 Extreme QX9650, QX9770, QX9775, Core2 Quad Q8200, Q8200S, Q8300, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650, Core2 Duo E7200, E7300, E7400, E7500, E7600, E8190, E8200, E8300, E8400, E8500, E8600, Pentium E5200, E5300, E5400, E5500, E5700, E5800, E6300, E6500, E6500K, E6600, E6700, E6800, Celeron E3200, E3300, E3400, E3500
|
||||||
|
Mobile;;Wolfdale (Penryn);E0,R0;b1;1067a;;;Core2 Extreme, Core2 Quad, Core2 Duo, Core2 Solo, Pentium T4x00;Core2 Extreme QX9300, X9000, X9100, Core2 Quad Q9000, Q9100, Core2 Duo T6400, T6500, T6670, T8100, T8300, T9300, T9400, T9500, T9550, T9600, T9800, T9900, SU9300, SU9400, SU9600, SP9300, SP9400, SP9600, SL9380, SL9400, SL9600, SL9300, P7350, P7370, P7450, P7550, P7570, P8400, P8600, P8700, P8800, P9500, P9600, P9700, Core2 Solo SU3500, ULV SU3500, ULV SU3300, Pentium T4200, T4300, T4400, T4500, Celeron 900, 925, SU2300, T3100, T3300, T3500, ULV 763, Celeron M Processor ULV 722, ULV 723, ULV 743
|
||||||
|
Server;;Harpertown (Penryn);E0;44;1067a;;;;Xeon L5408, L5410, L5420, L5430, E5405, E5410, E5420, E5430, E5440, E5450, E5462, E5472, X5450, X5460, X5470, X5492
|
||||||
|
Server;;Wolfdale-DP (Penryn);E0;44;1067a;;;;Xeon E3110, E3120, E5205, E5220, L3110, L5215, L5240, X5260, X5270, X5272
|
||||||
|
Dekstop;;Bloomfield (Nehalem);C0;03;106a4;NHM;;Core i7-9xx;
|
||||||
|
Dekstop;;Bloomfield (Nehalem);D0;03;106a5;NHM;;Core i7-9xx;
|
||||||
|
Server;;Bloomfield Xeon (Nehalem);D0;03;106a5;NHM;EP,WS;Xeon E/L/X/W55xx;
|
||||||
|
Mobile;;Silverthorne (Bonnell);C0;01;106c2;;;Intel Atom Z5x0;
|
||||||
|
Desktop;;Diamondville (Bonnell);C0;04;106c2;;;;Intel Atom 230
|
||||||
|
Desktop;;Diamondville (Bonnell);C0;08;106c2;;;;Intel Atom 330
|
||||||
|
Mobile;;Diamondville (Bonnell);C0;04;106c2;;;;Intel Atom N270, N280
|
||||||
|
Desktop;;Pineview (Bonnell);A0;05;106ca;;;;Intel Atom D410, D425
|
||||||
|
Desktop;;Pineview (Bonnell);B0;18;106ca;;;;Intel Atom D510, D525
|
||||||
|
Mobile;;Pineview (Bonnell);A0;05;106ca;;;;Intel Atom N435, N450, N455, N470, N475
|
||||||
|
Mobile;;Pineview (Bonnell);B0;18;106ca;;;;Intel Atom N550, N570
|
||||||
|
Server;;Dunnington (Penryn);A1;08;106d1;;;Intel Xeon MP;Intel Xeon E7420, E7430, E7440, E7450, E7458, L7445, X7460
|
||||||
|
Server;;Jasper Forest (Nehalem);B0;09;106e4;NHM;;;Xeon EC3528, EC3529, EC5509, EC5539, EC5549, LC3518, LC3528, LC5518, LC5528, Celeron P1053
|
||||||
|
Dekstop;;Lynnfield (Nehalem);B1;13;106e5;NHM;;Core i7-8xx, i5-7xx;
|
||||||
|
Mobile;;Clarksfield (Nehalem);B1;13;106e5;NHM;;Core i7-9xxXM, i7-8xxQM, i7-7xxQM;
|
||||||
|
Server;;Lynnfield Xeon (Nehalem);B1;13;106e5;NHM;;Xeon L3426, X24xx;
|
||||||
|
Desktop;;Westmere;K0,C2;12;20652;WSM;;Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeon P45xx/U3xxx;
|
||||||
|
Mobile;;Westmere;K0,C2;12;20652;WSM;;Core i7-6xxM, i5-6xxM/4xxM, i3-5xxM/3xxM;
|
||||||
|
Server;;Westmere;K0,C2;12;20652;WSM;;Xeon L3406;
|
||||||
|
Desktop;;Clarkdale (Westmere);K0;92;20655;WSM;;Core i7-6xxE/LE/UE, i5-5xxE, i3-3xxE;
|
||||||
|
Mobile;;Arrandale (Westmere);K0;92;20655;WSM;;Core i7-6xxM/LM/UM, i5-5xxM/UM, i3-3xxM/UM, Pentium Mobile P6xxx/U5xxx, Celeron Mobile P4xxx/U3xxx;
|
||||||
|
SOC;;Lincroft (Bonnell);C0;01;20661;;;;Intel Atom Z600, Z605, Z610, Z612, Z615, Z620, Z625, Z650, Z670
|
||||||
|
SOC;;Tunnell Creek (Bonnell);B0,B1;02;20661;;;;Intel Atom E620, E620T, E640, E640T, E660, E660T, E680, E680T
|
||||||
|
Desktop;;Sandy Bridge;D2,J1,Q0;12;206a7;SNB;;Core Gen2;
|
||||||
|
Mobile;;Sandy Bridge;D2,J1,Q0;12;206a7;SNB;;Core Gen2 Mobile;
|
||||||
|
Server;;Sandy Bridge;D2,Q0;12;206a7;SNB;Xeon E3;Xeon E3;
|
||||||
|
Desktop;;Gulftown (Westmere);B1;03;206c2;WSM;;;Core i7-970/980/980X/990X
|
||||||
|
Server;;Westmere-EP;B1;03;206c2;WSM;EP;Xeon E/L/X56xx;
|
||||||
|
Server;;Westmere-WS;B1;03;206c2;WSM;WS;Xeon W36xx;
|
||||||
|
Desktop;;Sandy Bridge;C1,M0;6d;206d6;SNB;E;Core i7-39xx, i7-38xx;
|
||||||
|
Server;;Sandy Bridge;C1,M0;6d;206d6;SNB;EN,EP;Xeon E5;
|
||||||
|
Desktop;;Sandy Bridge;C2,M1;6d;206d7;SNB;E;Core i7-39xx, i7-38xx;
|
||||||
|
Server;;Sandy Bridge;C2,M1;6d;206d7;SNB;EN,EP;Xeon E5;
|
||||||
|
Server;;Nehalem;D0;04;206e6;NHM;EX;Xeon E/L/X65xx/75xx;
|
||||||
|
Server;;Westmere-EX;A2;05;206f2;WSM;EX;Xeon E7;
|
||||||
|
SOC;;Valleyview;C0;02;30678;VLV;;Atom Z36xx, Z37xx, Z38xx, Z39xx;
|
||||||
|
SOC;;Valleyview;C0;0C;30678;VLV;;Celeron N2xxx, Pentium N35xx;
|
||||||
|
SOC;;Valleyview;D0;0F;30679;VLV;;Atom E38xx;
|
||||||
|
Desktop;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Core Gen3;
|
||||||
|
Mobile;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Core Gen3 Mobile;
|
||||||
|
Server;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Xeon E3 v2;
|
||||||
|
Desktop;;Haswell;Cx,Dx;32;306c3;HSW;S;Core Gen4;
|
||||||
|
Mobile;;Haswell;Cx,Dx;32;306c3;HSW;H;Core Gen4 Mobile;
|
||||||
|
Server;;Haswell;Cx,Dx;32;306c3;HSW;Xeon E3;Xeon E3 v3;
|
||||||
|
Mobile;;Broadwell;E0,F0;c0;306d4;BDW;U,Y;Core Gen5 Mobile;
|
||||||
|
Desktop;;Ivy Bridge;S1;ed;306e4;IVB;E;Core-i7 49xx/48xx;Core i7-4960X/4930K/4820K
|
||||||
|
Server;;Ivy Bridge;C0,C1,M1,S1;ed;306e4;IVB;EP;Xeon E5 v2;
|
||||||
|
Server;;Ivy Bridge;;ed;306e6;IVB;EX;Xeon E7 v2 ES;
|
||||||
|
Server;;Ivy Bridge;D1;ed;306e7;IVB;EX;Xeon E7 v2;
|
||||||
|
Desktop;;Haswell;C0,C1,M1,R2;6f;306f2;HSX;E;Core i7-59xx/58xx;
|
||||||
|
Server;;Haswell;C0,C1,M1,R2;6f;306f2;HSX;EN,EP,EP 4S;Xeon E5 v3;
|
||||||
|
Server;;Haswell;E0;80;306f4;HSX;EX;Xeon E7 v3;
|
||||||
|
Mobile;;Haswell;Cx,Dx;72;40651;HSW;U;Core Gen4 Mobile;
|
||||||
|
Desktop;;Broadwell;E0,G0;22;40671;BDW;S;Core Gen5;
|
||||||
|
Mobile;;Broadwell;E0,G0;22;40671;BDW;H;Core Gen5 Mobile;
|
||||||
|
Server;;Broadwell;E0,G0;22;40671;BDW;Xeon E3;Xeon E3 v4;
|
||||||
|
Desktop;;Haswell;Cx,Dx;32;40661;HSW;R;Core Gen4;
|
||||||
|
Mobile;;Haswell;Cx,Dx;32;40661;HSW;H;Core Gen4 Mobile;
|
||||||
|
SOC;;Cherry View;C0;01;406c3;CHV;;Atom x5-Zxxxx;
|
||||||
|
SOC;;Cherry View;D0;01;406c4;CHV;;Celeron Jxxxx, N3xxx, Pentium J3xxx, N3xxx, Atom x5-E8000;
|
||||||
|
SOC;;Avoton;B0,C0;01;406d8;AVN;;Atom C2xxx;
|
||||||
|
Mobile;;Skylake;D0;c0;406e3;SKL;U,Y;Core Gen6 Mobile;
|
||||||
|
Mobile;;Skylake;K1;c0;406e3;SKL;U 2+3e;Core Gen6 Mobile;
|
||||||
|
Desktop;;Broadwell;B0,M0,R0;ef;406f1;BDX;E;Core i7-69xx/68xx;
|
||||||
|
Server;;Broadwell;B0,M0,R0;ef;406f1;BDX;EP,EX;Xeon E5/E7 v4;
|
||||||
|
Server;;Broadwell;B0,M0,R0;ef;406f1;BDX;ML;Xeon E5/E7 v4;
|
||||||
|
Server;;Skylake;B1;97;50653;SKX;SP;Xeon Scalable;
|
||||||
|
Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX;
|
||||||
|
Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable;
|
||||||
|
Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx;
|
||||||
|
Server;;Cascade Lake;A0;b7;50655;CLX;SP;Xeon Scalable Gen2;
|
||||||
|
Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2;
|
||||||
|
Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;;
|
||||||
|
Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2;
|
||||||
|
Server;;Cascade Lake;B1,L1;bf;50657;CLX;W;;Xeon W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223
|
||||||
|
Server;;Cooper Lake;A1;bf;5065b;CPX;SP;Xeon Scalable Gen3;
|
||||||
|
Server;;Broadwell;V1;10;50662;BDX;DE;;Xeon D-1520/40
|
||||||
|
Server;;Broadwell;V2,V3;10;50663;BDX;DE;;Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
|
||||||
|
Server;;Broadwell;Y0;10;50664;BDX;DE;;Xeon D-1557/59/67/71/77/81/87
|
||||||
|
Server;;Broadwell;A0,A1;10;50665;BDX;NS;;Xeon D-1513N/23/33/43/53
|
||||||
|
Server;;Hewitt Lake (Broadwell);A1;10;50665;HWL;;;Xeon D-1602/22/23N/27/33N/37/49N/53N
|
||||||
|
Server;;Knights Landing;B0;78;50671;KNL;;Xeon Phi x200;Xeon Phi 7210, 7210F, 7230, 7230F, 7250, 7250F, 7290, 7290F
|
||||||
|
SOC;;Broxton;C0;01;506c2;BXT;;Atom T5500/5700
|
||||||
|
SOC;;Apollo Lake;D0;03;506c9;APL;;Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx;
|
||||||
|
SOC;;Apollo Lake;B1,F1;03;506ca;APL;;Atom 3900 Series;Atom x5-E3930, x5-E3940, x7-E3950
|
||||||
|
Desktop;;Skylake;N0,R0,S0;36;506e3;SKL;S;Core Gen6;
|
||||||
|
Mobile;;Skylake;N0,R0,S0;36;506e3;SKL;H;Core Gen6 Mobile;
|
||||||
|
Server;;Skylake;N0,R0,S0;36;506e3;SKL;Xeon E3;Xeon E3 v5;
|
||||||
|
SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx;
|
||||||
|
SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272
|
||||||
|
Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile;
|
||||||
|
Server;;Ice Lake;C0;87;606a5;ICX;SP;Xeon Scalable Gen3;
|
||||||
|
Server;;Ice Lake;D0;87;606a6;ICX;SP;Xeon Scalable Gen3;
|
||||||
|
SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100
|
||||||
|
SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
|
||||||
|
Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile;
|
||||||
|
Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295
|
||||||
|
SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB;
|
||||||
|
SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB;
|
||||||
|
SOC;;Snow Ridge;C0;01;80667;SNR;;Atom P59xxB;
|
||||||
|
SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
|
||||||
|
Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile;
|
||||||
|
Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile;
|
||||||
|
Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile;
|
||||||
|
Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile;
|
||||||
|
Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile;
|
||||||
|
Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile;
|
||||||
|
Mobile;;Coffee Lake;D0;c0;806ea;CFL;U 4+3e;Core Gen8 Mobile;
|
||||||
|
Mobile;;Kaby Lake;Y0;c0;806ea;KBL;R;Core Gen8 Mobile;
|
||||||
|
Mobile;;Amber Lake;V0;94;806ec;AML;Y 4+2;Core Gen10 Mobile;
|
||||||
|
Mobile;;Comet Lake;V0;94;806ec;CML;U 4+2;Core Gen10 Mobile;
|
||||||
|
Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile;
|
||||||
|
Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile;
|
||||||
|
Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile;
|
||||||
|
SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E;
|
||||||
|
Desktop;;Alder Lake;C0;02;90672;ADL;S 8+8;Core Gen12;
|
||||||
|
Mobile;;Alder Lake;C0;03;90672;ADL;HX;Core Gen12 Mobile;
|
||||||
|
Desktop;;Alder Lake;K0;01;90675;ADL;S 6+0;Core Gen12;
|
||||||
|
Mobile;;Alder Lake;L0;82;906a3;ADL;P 6+8;Core Gen12 Mobile;
|
||||||
|
Mobile;;Alder Lake;R0;80;906a3;ADL;U 9W;Core Gen12 Mobile;
|
||||||
|
Mobile;;Alder Lake;R0;82;906a4;ADL;P 2+8;Core Gen12 Mobile;
|
||||||
|
Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7;
|
||||||
|
Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile;
|
||||||
|
Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6;
|
||||||
|
Desktop;;Coffee Lake;U0;22;906ea;CFL;S;Core Gen8 Desktop;
|
||||||
|
Mobile;;Coffee Lake;U0;22;906ea;CFL;H;Core Gen8 Mobile;
|
||||||
|
Server;;Coffee Lake;U0;22;906ea;CFL;Xeon E;Xeon E;
|
||||||
|
Desktop;;Coffee Lake;B0;02;906eb;CFL;S;Core Gen8 Desktop;
|
||||||
|
Mobile;;Coffee Lake;B0;02;906eb;CFL;H;Core Gen8 Mobile;
|
||||||
|
Server;;Coffee Lake;B0;02;906eb;CFL;E;Xeon E;
|
||||||
|
Desktop;;Coffee Lake;P0;22;906ec;CFL;S;Core Gen9 Desktop;
|
||||||
|
Mobile;;Coffee Lake;P0;22;906ec;CFL;H;Core Gen9 Mobile;
|
||||||
|
Server;;Coffee Lake;P0;22;906ec;CFL;Xeon E;Xeon E;
|
||||||
|
Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop;
|
||||||
|
Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile;
|
||||||
|
Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E;
|
||||||
|
SOC;;Jasper Lake;A0,A1;01;906c0;JSL;;Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105;
|
||||||
|
Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile;
|
||||||
|
Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
|
||||||
|
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
|
||||||
|
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
|
||||||
|
Mobile;;Comet Lake;K1;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
|
||||||
|
Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11;
|
||||||
|
Desktop;;Alder Lake;C0;03;b06f2;ADL;;Core Gen12;
|
||||||
|
Desktop;;Alder Lake;C0;03;b06f5;ADL;;Core Gen12;
|
||||||
|
|
||||||
|
# sources:
|
||||||
|
# https://en.wikichip.org/wiki/intel/cpuid
|
||||||
|
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/include/asm/intel-family.h
|
||||||
|
# releasenote from microcode releases
|
||||||
|
# https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model
|
||||||
|
# https://en.wikipedia.org/wiki/Cascade_Lake_(microarchitecture)
|
||||||
|
# https://en.wikipedia.org/wiki/List_of_Intel_Broadwell-based_Xeon_microprocessors
|
||||||
|
# https://github.com/InstLatx64/InstLatx64
|
||||||
|
# https://fossies.org/linux/cpuid/cpuid.c
|
||||||
|
# https://software.intel.com/content/www/us/en/develop/articles/intel-architecture-and-processor-identification-with-cpuid-model-and-family-numbers.html
|
||||||
|
# http://ixbtlabs.com/articles/cpuerrata/index.html
|
||||||
|
# http://bios.rom.by/ROMutils/BIOS_Patcher/ALLCODES.TXT
|
@ -0,0 +1,132 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Hack in additional firmware directories for supported caveats.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
|
check() {
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
install() {
|
||||||
|
local FW_DIR=/lib/firmware
|
||||||
|
local DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
|
||||||
|
local CFG_DIR="/etc/microcode_ctl/ucode_with_caveats"
|
||||||
|
local check_caveats=/usr/libexec/microcode_ctl/check_caveats
|
||||||
|
|
||||||
|
local verbose_opt
|
||||||
|
local cc_out
|
||||||
|
local path
|
||||||
|
local ignored
|
||||||
|
local do_skip_host_only
|
||||||
|
local p
|
||||||
|
|
||||||
|
verbose_opt=
|
||||||
|
[ 4 -gt "$stdloglvl" ] || verbose_opt="-v"
|
||||||
|
|
||||||
|
# HACK: we override external fw_dir variable in order to get
|
||||||
|
# an additional ucode based on the kernel version.
|
||||||
|
dinfo " microcode_ctl module: mangling fw_dir"
|
||||||
|
|
||||||
|
[ -z "$fw_dir_l" ] || {
|
||||||
|
dinfo " microcode_ctl: avoid touching fw_dir as" \
|
||||||
|
"it has been changed (fw_dir_l is '$fw_dir_l')"
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
# Reset fw_dir to avoid inclusion of kernel-version-specific directories
|
||||||
|
# populated with microcode for the late load
|
||||||
|
[ "x$fw_dir" != \
|
||||||
|
"x/lib/firmware/updates /lib/firmware /lib/firmware/$kernel" ] || {
|
||||||
|
fw_dir="/lib/firmware/updates /lib/firmware"
|
||||||
|
dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\""
|
||||||
|
}
|
||||||
|
|
||||||
|
fw_dir_add=""
|
||||||
|
while read -d $'\n' -r i; do
|
||||||
|
dinfo " microcode_ctl: processing data directory " \
|
||||||
|
"\"$DATA_DIR/$i\"..."
|
||||||
|
|
||||||
|
if [ "x" != "x$hostonly" ]; then
|
||||||
|
do_skip_host_only=0
|
||||||
|
|
||||||
|
local sho_overrides="
|
||||||
|
$CFG_DIR/skip-host-only-check
|
||||||
|
$CFG_DIR/skip-host-only-check-$i
|
||||||
|
$FW_DIR/$kernel/skip-host-only-check
|
||||||
|
$FW_DIR/$kernel/skip-host-only-check-$i"
|
||||||
|
|
||||||
|
for p in $(echo "$sho_overrides"); do
|
||||||
|
[ -e "$p" ] || continue
|
||||||
|
|
||||||
|
do_skip_host_only=1
|
||||||
|
dinfo " microcode_ctl: $i; skipping" \
|
||||||
|
"Host-Only check, since \"$p\" exists."
|
||||||
|
break
|
||||||
|
done
|
||||||
|
else
|
||||||
|
do_skip_host_only=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
match_model_opt=""
|
||||||
|
[ 1 = "$do_skip_host_only" ] || match_model_opt="-m"
|
||||||
|
|
||||||
|
if ! cc_out=$($check_caveats -e -k "$kernel" -c "$i" \
|
||||||
|
$verbose_opt $match_model_opt)
|
||||||
|
then
|
||||||
|
dinfo " microcode_ctl: kernel version \"$kernel\"" \
|
||||||
|
"failed early load check for \"$i\", skipping"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
path=$(printf "%s" "$cc_out" | sed -n 's/^paths //p')
|
||||||
|
[ -n "$path" ] || {
|
||||||
|
ignored=$(printf "%s" "$cc_out" | \
|
||||||
|
sed -n 's/^skip_cfgs //p')
|
||||||
|
|
||||||
|
if [ -n "$ignored" ]; then
|
||||||
|
dinfo " microcode_ctl: configuration" \
|
||||||
|
"\"$i\" is ignored"
|
||||||
|
else
|
||||||
|
dinfo " microcode_ctl: no microcode paths" \
|
||||||
|
"are associated with \"$i\", skipping"
|
||||||
|
fi
|
||||||
|
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
dinfo " microcode_ctl: $i: caveats check for kernel" \
|
||||||
|
"version \"$kernel\" passed, adding" \
|
||||||
|
"\"$DATA_DIR/$i\" to fw_dir variable"
|
||||||
|
|
||||||
|
if [ 0 -eq "$do_skip_host_only" ]; then
|
||||||
|
fw_dir_add="$DATA_DIR/$i "
|
||||||
|
else
|
||||||
|
fw_dir_add="$DATA_DIR/$i $fw_dir_add"
|
||||||
|
fi
|
||||||
|
# The list of directories is reverse-sorted in order to preserve the
|
||||||
|
# "last wins" policy in case of presence of multiple microcode
|
||||||
|
# revisions.
|
||||||
|
#
|
||||||
|
# In case of hostonly == 0, all microcode revisions will be included,
|
||||||
|
# but since the microcode search is done with the "first wins" policy
|
||||||
|
# by the (early) microcode loading code, the correct microcode revision
|
||||||
|
# still has to be picked.
|
||||||
|
#
|
||||||
|
# Note that dracut without patch [1] puts only the last directory
|
||||||
|
# in the early cpio; we try to address this by putting only the last
|
||||||
|
# matching caveat in the search path, but that workaround works only
|
||||||
|
# for host-only mode; non-host-only mode early cpio generation is still
|
||||||
|
# broken without that patch.
|
||||||
|
#
|
||||||
|
# [1] https://github.com/dracutdevs/dracut/commit/c44d2252bb4b
|
||||||
|
done <<-EOF
|
||||||
|
$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f\n" \
|
||||||
|
| LC_ALL=C sort)
|
||||||
|
EOF
|
||||||
|
|
||||||
|
fw_dir="${fw_dir_add}${fw_dir}"
|
||||||
|
dinfo " microcode_ctl: final fw_dir: \"${fw_dir}\""
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,197 @@
|
|||||||
|
#! /bin/bash -efu
|
||||||
|
|
||||||
|
# Generator of RPM "Provides:" tags for Intel microcode files.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
|
IFS=$'\n'
|
||||||
|
UPDATED="intel-beta"
|
||||||
|
CODENAMES="codenames"
|
||||||
|
|
||||||
|
if [ "$#" -ge 1 ]; then
|
||||||
|
CODENAMES="$1"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Match only FF-MM-SS ucode files under intel-ucode/intel-ucode-with-caveats
|
||||||
|
# directories.
|
||||||
|
for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]$'); do
|
||||||
|
ucode=$(basename "$f")
|
||||||
|
ucode_caveat="$(basename "$(dirname "$(dirname "$f")")")"
|
||||||
|
ucode_fname="$ucode_caveat/$ucode"
|
||||||
|
file_sz="$(stat -c "%s" "$f")"
|
||||||
|
skip=0
|
||||||
|
ext_hdr=0
|
||||||
|
ext_sig_cnt=0
|
||||||
|
ext_sig_pos=0
|
||||||
|
next_skip=0
|
||||||
|
|
||||||
|
# Microcode header format description:
|
||||||
|
# https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c
|
||||||
|
while :; do
|
||||||
|
[ "$skip" -lt "$file_sz" ] || break
|
||||||
|
|
||||||
|
# Do we parse ext_sig table or another microcode header?
|
||||||
|
if [ 0 != "$next_skip" ]; then
|
||||||
|
# Check whether we should abort ext_sig table parsing
|
||||||
|
[ \( "${skip}" -lt "${next_skip}" \) -a \
|
||||||
|
\( "${ext_sig_pos}" -lt "${ext_sig_cnt}" \) ] || {
|
||||||
|
skip="${next_skip}"
|
||||||
|
next_skip=0
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
# ext_sig, 12 bytes in size
|
||||||
|
IFS=' ' read cpuid pf_mask <<- EOF
|
||||||
|
$(dd if="$f" ibs=1 skip="$skip" count=8 status=none \
|
||||||
|
| xxd -e -g4 | xxd -r | hexdump -n 8 \
|
||||||
|
-e '"" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
|
||||||
|
EOF
|
||||||
|
# Converting values from the constructed %#08x format
|
||||||
|
pf_mask="$((pf_mask))"
|
||||||
|
|
||||||
|
skip="$((skip + 12))"
|
||||||
|
ext_sig_pos="$((ext_sig_pos + 1))"
|
||||||
|
else
|
||||||
|
# Microcode header, 48 bytes, last 3 fields reserved
|
||||||
|
# cksum, ldrver are ignored
|
||||||
|
IFS=' ' read hdrver rev \
|
||||||
|
date_m date_d date_y \
|
||||||
|
cpuid cksum ldrver \
|
||||||
|
pf_mask datasz totalsz <<- EOF
|
||||||
|
$(dd if="$f" ibs=1 skip="$skip" count=36 status=none \
|
||||||
|
| xxd -e -g4 | xxd -r | hexdump -n 36 \
|
||||||
|
-e '"0x" 4/1 "%02x" " 0x" 4/1 "%02x" " " \
|
||||||
|
1/1 "%02x " 1/1 "%02x " 2/1 "%02x" " " \
|
||||||
|
4/1 "%02x" " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" \
|
||||||
|
" 0x" 4/1 "%x" \
|
||||||
|
" 0x" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Converting values from the constructed %#08x format
|
||||||
|
rev="$(printf '%#x' "$((rev))")"
|
||||||
|
pf_mask="$((pf_mask))"
|
||||||
|
datasz="$((datasz))"
|
||||||
|
totalsz="$((totalsz))"
|
||||||
|
|
||||||
|
# Skipping files with unexpected hdrver value
|
||||||
|
[ 1 = "$((hdrver))" ] || {
|
||||||
|
echo "$f+$skip@$file_sz: incorrect hdrver $((hdrver))" >&2
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
[ 0 != "$datasz" ] || datasz=2000
|
||||||
|
[ 0 != "$totalsz" ] || totalsz=2048
|
||||||
|
|
||||||
|
# TODO: add some sanity/safety checks here. As of now,
|
||||||
|
# there's a (pretty fragile) assumption that all
|
||||||
|
# the matched files are valid Intel microcode
|
||||||
|
# files in the expected format.
|
||||||
|
|
||||||
|
# ext_sig table is after the microcode payload,
|
||||||
|
# check for its presence
|
||||||
|
if [ 48 -lt "$((totalsz - datasz))" ]; then
|
||||||
|
next_skip="$((skip + totalsz))"
|
||||||
|
skip="$((skip + datasz + 48))"
|
||||||
|
ext_sig_pos=0
|
||||||
|
|
||||||
|
# ext_sig table header, 20 bytes in size,
|
||||||
|
# last 3 fields are reserved.
|
||||||
|
IFS=' ' read ext_sig_cnt <<- EOF
|
||||||
|
$(dd if="$f" ibs=1 skip="$skip" count=4 status=none \
|
||||||
|
| xxd -e -g4 | hexdump -n 4 \
|
||||||
|
-e '"0x" 4/1 "%02x" "\n"')
|
||||||
|
EOF
|
||||||
|
# Converting values from the constructed format
|
||||||
|
ext_sig_cnt="$((ext_sig_cnt))"
|
||||||
|
|
||||||
|
skip="$((skip + 20))"
|
||||||
|
else
|
||||||
|
skip="$((skip + totalsz))"
|
||||||
|
next_skip=0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#[ -n "$rev" ] || continue
|
||||||
|
|
||||||
|
# Basic "Provides:" tag. Everything else is bells and whistles.
|
||||||
|
# It's possible that microcode files for different platform_id's
|
||||||
|
# and the same CPUID have the same version, that's why "sort -u"
|
||||||
|
# in the end.
|
||||||
|
printf "firmware(intel-ucode/%s) = %s\n" "$ucode" "$rev"
|
||||||
|
|
||||||
|
# Generate extended "Provides:" tags with additional
|
||||||
|
# information, which allow more precise matching.
|
||||||
|
printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x) = %s.%s.%s\n" \
|
||||||
|
"$ucode_fname" "$cpuid" "$pf_mask" "$date_y" "$date_m" "$date_d"
|
||||||
|
printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x) = %s\n" \
|
||||||
|
"$ucode_fname" "$cpuid" "$pf_mask" "$rev"
|
||||||
|
|
||||||
|
# Generate tags for each possible platform_id
|
||||||
|
_pf=1
|
||||||
|
_pf_mask="$pf_mask"
|
||||||
|
while [ 0 -lt "$_pf_mask" ]; do
|
||||||
|
[ 1 -ne "$((_pf_mask % 2))" ] || \
|
||||||
|
# We try to provide a more specific firmware()
|
||||||
|
# dependency here. It has incorrect file name,
|
||||||
|
# but allows constructing a required RPM
|
||||||
|
# capability name by (directly) using
|
||||||
|
# the contents of /proc/cpuinfo and
|
||||||
|
# /sys/devices/system/cpu/cpu*/microcode/processor_flags
|
||||||
|
# (except for a Deschutes CPU with sig 0x1632)
|
||||||
|
printf "iucode_rev(fname:%s;platform_id:0x%x) = %s\n" \
|
||||||
|
"$ucode_fname" "$_pf" "$rev"
|
||||||
|
|
||||||
|
_pf_mask=$((_pf_mask / 2))
|
||||||
|
_pf=$((_pf * 2))
|
||||||
|
done
|
||||||
|
|
||||||
|
# Generate tags with codename information, in case
|
||||||
|
# it is available
|
||||||
|
if [ -e "$CODENAMES" ]; then
|
||||||
|
cpuid_up="$(echo "$cpuid" | tr 'a-z' 'A-Z')"
|
||||||
|
cpuid_short="$(printf "%x" "0x$cpuid")"
|
||||||
|
(grep ' '"$cpuid_up"' ' "$CODENAMES" || :; grep ';'"$cpuid_short"';' "$CODENAMES" || :) \
|
||||||
|
| while IFS=$';\t' read segm int_fname codename stepping candidate_pf cpuid_cn cname variants rest; do
|
||||||
|
[ "x${segm###}" = "x$segm" ] || continue
|
||||||
|
[ -n "${segm}" ] || continue
|
||||||
|
codename=$(echo "$codename" | tr ' (),' '_[];')
|
||||||
|
candidate_pf=$(printf "%u" "0x${candidate_pf}")
|
||||||
|
(IFS=','; for s in $stepping; do
|
||||||
|
[ \( 0 -ne "$pf_mask" \) -a \
|
||||||
|
\( 0 -eq "$((candidate_pf & pf_mask))" \) ] || { \
|
||||||
|
printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \
|
||||||
|
"$ucode_fname" "$cpuid" "$pf_mask" \
|
||||||
|
"$segm" "$codename" "$s" "$candidate_pf" \
|
||||||
|
"$rev";
|
||||||
|
printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \
|
||||||
|
"$ucode_fname" "$cpuid" "$pf_mask" \
|
||||||
|
"$segm" "$codename" "$s" "$candidate_pf" \
|
||||||
|
"$date_y" "$date_m" "$date_d";
|
||||||
|
if [ "$cpuid_short" = "$cpuid_cn" -a -n "$variants" ]; then
|
||||||
|
(IFS=','; for v in $variants; do
|
||||||
|
v=$(echo "$v" | tr ' (),' '_[];')
|
||||||
|
printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s_%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \
|
||||||
|
"$ucode_fname" "$cpuid" "$pf_mask" \
|
||||||
|
"$segm" "$codename" "$v" "$s" "$candidate_pf" \
|
||||||
|
"$rev";
|
||||||
|
printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s_%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \
|
||||||
|
"$ucode_fname" "$cpuid" "$pf_mask" \
|
||||||
|
"$segm" "$codename" "$v" "$s" "$candidate_pf" \
|
||||||
|
"$date_y" "$date_m" "$date_d";
|
||||||
|
done)
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
done)
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Kludge squared: generate additional "Provides:" tags
|
||||||
|
# for the files in the overrides tarball (that a placed
|
||||||
|
# in a separate caveat with a specific name)
|
||||||
|
[ "x${ucode_caveat}" != "x${UPDATED}" ] || {
|
||||||
|
printf "firmware_updated(intel-ucode/%s) = %s\n" \
|
||||||
|
"$ucode" "$rev";
|
||||||
|
}
|
||||||
|
done
|
||||||
|
done | sort -u
|
@ -0,0 +1,999 @@
|
|||||||
|
#! /usr/bin/python
|
||||||
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
|
import argparse
|
||||||
|
import errno
|
||||||
|
import fnmatch
|
||||||
|
import io
|
||||||
|
import itertools
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
import shutil
|
||||||
|
import struct
|
||||||
|
import sys
|
||||||
|
import tarfile
|
||||||
|
import tempfile
|
||||||
|
from subprocess import PIPE, Popen, STDOUT
|
||||||
|
|
||||||
|
# Python 3 shims
|
||||||
|
try:
|
||||||
|
from functools import reduce
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
try:
|
||||||
|
from itertools import zip_longest as izip_longest
|
||||||
|
except:
|
||||||
|
from itertools import izip_longest
|
||||||
|
|
||||||
|
# revs:
|
||||||
|
# [ { "path", "cpuid", "pf", "rev", "date" } ]
|
||||||
|
|
||||||
|
# artifacts:
|
||||||
|
# * content summary (per-file)
|
||||||
|
# * overlay summary (per-fms/pf)
|
||||||
|
# * changelog (per-file?)
|
||||||
|
# * discrepancies (per-fms/pf)
|
||||||
|
|
||||||
|
log_level = 0
|
||||||
|
print_date = False
|
||||||
|
file_glob = ["*??-??-??", "*microcode*.dat"]
|
||||||
|
|
||||||
|
|
||||||
|
def log_status(msg, level=0):
|
||||||
|
global log_level
|
||||||
|
|
||||||
|
if log_level >= level:
|
||||||
|
sys.stderr.write(msg + "\n")
|
||||||
|
|
||||||
|
|
||||||
|
def log_info(msg, level=2):
|
||||||
|
global log_level
|
||||||
|
|
||||||
|
if log_level >= level:
|
||||||
|
sys.stderr.write("INFO: " + msg + "\n")
|
||||||
|
|
||||||
|
|
||||||
|
def log_warn(msg, level=1):
|
||||||
|
global log_level
|
||||||
|
|
||||||
|
if log_level >= level:
|
||||||
|
sys.stderr.write("WARNING: " + msg + "\n")
|
||||||
|
|
||||||
|
|
||||||
|
def log_error(msg, level=-1):
|
||||||
|
global log_level
|
||||||
|
|
||||||
|
if log_level >= level:
|
||||||
|
sys.stderr.write("ERROR: " + msg + "\n")
|
||||||
|
|
||||||
|
|
||||||
|
def remove_prefix(text, prefix):
|
||||||
|
if isinstance(prefix, str):
|
||||||
|
prefix = [prefix, ]
|
||||||
|
|
||||||
|
for p in prefix:
|
||||||
|
pfx = p if p.endswith(os.sep) else p + os.sep
|
||||||
|
if text.startswith(pfx):
|
||||||
|
return text[len(pfx):]
|
||||||
|
|
||||||
|
return text
|
||||||
|
|
||||||
|
|
||||||
|
def file_walk(args, yield_dirs=False):
|
||||||
|
for content in args:
|
||||||
|
if os.path.isdir(content):
|
||||||
|
if yield_dirs:
|
||||||
|
yield ("", content)
|
||||||
|
for root, dirs, files in os.walk(content):
|
||||||
|
if yield_dirs:
|
||||||
|
for f in dirs:
|
||||||
|
p = os.path.join(root, f)
|
||||||
|
yield (remove_prefix(p, content), p)
|
||||||
|
for f in files:
|
||||||
|
p = os.path.join(root, f)
|
||||||
|
yield (remove_prefix(p, content), p)
|
||||||
|
elif os.path.exists(content):
|
||||||
|
yield ("", content)
|
||||||
|
else:
|
||||||
|
raise IOError(errno.ENOENT, os.strerror(errno.ENOENT), content)
|
||||||
|
|
||||||
|
|
||||||
|
def cpuid_fname(c):
|
||||||
|
# Note that the Extended Family is summed up with the Family,
|
||||||
|
# while the Extended Model is concatenated with the Model.
|
||||||
|
return "%02x-%02x-%02x" % (
|
||||||
|
((c >> 20) & 0xff) + ((c >> 8) & 0xf),
|
||||||
|
((c >> 12) & 0xf0) + ((c >> 4) & 0xf),
|
||||||
|
c & 0xf)
|
||||||
|
|
||||||
|
|
||||||
|
def read_revs_dir(path, args, src=None, ret=None):
|
||||||
|
if ret is None:
|
||||||
|
ret = []
|
||||||
|
|
||||||
|
ucode_re = re.compile('[0-9a-f]{2}-[0-9a-f]{2}-0[0-9a-f]$')
|
||||||
|
ucode_dat_re = re.compile('microcode.*\.dat$')
|
||||||
|
|
||||||
|
for rp, ap in file_walk([path, ]):
|
||||||
|
rp_fname = os.path.basename(rp)
|
||||||
|
if not ucode_re.match(rp_fname) and not ucode_dat_re.match(rp_fname):
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Text-based format
|
||||||
|
data = None
|
||||||
|
if ucode_dat_re.match(rp_fname):
|
||||||
|
data = io.BytesIO()
|
||||||
|
with open(ap, "r") as f:
|
||||||
|
for line in f:
|
||||||
|
if line.startswith("/"):
|
||||||
|
continue
|
||||||
|
vals = line.split(",")
|
||||||
|
for val in vals:
|
||||||
|
val = val.strip()
|
||||||
|
if not val:
|
||||||
|
continue
|
||||||
|
data.write(struct.pack("<I", int(val, 16)))
|
||||||
|
sz = data.seek(0, os.SEEK_CUR)
|
||||||
|
data.seek(0, os.SEEK_SET)
|
||||||
|
else:
|
||||||
|
sz = os.stat(ap).st_size
|
||||||
|
|
||||||
|
try:
|
||||||
|
with data or open(ap, "rb") as f:
|
||||||
|
log_info("Processing %s" % ap)
|
||||||
|
offs = 0
|
||||||
|
while offs < sz:
|
||||||
|
f.seek(offs, os.SEEK_SET)
|
||||||
|
hdr = struct.unpack("<IiIIIIIIIIII", f.read(48))
|
||||||
|
ret.append({"path": rp, "src": src or path,
|
||||||
|
"cpuid": hdr[3], "pf": hdr[6], "rev": hdr[1],
|
||||||
|
"date": hdr[2], "offs": offs, "cksum": hdr[4],
|
||||||
|
"data_size": hdr[7], "total_size": hdr[8]})
|
||||||
|
|
||||||
|
if hdr[8] and hdr[8] - hdr[7] > 48:
|
||||||
|
f.seek(hdr[7], os.SEEK_CUR)
|
||||||
|
ext_tbl = struct.unpack("<IIIII", f.read(20))
|
||||||
|
log_status("Found %u extended signatures for %s:%#x" %
|
||||||
|
(ext_tbl[0], rp, offs), level=1)
|
||||||
|
|
||||||
|
cur_offs = offs + hdr[7] + 48 + 20
|
||||||
|
ext_sig_cnt = 0
|
||||||
|
while cur_offs < offs + hdr[8] \
|
||||||
|
and ext_sig_cnt <= ext_tbl[0]:
|
||||||
|
ext_sig = struct.unpack("<III", f.read(12))
|
||||||
|
ignore = args.ignore_ext_dups and \
|
||||||
|
(ext_sig[0] == hdr[3])
|
||||||
|
if not ignore:
|
||||||
|
ret.append({"path": rp, "src": src or path,
|
||||||
|
"cpuid": ext_sig[0],
|
||||||
|
"pf": ext_sig[1],
|
||||||
|
"rev": hdr[1], "date": hdr[2],
|
||||||
|
"offs": offs, "ext_offs": cur_offs,
|
||||||
|
"cksum": hdr[4],
|
||||||
|
"ext_cksum": ext_sig[2],
|
||||||
|
"data_size": hdr[7],
|
||||||
|
"total_size": hdr[8]})
|
||||||
|
log_status(("Got ext sig %#x/%#x for " +
|
||||||
|
"%s:%#x:%#x/%#x%s") %
|
||||||
|
(ext_sig[0], ext_sig[1],
|
||||||
|
rp, offs, hdr[3], hdr[6],
|
||||||
|
" (ignored)" if ignore else ""),
|
||||||
|
level=2)
|
||||||
|
|
||||||
|
cur_offs += 12
|
||||||
|
ext_sig_cnt += 1
|
||||||
|
|
||||||
|
offs += hdr[8] or 2048
|
||||||
|
except Exception as e:
|
||||||
|
log_error("a problem occurred while processing %s: %s" % (ap, e),
|
||||||
|
level=1)
|
||||||
|
|
||||||
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
def read_revs_rpm(path, args, ret=None):
|
||||||
|
if ret is None:
|
||||||
|
ret = []
|
||||||
|
|
||||||
|
dir_tmp = tempfile.mkdtemp()
|
||||||
|
|
||||||
|
log_status("Trying to extract files from RPM \"%s\"..." % path,
|
||||||
|
level=1)
|
||||||
|
|
||||||
|
rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE,
|
||||||
|
close_fds=True)
|
||||||
|
cpio = Popen(args=["cpio", "-idmv"] + file_glob,
|
||||||
|
cwd=dir_tmp, stdin=rpm2cpio.stdout,
|
||||||
|
stdout=PIPE, stderr=STDOUT)
|
||||||
|
out, cpio_stderr = cpio.communicate()
|
||||||
|
rpm2cpio_out, rpm2cpio_err = rpm2cpio.communicate()
|
||||||
|
|
||||||
|
rpm2cpio_ret = rpm2cpio.returncode
|
||||||
|
cpio_ret = cpio.returncode
|
||||||
|
|
||||||
|
log_info("rpm2cpio exit code: %d, cpio exit code: %d" %
|
||||||
|
(rpm2cpio_ret, cpio_ret))
|
||||||
|
if rpm2cpio_err:
|
||||||
|
log_info("rpm2cpio stderr:\n%s" % rpm2cpio_err, level=3)
|
||||||
|
if out:
|
||||||
|
log_info("cpio output:\n%s" % out, level=3)
|
||||||
|
if cpio_stderr:
|
||||||
|
log_info("cpio stderr:\n%s" % cpio_stderr, level=3)
|
||||||
|
|
||||||
|
if rpm2cpio_ret == 0 and cpio_ret == 0:
|
||||||
|
ret = read_revs_dir(dir_tmp, args, path)
|
||||||
|
|
||||||
|
shutil.rmtree(dir_tmp)
|
||||||
|
|
||||||
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
def read_revs_tar(path, args, ret=None):
|
||||||
|
if ret is None:
|
||||||
|
ret = []
|
||||||
|
|
||||||
|
dir_tmp = tempfile.mkdtemp()
|
||||||
|
|
||||||
|
log_status("Trying to extract files from tarball \"%s\"..." % path,
|
||||||
|
level=1)
|
||||||
|
|
||||||
|
try:
|
||||||
|
with tarfile.open(path, "r:*") as tar:
|
||||||
|
for ti in tar:
|
||||||
|
if any(fnmatch.fnmatchcase(ti.name, p) for p in file_glob):
|
||||||
|
d = os.path.normpath(os.path.join("/",
|
||||||
|
os.path.dirname(ti.name)))
|
||||||
|
# For now, strip exactl one level
|
||||||
|
d = os.path.join(*(d.split(os.path.sep)[2:]))
|
||||||
|
n = os.path.join(d, os.path.basename(ti.name))
|
||||||
|
|
||||||
|
if not os.path.exists(d):
|
||||||
|
os.makedirs(d)
|
||||||
|
t = tar.extractfile(ti)
|
||||||
|
with open(n, "wb") as f:
|
||||||
|
shutil.copyfileobj(t, f)
|
||||||
|
t.close()
|
||||||
|
|
||||||
|
ret = read_revs_dir(dir_tmp, args, path)
|
||||||
|
except Exception as err:
|
||||||
|
log_error("Error while reading \"%s\" as a tarball: \"%s\"" %
|
||||||
|
(path, str(err)))
|
||||||
|
|
||||||
|
shutil.rmtree(dir_tmp)
|
||||||
|
|
||||||
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
def read_revs(path, args, ret=None):
|
||||||
|
if ret is None:
|
||||||
|
ret = []
|
||||||
|
if os.path.isdir(path):
|
||||||
|
return read_revs_dir(path, args, ret)
|
||||||
|
elif tarfile.is_tarfile(path):
|
||||||
|
return read_revs_tar(path, args, ret)
|
||||||
|
else:
|
||||||
|
return read_revs_rpm(path, args, ret)
|
||||||
|
|
||||||
|
|
||||||
|
def gen_mc_map(mc_data, merge=False, merge_path=False):
|
||||||
|
"""
|
||||||
|
Converts an array of microcode file information to a map with path/sig/pf
|
||||||
|
as a key.
|
||||||
|
|
||||||
|
merge: whether to leave only the newest mc variant in the map or leave all
|
||||||
|
possible variants.
|
||||||
|
"""
|
||||||
|
res = dict()
|
||||||
|
|
||||||
|
for mc in mc_data:
|
||||||
|
key = (None if merge_path else mc["path"], mc["cpuid"], mc["pf"])
|
||||||
|
|
||||||
|
if key not in res:
|
||||||
|
res[key] = dict()
|
||||||
|
|
||||||
|
cpuid = mc["cpuid"]
|
||||||
|
cur_pf = mc["pf"]
|
||||||
|
pid = 1
|
||||||
|
while cur_pf > 0:
|
||||||
|
if cur_pf & 1 and not (merge and pid in res[key]
|
||||||
|
and res[key][pid]["rev"][0] >= mc["rev"]):
|
||||||
|
if pid not in res[cpuid] or merge:
|
||||||
|
res[cpuid][pid] = []
|
||||||
|
res[cpuid][pid].append(mc)
|
||||||
|
|
||||||
|
cur_pf = cur_pf / 2
|
||||||
|
pid = pid * 2
|
||||||
|
|
||||||
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
def gen_fn_map(mc_data, merge=False, merge_path=False):
|
||||||
|
res = dict()
|
||||||
|
|
||||||
|
for mc in mc_data:
|
||||||
|
key = (None if merge_path else mc["path"], mc["cpuid"], mc["pf"])
|
||||||
|
if key in res:
|
||||||
|
log_warn("Duplicate path/cpuid/pf: %s/%#x/%#x" % key)
|
||||||
|
else:
|
||||||
|
res[key] = []
|
||||||
|
if merge and len(res[key]):
|
||||||
|
if mc["rev"] > res[key][0]["rev"]:
|
||||||
|
res[key][0] = mc
|
||||||
|
else:
|
||||||
|
res[key].append(mc)
|
||||||
|
|
||||||
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
def revcmp(a, b):
|
||||||
|
return b["rev"] - a["rev"]
|
||||||
|
|
||||||
|
|
||||||
|
class ChangeLogEntry:
|
||||||
|
ADDED = 0
|
||||||
|
REMOVED = 1
|
||||||
|
UPDATED = 2
|
||||||
|
DOWNGRADED = 3
|
||||||
|
OTHER = 4
|
||||||
|
|
||||||
|
|
||||||
|
def mc_stripped_path(mc):
|
||||||
|
paths = ("usr/share/microcode_ctl/ucode_with_caveats/intel",
|
||||||
|
"usr/share/microcode_ctl/ucode_with_caveats",
|
||||||
|
"usr/share/microcode_ctl",
|
||||||
|
"lib/firmware",
|
||||||
|
"etc/firmware",
|
||||||
|
)
|
||||||
|
|
||||||
|
return remove_prefix(mc["path"], paths)
|
||||||
|
|
||||||
|
|
||||||
|
class mcnm:
|
||||||
|
MCNM_ABBREV = 0
|
||||||
|
MCNM_FAMILIES = 1
|
||||||
|
MCNM_MODELS = 2
|
||||||
|
MCNM_FAMILIES_MODELS = 3
|
||||||
|
MCNM_CODENAME = 4
|
||||||
|
|
||||||
|
|
||||||
|
def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True,
|
||||||
|
segment=False):
|
||||||
|
if not isinstance(mc, dict):
|
||||||
|
mc = mc_from_mc_key(mc)
|
||||||
|
sig = mc["cpuid"]
|
||||||
|
pf = mc["pf"]
|
||||||
|
res = []
|
||||||
|
|
||||||
|
if not cmap:
|
||||||
|
return None
|
||||||
|
if sig not in cmap:
|
||||||
|
log_info("No codename information for sig %#x" % sig)
|
||||||
|
return None
|
||||||
|
|
||||||
|
cnames = cmap[sig]
|
||||||
|
|
||||||
|
if mode in (mcnm.MCNM_FAMILIES, mcnm.MCNM_MODELS,
|
||||||
|
mcnm.MCNM_FAMILIES_MODELS):
|
||||||
|
for c in cnames:
|
||||||
|
if not (pf & c["pf_mask"]):
|
||||||
|
continue
|
||||||
|
for m, f in ((mcnm.MCNM_FAMILIES, "families"),
|
||||||
|
(mcnm.MCNM_MODELS, "models")):
|
||||||
|
if m & mode == 0:
|
||||||
|
continue
|
||||||
|
if f not in c or not c[f]:
|
||||||
|
log_info("No %s for sig %#x in %r" % (f, sig, c))
|
||||||
|
continue
|
||||||
|
|
||||||
|
res.append(c[f])
|
||||||
|
|
||||||
|
return ", ".join(res) or None
|
||||||
|
|
||||||
|
steppings = dict()
|
||||||
|
suffices = dict()
|
||||||
|
for c in cnames:
|
||||||
|
if pf and not (pf & c["pf_mask"]):
|
||||||
|
continue
|
||||||
|
|
||||||
|
if mode == mcnm.MCNM_ABBREV and "abbrev" in c and c["abbrev"]:
|
||||||
|
cname = c["abbrev"]
|
||||||
|
else:
|
||||||
|
cname = c["codename"]
|
||||||
|
|
||||||
|
if segment:
|
||||||
|
cname = c["segment"] + " " + cname
|
||||||
|
|
||||||
|
if cname not in suffices:
|
||||||
|
suffices[cname] = set()
|
||||||
|
if "variant" in c and c["variant"]:
|
||||||
|
suffices[cname] |= set(c["variant"])
|
||||||
|
|
||||||
|
if cname not in steppings:
|
||||||
|
steppings[cname] = set()
|
||||||
|
if c["stepping"]:
|
||||||
|
steppings[cname] |= set(c["stepping"])
|
||||||
|
|
||||||
|
for cname in sorted(steppings.keys()):
|
||||||
|
cname_res = [cname]
|
||||||
|
if len(suffices[cname]):
|
||||||
|
cname_res[0] += "-" + "/".join(sorted(suffices[cname]))
|
||||||
|
if len(steppings[cname]):
|
||||||
|
cname_res.append("/".join(sorted(steppings[cname])))
|
||||||
|
res.append(" ".join(cname_res) if stringify else cname_res)
|
||||||
|
|
||||||
|
return (", ".join(res) or None) if stringify else res
|
||||||
|
|
||||||
|
|
||||||
|
def mc_from_mc_key(k):
|
||||||
|
return dict(zip(("path", "cpuid", "pf"), k))
|
||||||
|
|
||||||
|
|
||||||
|
def mc_path(mc, pf_sfx=True, midword=None, cmap=None, cname_segment=False):
|
||||||
|
if not isinstance(mc, dict):
|
||||||
|
mc = mc_from_mc_key(mc)
|
||||||
|
path = mc_stripped_path(mc) if mc["path"] is not None else None
|
||||||
|
cpuid_fn = cpuid_fname(mc["cpuid"])
|
||||||
|
fname = os.path.basename(mc["path"] or cpuid_fn)
|
||||||
|
midword = "" if midword is None else " " + midword
|
||||||
|
cname = get_mc_cnames(mc, cmap, segment=cname_segment)
|
||||||
|
cname_str = " (" + cname + ")" if cname else ""
|
||||||
|
|
||||||
|
if pf_sfx:
|
||||||
|
sfx = "/0x%02x" % mc["pf"]
|
||||||
|
else:
|
||||||
|
sfx = ""
|
||||||
|
|
||||||
|
if not path or path == os.path.join("intel-ucode", cpuid_fn):
|
||||||
|
return "%s%s%s%s" % (fname, sfx, cname_str, midword)
|
||||||
|
else:
|
||||||
|
return "%s%s%s%s (in %s)" % (cpuid_fn, sfx, cname_str, midword, path)
|
||||||
|
|
||||||
|
|
||||||
|
def gen_changelog_file(old, new):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def mc_cmp(old_mc, new_mc):
|
||||||
|
res = []
|
||||||
|
|
||||||
|
old_mc_revs = [x["rev"] for x in old_mc]
|
||||||
|
new_mc_revs = [x["rev"] for x in new_mc]
|
||||||
|
common = set(old_mc_revs) & set(new_mc_revs)
|
||||||
|
old_rev_list = [x for x in sorted(old_mc_revs) if x not in common]
|
||||||
|
new_rev_list = [x for x in sorted(new_mc_revs) if x not in common]
|
||||||
|
|
||||||
|
if len(old_rev_list) != 1 or len(new_rev_list) != 1:
|
||||||
|
for i in new_mc:
|
||||||
|
if i["rev"] in new_rev_list:
|
||||||
|
res.append((ChangeLogEntry.ADDED, None, i))
|
||||||
|
for i in old_mc:
|
||||||
|
if i["rev"] in old_rev_list:
|
||||||
|
res.append((ChangeLogEntry.REMOVED, i, None))
|
||||||
|
else:
|
||||||
|
for old in old_mc:
|
||||||
|
if old["rev"] == old_rev_list[0]:
|
||||||
|
break
|
||||||
|
for new in new_mc:
|
||||||
|
if new["rev"] == new_rev_list[0]:
|
||||||
|
break
|
||||||
|
if new["rev"] > old["rev"]:
|
||||||
|
res.append((ChangeLogEntry.UPDATED, old, new))
|
||||||
|
elif new["rev"] < old["rev"]:
|
||||||
|
res.append((ChangeLogEntry.DOWNGRADED, old, new))
|
||||||
|
|
||||||
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
def gen_changelog(old, new):
|
||||||
|
res = []
|
||||||
|
|
||||||
|
old_map = gen_fn_map(old)
|
||||||
|
new_map = gen_fn_map(new)
|
||||||
|
|
||||||
|
old_files = set(old_map.keys())
|
||||||
|
new_files = set(new_map.keys())
|
||||||
|
|
||||||
|
both = old_files & new_files
|
||||||
|
added = new_files - old_files
|
||||||
|
removed = old_files - new_files
|
||||||
|
|
||||||
|
for f in sorted(added):
|
||||||
|
p = mc_path(new_map[f][0])
|
||||||
|
for old_f in sorted(removed):
|
||||||
|
old_p = mc_path(old_map[old_f][0])
|
||||||
|
if p == old_p and f[1] == old_f[1] and f[2] == old_f[2]:
|
||||||
|
log_info("Matched %s (%s and %s)" %
|
||||||
|
(p, old_map[old_f][0]["path"], new_map[f][0]["path"]))
|
||||||
|
added.remove(f)
|
||||||
|
removed.remove(old_f)
|
||||||
|
|
||||||
|
res += mc_cmp(old_map[old_f], new_map[f])
|
||||||
|
|
||||||
|
for f in sorted(added):
|
||||||
|
for i in new_map[f]:
|
||||||
|
res.append((ChangeLogEntry.ADDED, None, i))
|
||||||
|
for f in sorted(removed):
|
||||||
|
for i in old_map[f]:
|
||||||
|
res.append((ChangeLogEntry.REMOVED, i, None))
|
||||||
|
for f in sorted(both):
|
||||||
|
res += mc_cmp(old_map[f], new_map[f])
|
||||||
|
|
||||||
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
def mc_date(mc):
|
||||||
|
if isinstance(mc, dict):
|
||||||
|
mc = mc["date"]
|
||||||
|
return "%04x-%02x-%02x" % (mc & 0xffff, mc >> 24, (mc >> 16) & 0xff)
|
||||||
|
|
||||||
|
|
||||||
|
def mc_rev(mc, date=None):
|
||||||
|
'''
|
||||||
|
While revision is signed for comparison purposes, historically
|
||||||
|
it is printed as unsigned, Oh well.
|
||||||
|
'''
|
||||||
|
global print_date
|
||||||
|
|
||||||
|
if mc["rev"] < 0:
|
||||||
|
rev = 2**32 + mc["rev"]
|
||||||
|
else:
|
||||||
|
rev = mc["rev"]
|
||||||
|
|
||||||
|
if date if date is not None else print_date:
|
||||||
|
return "%#x (%s)" % (rev, mc_date(mc))
|
||||||
|
else:
|
||||||
|
return "%#x" % rev
|
||||||
|
|
||||||
|
|
||||||
|
def print_changelog_rpm(clog, cmap, args):
|
||||||
|
for e, old, new in clog:
|
||||||
|
mc_str = mc_path(new if e == ChangeLogEntry.ADDED else old,
|
||||||
|
midword="microcode",
|
||||||
|
cmap=cmap, cname_segment=args.segment)
|
||||||
|
|
||||||
|
if e == ChangeLogEntry.ADDED:
|
||||||
|
print("Addition of %s at revision %s" % (mc_str, mc_rev(new)))
|
||||||
|
elif e == ChangeLogEntry.REMOVED:
|
||||||
|
print("Removal of %s at revision %s" % (mc_str, mc_rev(old)))
|
||||||
|
elif e == ChangeLogEntry.UPDATED:
|
||||||
|
print("Update of %s from revision %s up to %s" %
|
||||||
|
(mc_str, mc_rev(old), mc_rev(new)))
|
||||||
|
elif e == ChangeLogEntry.DOWNGRADED:
|
||||||
|
print("Downgrade of %s from revision %s down to %s" %
|
||||||
|
(mc_str, mc_rev(old), mc_rev(new)))
|
||||||
|
elif e == ChangeLogEntry.OTHER:
|
||||||
|
print("Other change in %s:" % old["path"])
|
||||||
|
print(" old: %#x/%#x: rev %s (offs %#x)" %
|
||||||
|
(old["cpuid"], old["pf"], mc_rev(old), old["offs"]))
|
||||||
|
print(" new: %#x/%#x: rev %s (offs %#x)" %
|
||||||
|
(new["cpuid"], new["pf"], mc_rev(new), new["offs"]))
|
||||||
|
|
||||||
|
|
||||||
|
def print_changelog_intel(clog, cmap, args):
|
||||||
|
def clog_sort_key(x):
|
||||||
|
res = str(x[0])
|
||||||
|
|
||||||
|
if x[0] != ChangeLogEntry.ADDED:
|
||||||
|
res += "%08x%02x" % (x[1]["cpuid"], x[1]["pf"])
|
||||||
|
else:
|
||||||
|
res += "0" * 10
|
||||||
|
|
||||||
|
if x[0] != ChangeLogEntry.REMOVED:
|
||||||
|
res += "%08x%02x" % (x[2]["cpuid"], x[2]["pf"])
|
||||||
|
else:
|
||||||
|
res += "0" * 10
|
||||||
|
|
||||||
|
return res
|
||||||
|
|
||||||
|
sorted_clog = sorted(clog, key=clog_sort_key)
|
||||||
|
sections = (("New Platforms", (ChangeLogEntry.ADDED, )),
|
||||||
|
("Updated Platforms", (ChangeLogEntry.UPDATED,
|
||||||
|
ChangeLogEntry.DOWNGRADED)),
|
||||||
|
("Removed Platforms", (ChangeLogEntry.REMOVED, )))
|
||||||
|
|
||||||
|
def print_line(e, old, new, types):
|
||||||
|
if e not in types:
|
||||||
|
return
|
||||||
|
|
||||||
|
if not print_line.hdr:
|
||||||
|
print("""
|
||||||
|
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|
||||||
|
|:---------------|:---------|:------------|:---------|:---------|:---------""")
|
||||||
|
print_line.hdr = True
|
||||||
|
|
||||||
|
mc = new if e == ChangeLogEntry.ADDED else old
|
||||||
|
cnames = get_mc_cnames(mc, cmap, stringify=False,
|
||||||
|
segment=args.segment) or (("???", ""), )
|
||||||
|
for cn in cnames:
|
||||||
|
cname = cn[0]
|
||||||
|
stepping = cn[1] if len(cn) > 1 else ""
|
||||||
|
print("| %-14s | %-8s | %8s/%02x | %8s | %8s | %s" %
|
||||||
|
(cname,
|
||||||
|
stepping,
|
||||||
|
cpuid_fname(mc["cpuid"]), mc["pf"],
|
||||||
|
("%08x" % old["rev"]) if e != ChangeLogEntry.ADDED else "",
|
||||||
|
("%08x" % new["rev"]) if e != ChangeLogEntry.REMOVED else "",
|
||||||
|
get_mc_cnames(mc, cmap, mode=mcnm.MCNM_FAMILIES,
|
||||||
|
segment=args.segment) or ""))
|
||||||
|
|
||||||
|
for h, types in sections:
|
||||||
|
print("\n### %s" % h)
|
||||||
|
print_line.hdr = False
|
||||||
|
for e, old, new in sorted_clog:
|
||||||
|
print_line(e, old, new, types)
|
||||||
|
|
||||||
|
|
||||||
|
def print_changelog(clog, cmap, args):
|
||||||
|
if args.format == "rpm":
|
||||||
|
print_changelog_rpm(clog, cmap, args)
|
||||||
|
elif args.format == "intel":
|
||||||
|
print_changelog_intel(clog, cmap, args)
|
||||||
|
else:
|
||||||
|
log_error(("unknown changelog format: \"%s\". " +
|
||||||
|
"Supported formats are: rpm, intel.") % args.format)
|
||||||
|
|
||||||
|
|
||||||
|
class TableStyles:
|
||||||
|
TS_CSV = 0
|
||||||
|
TS_FANCY = 1
|
||||||
|
|
||||||
|
|
||||||
|
def print_line(line, column_sz):
|
||||||
|
print(" | ".join([str(x).ljust(column_sz[i])
|
||||||
|
for i, x in zip(itertools.count(),
|
||||||
|
itertools.chain(line,
|
||||||
|
[""] * (len(column_sz) -
|
||||||
|
len(line))))]).rstrip())
|
||||||
|
|
||||||
|
|
||||||
|
def print_table(items, header=[], style=TableStyles.TS_CSV):
|
||||||
|
if style == TableStyles.TS_CSV:
|
||||||
|
for i in items:
|
||||||
|
print(";".join(i))
|
||||||
|
elif style == TableStyles.TS_FANCY:
|
||||||
|
column_sz = list(reduce(lambda x, y:
|
||||||
|
map(max, izip_longest(x, y, fillvalue=0)),
|
||||||
|
[[len(x) for x in i]
|
||||||
|
for i in itertools.chain(header, items)]))
|
||||||
|
for i in header:
|
||||||
|
print_line(i, column_sz)
|
||||||
|
if header:
|
||||||
|
print("-+-".join(["-" * x for x in column_sz]))
|
||||||
|
for i in items:
|
||||||
|
print_line(i, column_sz)
|
||||||
|
|
||||||
|
|
||||||
|
def print_summary(revs, cmap, args):
|
||||||
|
m = gen_fn_map(revs)
|
||||||
|
cnames_mode = mcnm.MCNM_ABBREV if args.abbrev else mcnm.MCNM_CODENAME
|
||||||
|
|
||||||
|
header = []
|
||||||
|
if args.header:
|
||||||
|
header.append(["Path", "Offset", "Ext. Offset", "Data Size",
|
||||||
|
"Total Size", "CPUID", "Platform ID Mask", "Revision",
|
||||||
|
"Date", "Checksum", "Codenames"] +
|
||||||
|
(["Models"] if args.models else []))
|
||||||
|
tbl = []
|
||||||
|
for k in sorted(m.keys()):
|
||||||
|
for mc in m[k]:
|
||||||
|
tbl.append([mc_stripped_path(mc),
|
||||||
|
"0x%x" % mc["offs"],
|
||||||
|
"0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-",
|
||||||
|
"0x%05x" % mc["data_size"],
|
||||||
|
"0x%05x" % mc["total_size"],
|
||||||
|
"0x%05x" % mc["cpuid"],
|
||||||
|
"0x%02x" % mc["pf"],
|
||||||
|
mc_rev(mc, date=False),
|
||||||
|
mc_date(mc),
|
||||||
|
"0x%08x" % (mc["ext_cksum"]
|
||||||
|
if "ext_cksum" in mc else mc["cksum"]),
|
||||||
|
get_mc_cnames(mc, cmap, cnames_mode,
|
||||||
|
segment=args.segment) or ""] +
|
||||||
|
([get_mc_cnames(mc, cmap,
|
||||||
|
mcnm.MCNM_FAMILIES_MODELS,
|
||||||
|
segment=args.segment)]
|
||||||
|
if args.models else []))
|
||||||
|
|
||||||
|
print_table(tbl, header, style=TableStyles.TS_FANCY)
|
||||||
|
|
||||||
|
|
||||||
|
def read_codenames_file(path):
|
||||||
|
'''
|
||||||
|
Supports two formats: new and old
|
||||||
|
* old: tab-separated. Field order:
|
||||||
|
Segment, (unused), Codename, (dash-separated) Stepping,
|
||||||
|
Platform ID mask, CPUID, (unused) Update link, (unused) Specs link
|
||||||
|
* new: semicolon-separated; support comments. Distinguished
|
||||||
|
by the first line that starts with octothorp. Field order:
|
||||||
|
Segment, Unused, Codename, Stepping, Platform ID mask, CPUID,
|
||||||
|
Abbreviation, Variant(s), Families, Models
|
||||||
|
'''
|
||||||
|
old_fields = ["segment", "_", "codename", "stepping", "pf_mask", "sig",
|
||||||
|
"_update", "_specs"]
|
||||||
|
new_fields = ["segment", "_", "codename", "stepping", "pf_mask", "sig",
|
||||||
|
"abbrev", "variant", "families", "models"]
|
||||||
|
new_fmt = False
|
||||||
|
field_names = old_fields
|
||||||
|
|
||||||
|
res = dict()
|
||||||
|
|
||||||
|
try:
|
||||||
|
with open(path, "r") as f:
|
||||||
|
for line in f:
|
||||||
|
line = line.strip()
|
||||||
|
if len(line) == 0:
|
||||||
|
continue
|
||||||
|
if line[0] == '#':
|
||||||
|
new_fmt = True
|
||||||
|
field_names = new_fields
|
||||||
|
continue
|
||||||
|
|
||||||
|
fields = line.split(";" if new_fmt else "\t",
|
||||||
|
1 + len(field_names))
|
||||||
|
fields = dict(zip(field_names, fields))
|
||||||
|
if "sig" not in fields:
|
||||||
|
log_warn("Skipping %r (from \"%s\")" % (fields, line))
|
||||||
|
continue
|
||||||
|
|
||||||
|
sig = fields["sig"] = int(fields["sig"], 16)
|
||||||
|
fields["pf_mask"] = int(fields["pf_mask"], 16)
|
||||||
|
fields["stepping"] = fields["stepping"].split(",")
|
||||||
|
if "variant" in fields:
|
||||||
|
if fields["variant"]:
|
||||||
|
fields["variant"] = fields["variant"].split(",")
|
||||||
|
else:
|
||||||
|
fields["variant"] = []
|
||||||
|
|
||||||
|
if sig not in res:
|
||||||
|
res[sig] = list()
|
||||||
|
res[sig].append(fields)
|
||||||
|
except Exception as e:
|
||||||
|
log_error("a problem occurred while reading code names: %s" % e)
|
||||||
|
|
||||||
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
def print_discrepancies(rev_map, deps, cmap, args):
|
||||||
|
"""
|
||||||
|
rev_map: dict "name": revs
|
||||||
|
deps: list of tuples (name, parent/None)
|
||||||
|
"""
|
||||||
|
sigs = set()
|
||||||
|
|
||||||
|
for p, r in rev_map.items():
|
||||||
|
sigs |= set(r.keys())
|
||||||
|
|
||||||
|
if args.header:
|
||||||
|
header1 = ["sig"]
|
||||||
|
if args.print_vs:
|
||||||
|
header2 = [""]
|
||||||
|
for p, n, d in deps:
|
||||||
|
header1.append(n)
|
||||||
|
if args.print_vs:
|
||||||
|
add = ""
|
||||||
|
if d:
|
||||||
|
for pd, nd, dd in deps:
|
||||||
|
if pd == d:
|
||||||
|
add = "(vs. %s)" % nd
|
||||||
|
break
|
||||||
|
header2.append(add)
|
||||||
|
if args.models:
|
||||||
|
header1.append("Model names")
|
||||||
|
if args.print_vs:
|
||||||
|
header2.append("")
|
||||||
|
header = [header1] + ([header2] if args.print_vs else [])
|
||||||
|
|
||||||
|
tbl = []
|
||||||
|
for s in sorted(sigs):
|
||||||
|
out = [mc_path(s)]
|
||||||
|
print_out = not args.print_filter
|
||||||
|
print_date = args.min_date is None
|
||||||
|
|
||||||
|
for p, n, d in deps:
|
||||||
|
cur = dict([(x["rev"], x) for x in rev_map[p][s]]) \
|
||||||
|
if s in rev_map[p] else []
|
||||||
|
v = "/".join([mc_rev(y) for x, y in sorted(cur.items())]) \
|
||||||
|
if cur else "-"
|
||||||
|
if d is not None:
|
||||||
|
prev = [x["rev"] for x in rev_map[d][s]] if s in rev_map[d] \
|
||||||
|
else []
|
||||||
|
if [x for x in cur if x not in prev]:
|
||||||
|
v += " (*)"
|
||||||
|
print_out = True
|
||||||
|
if args.min_date is not None and s in rev_map[p]:
|
||||||
|
for x in rev_map[p][s]:
|
||||||
|
print_date |= mc_date(x) > args.min_date
|
||||||
|
out.append(v)
|
||||||
|
|
||||||
|
if print_out and print_date:
|
||||||
|
if args.models:
|
||||||
|
out.append(get_mc_cnames(s, cmap, segment=args.segment) or "")
|
||||||
|
tbl.append(out)
|
||||||
|
|
||||||
|
print_table(tbl, header, style=TableStyles.TS_FANCY)
|
||||||
|
|
||||||
|
|
||||||
|
def cmd_summary(args):
|
||||||
|
revs = []
|
||||||
|
for p in args.filelist:
|
||||||
|
revs = read_revs(p, args, ret=revs)
|
||||||
|
|
||||||
|
codenames_map = read_codenames_file(args.codenames)
|
||||||
|
|
||||||
|
print_summary(revs, codenames_map, args)
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
def cmd_changelog(args):
|
||||||
|
codenames_map = read_codenames_file(args.codenames)
|
||||||
|
base_path = args.filelist[0]
|
||||||
|
upd_path = args.filelist[1]
|
||||||
|
|
||||||
|
base = read_revs(base_path, args)
|
||||||
|
upd = read_revs(upd_path, args)
|
||||||
|
|
||||||
|
print_changelog(gen_changelog(base, upd), codenames_map, args)
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
def cmd_discrepancies(args):
|
||||||
|
"""
|
||||||
|
filenames:
|
||||||
|
* "<" prefix (possibly multiple times) to refer to a previous entry
|
||||||
|
to compare against
|
||||||
|
* "[name]" prefix is a name reference
|
||||||
|
"""
|
||||||
|
codenames_map = read_codenames_file(args.codenames)
|
||||||
|
rev_map = dict()
|
||||||
|
deps = list()
|
||||||
|
cur = -1
|
||||||
|
|
||||||
|
for path in args.filelist:
|
||||||
|
orig_path = path
|
||||||
|
name = None
|
||||||
|
cur += 1
|
||||||
|
dep = None
|
||||||
|
while True:
|
||||||
|
if path[0] == '<':
|
||||||
|
path = path[1:]
|
||||||
|
dep = cur - 1 if dep is None else dep - 1
|
||||||
|
elif path[0] == '[' and path.find(']') > 0:
|
||||||
|
pos = path.find(']')
|
||||||
|
name = path[1:pos]
|
||||||
|
path = path[pos + 1:]
|
||||||
|
else:
|
||||||
|
break
|
||||||
|
if name is None:
|
||||||
|
name = path
|
||||||
|
if dep is not None and dep < 0:
|
||||||
|
log_error("Incorrect dep reference for '%s' (points to index %d)" %
|
||||||
|
(orig_path, dep))
|
||||||
|
return 1
|
||||||
|
deps.append((path, name, deps[dep][0] if dep is not None else None))
|
||||||
|
rev_map[path] = gen_fn_map(read_revs(path, args), merge=args.merge,
|
||||||
|
merge_path=True)
|
||||||
|
|
||||||
|
print_discrepancies(rev_map, deps, codenames_map, args)
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
|
||||||
|
def parse_cli():
|
||||||
|
root_parser = argparse.ArgumentParser(prog="gen_updates",
|
||||||
|
description="Intel CPU Microcode " +
|
||||||
|
"parser")
|
||||||
|
root_parser.add_argument("-C", "--codenames", default='codenames',
|
||||||
|
help="Code names file")
|
||||||
|
root_parser.add_argument("-v", "--verbose", action="count", default=0,
|
||||||
|
help="Increase output verbosity")
|
||||||
|
root_parser.add_argument("-E", "--no-ignore-ext-duplicates",
|
||||||
|
action="store_const", dest="ignore_ext_dups",
|
||||||
|
default=False, const=False,
|
||||||
|
help="Do not ignore duplicates of the main " +
|
||||||
|
"signature in the extended signature header")
|
||||||
|
root_parser.add_argument("-e", "--ignore-ext-duplicates",
|
||||||
|
action="store_const", dest="ignore_ext_dups",
|
||||||
|
const=True,
|
||||||
|
help="Ignore duplicates of the main signature " +
|
||||||
|
"in the extended signature header")
|
||||||
|
root_parser.add_argument("-t", "--print-segment", action="store_const",
|
||||||
|
dest="segment", const=True,
|
||||||
|
help="Print model segment")
|
||||||
|
root_parser.add_argument("-T", "--no-print-segment", action="store_const",
|
||||||
|
dest="segment", const=False, default=False,
|
||||||
|
help="Do not print model segment")
|
||||||
|
|
||||||
|
cmdparsers = root_parser.add_subparsers(title="Commands",
|
||||||
|
help="main gen_updates commands")
|
||||||
|
|
||||||
|
parser_s = cmdparsers.add_parser("summary",
|
||||||
|
help="Generate microcode summary")
|
||||||
|
parser_s.add_argument("-a", "--abbreviate", action="store_const",
|
||||||
|
dest="abbrev", const=True, default=True,
|
||||||
|
help="Abbreviate code names")
|
||||||
|
parser_s.add_argument("-A", "--no-abbreviate", action="store_const",
|
||||||
|
dest="abbrev", const=False,
|
||||||
|
help="Do not abbreviate code names")
|
||||||
|
parser_s.add_argument("-m", "--print-models", action="store_const",
|
||||||
|
dest="models", const=True, default=False,
|
||||||
|
help="Print models")
|
||||||
|
parser_s.add_argument("-M", "--no-print-models",
|
||||||
|
action="store_const", dest="models",
|
||||||
|
const=False, help="Do not print models")
|
||||||
|
parser_s.add_argument("-H", "--no-print-header",
|
||||||
|
action="store_const", dest="header",
|
||||||
|
const=False, default=True,
|
||||||
|
help="Do not print hader")
|
||||||
|
parser_s.add_argument("filelist", nargs="*", default=[],
|
||||||
|
help="List or RPMs/directories to process")
|
||||||
|
parser_s.set_defaults(func=cmd_summary)
|
||||||
|
|
||||||
|
parser_c = cmdparsers.add_parser("changelog",
|
||||||
|
help="Generate changelog")
|
||||||
|
parser_c.add_argument("-F", "--format", choices=["rpm", "intel"],
|
||||||
|
default="rpm", help="Changelog format")
|
||||||
|
parser_c.add_argument("filelist", nargs=2,
|
||||||
|
help="RPMs/directories to compare")
|
||||||
|
parser_c.set_defaults(func=cmd_changelog)
|
||||||
|
|
||||||
|
parser_d = cmdparsers.add_parser("discrepancies",
|
||||||
|
help="Generate discrepancies")
|
||||||
|
parser_d.add_argument("-s", "--merge-revs", action="store_const",
|
||||||
|
dest="merge", const=True, default=False,
|
||||||
|
help="Merge revisions that come" +
|
||||||
|
" from different files")
|
||||||
|
parser_d.add_argument("-S", "--no-merge-revs", action="store_const",
|
||||||
|
dest="merge", const=False,
|
||||||
|
help="Do not Merge revisions that come" +
|
||||||
|
" from different files")
|
||||||
|
parser_d.add_argument("-v", "--print-vs", action="store_const",
|
||||||
|
dest="print_vs", const=True, default=False,
|
||||||
|
help="Print base version ")
|
||||||
|
parser_d.add_argument("-V", "--no-print-vs", action="store_const",
|
||||||
|
dest="print_vs", const=False,
|
||||||
|
help="Do not Merge revisions that come" +
|
||||||
|
" from different files")
|
||||||
|
parser_d.add_argument("-m", "--print-models", action="store_const",
|
||||||
|
dest="models", const=True, default=True,
|
||||||
|
help="Print model names")
|
||||||
|
parser_d.add_argument("-M", "--no-print-models", action="store_const",
|
||||||
|
dest="models", const=False,
|
||||||
|
help="Do not print model names")
|
||||||
|
parser_d.add_argument("-H", "--no-print-header", action="store_const",
|
||||||
|
dest="header", const=False, default=True,
|
||||||
|
help="Do not print hader")
|
||||||
|
parser_d.add_argument("-a", "--print-all-files", action="store_const",
|
||||||
|
dest="print_filter", const=False, default=True,
|
||||||
|
help="Print all files")
|
||||||
|
parser_d.add_argument("-c", "--print-changed-files", action="store_const",
|
||||||
|
dest="print_filter", const=True,
|
||||||
|
help="Print only changed files")
|
||||||
|
parser_d.add_argument("-d", "--min-date", action="store",
|
||||||
|
help="Minimum date filter")
|
||||||
|
parser_d.add_argument("filelist", nargs='*',
|
||||||
|
help="RPMs/directories to compare")
|
||||||
|
parser_d.set_defaults(func=cmd_discrepancies)
|
||||||
|
|
||||||
|
args = root_parser.parse_args()
|
||||||
|
if not hasattr(args, "func"):
|
||||||
|
root_parser.print_help()
|
||||||
|
return None
|
||||||
|
|
||||||
|
global log_level
|
||||||
|
log_level = args.verbose
|
||||||
|
|
||||||
|
return args
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
args = parse_cli()
|
||||||
|
if args is None:
|
||||||
|
return 1
|
||||||
|
|
||||||
|
return args.func(args)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
sys.exit(main())
|
@ -0,0 +1,8 @@
|
|||||||
|
path intel-ucode/*
|
||||||
|
vendor GenuineIntel
|
||||||
|
kernel_early 4.10.0
|
||||||
|
kernel_early 3.10.0-930
|
||||||
|
kernel_early 3.10.0-862.14.1
|
||||||
|
kernel_early 3.10.0-693.38.1
|
||||||
|
kernel_early 3.10.0-514.57.1
|
||||||
|
kernel_early 3.10.0-327.73.1
|
@ -0,0 +1,10 @@
|
|||||||
|
This kernel doesn't handle early microcode load properly (it tries to load
|
||||||
|
microcode even in virtualised environment, which may lead to a panic on some
|
||||||
|
hypervisors), thus the microcode files have not been added to the initramfs
|
||||||
|
image. Please update your kernel to one of the following:
|
||||||
|
RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
|
||||||
|
RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
|
||||||
|
RHEL 7.3: kernel-3.10.0-514.57.1 or newer;
|
||||||
|
RHEL 7.2: kernel-3.10.0-327.73.1 or newer.
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/caveats/intel_readme
|
||||||
|
and /usr/share/doc/microcode_ctl/README.caveats for details.
|
@ -0,0 +1,53 @@
|
|||||||
|
Older RHEL 7 kernels try to early load microcode even inside virtual
|
||||||
|
machine, which may lead to panic on some hypervisors. In order to circumvent
|
||||||
|
that, microcode is installed into a kernel-version-specific directory (which
|
||||||
|
is not scanned by the dracut script, that constructs early microcode binary
|
||||||
|
in initramfs, by default), and path to microcode files provided only in case
|
||||||
|
initramfs is generated for the kernel version that properly handles early
|
||||||
|
microcode inside a virtual machine (i.e. do not attempts yo load it).
|
||||||
|
The versions of the kernel package that properly handle early microcode load
|
||||||
|
inside a virtual machine are as follows:
|
||||||
|
* RHEL 7.6 onwards: kernel-3.10.0-930 or newer;
|
||||||
|
* RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
|
||||||
|
* RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
|
||||||
|
* RHEL 7.3: kernel-3.10.0-514.57.1 or newer;
|
||||||
|
* RHEL 7.2: kernel-3.10.0-327.73.1 or newer.
|
||||||
|
RHEL 8 kernels are not affected.
|
||||||
|
|
||||||
|
If you want to avoid early load of microcode for a specific kernel, please
|
||||||
|
create "disallow-early-intel" file inside /lib/firmware/<kernel_version>
|
||||||
|
directory and run dracut -f --kver "<kernel_version>":
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/disallow-early-intel
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
If you want to avoid early load of microcode for all kernels, please create
|
||||||
|
"disallow-early-intel" file inside the "/etc/microcode_ctl/ucode_with_caveats"
|
||||||
|
directory and run dracut -f --regenerate-all:
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/disallow-early-intel
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
If you want to enforce early load of microcode for a specific kernel, please
|
||||||
|
create "force-early-intel" file inside /lib/firmware/<kernel_version> directory
|
||||||
|
and run dracut -f --kver "<kernel_version>":
|
||||||
|
|
||||||
|
touch /lib/firmware/3.10.0-862.9.1/force-early-intel
|
||||||
|
dracut -f --kver 3.10.0-862.9.1
|
||||||
|
|
||||||
|
If you want to enforce early load of microcode for all kernels, please create
|
||||||
|
"force-early-intel" file inside /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
directory and run dracut -f --kver "<kernel_version>":
|
||||||
|
|
||||||
|
mkdir -p /etc/microcode_ctl/ucode_with_caveats
|
||||||
|
touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel
|
||||||
|
dracut -f --regenerate-all
|
||||||
|
|
||||||
|
In order to override the late load behaviour, the "early" part of file names
|
||||||
|
should be replaced with "late" (and there is no need to call dracut
|
||||||
|
in that case).
|
||||||
|
|
||||||
|
|
||||||
|
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
|
||||||
|
information.
|
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Load CPU microcode update
|
||||||
|
After=basic.target
|
||||||
|
ConditionVirtualization=false
|
||||||
|
ConditionPathExists=/sys/devices/system/cpu/microcode/reload
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=no
|
||||||
|
ExecStart=/usr/libexec/microcode_ctl/reload_microcode
|
||||||
|
[Install]
|
||||||
|
WantedBy=basic.target
|
@ -0,0 +1,22 @@
|
|||||||
|
#! /bin/bash -efu
|
||||||
|
|
||||||
|
# Trigger microcode reload with additional check for BDW-EP that can have
|
||||||
|
# microcode reloaded only in case kernel has specific patches.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
|
CHECK_CAVEATS=/usr/libexec/microcode_ctl/check_caveats
|
||||||
|
IGNORE_HYPERVISOR="/etc/microcode_ctl/ignore-hypervisor-flag"
|
||||||
|
|
||||||
|
[ -e "$IGNORE_HYPERVISOR" ] || {
|
||||||
|
if grep -q '^flags[[:space:]]*:.* hypervisor\( .*\)\?$' /proc/cpuinfo
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
"$CHECK_CAVEATS" -m > /dev/null || exit 0
|
||||||
|
|
||||||
|
echo 2>/dev/null 1 > /sys/devices/system/cpu/microcode/reload || :
|
||||||
|
|
||||||
|
exit 0
|
@ -0,0 +1,290 @@
|
|||||||
|
#! /bin/bash -eu
|
||||||
|
|
||||||
|
# Maintain kernel-version-specific symlinks in /lib/firmware based on
|
||||||
|
# configuration present in /usr/share/microcode_ctl/ucode_with_caveats.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
|
usage()
|
||||||
|
{
|
||||||
|
echo "Usage: update_ucode [--action {add|remove|refresh|list}]" \
|
||||||
|
"[--kernel KERNELVER]* [--verbose] [--dry-run]" \
|
||||||
|
"[--cleanup intel_ucode caveats_ucode]" \
|
||||||
|
"[--skip-common] [--skip-kernel-specific]" >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
debug() { [ 0 = "$verbose" ] || echo "$*" >&2; }
|
||||||
|
|
||||||
|
MC_DIR=/usr/share/microcode_ctl
|
||||||
|
INTEL_UCODE_DIR=intel-ucode
|
||||||
|
DATA_DIR=/usr/share/microcode_ctl/ucode_with_caveats
|
||||||
|
FW_DIR=/lib/firmware
|
||||||
|
check_caveats=/usr/libexec/microcode_ctl/check_caveats
|
||||||
|
|
||||||
|
action=refresh
|
||||||
|
kernel=
|
||||||
|
verbose=0
|
||||||
|
verbose_opt=
|
||||||
|
dry_run=0
|
||||||
|
remove_cleanup=0
|
||||||
|
cleanup_intel=
|
||||||
|
cleanup_caveats=
|
||||||
|
skip_common=0
|
||||||
|
skip_caveats=0
|
||||||
|
|
||||||
|
while [ 1 -le "$#" ]; do
|
||||||
|
case "$1" in
|
||||||
|
-C|--skip-common)
|
||||||
|
skip_common=1
|
||||||
|
;;
|
||||||
|
-K|--skip-kernel-specific)
|
||||||
|
skip_caveats=1
|
||||||
|
;;
|
||||||
|
-a|--action)
|
||||||
|
shift
|
||||||
|
action="$1"
|
||||||
|
;;
|
||||||
|
-k|--kernel)
|
||||||
|
shift
|
||||||
|
kernel="$kernel $1"
|
||||||
|
;;
|
||||||
|
-v|--verbose)
|
||||||
|
verbose=1
|
||||||
|
verbose_opt="-v"
|
||||||
|
;;
|
||||||
|
-n|--dry-run)
|
||||||
|
dry_run=1
|
||||||
|
;;
|
||||||
|
-c|--cleanup)
|
||||||
|
remove_cleanup=1
|
||||||
|
shift
|
||||||
|
cleanup_intel="$1"
|
||||||
|
shift
|
||||||
|
cleanup_caveats="$1"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unknown argument \"$1\"" >&2
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
cmd=
|
||||||
|
[ 0 -eq "$dry_run" ] || cmd=echo
|
||||||
|
|
||||||
|
case "$action" in
|
||||||
|
add|remove|refresh|list)
|
||||||
|
# Scan all directories in FW_DIR and all existing kernels
|
||||||
|
if [ -z "$kernel" ]; then
|
||||||
|
debug "No kernel versions provided, scanning..."
|
||||||
|
|
||||||
|
kvers=$(find /lib/modules/ -name '[2-9].*' -print)
|
||||||
|
for k_dir in $kvers; do
|
||||||
|
k="${k_dir#/lib/modules/}"
|
||||||
|
[ ! -e "${k_dir}/symvers.gz" ] || {
|
||||||
|
debug " Adding $k (from /lib/modules)"
|
||||||
|
kernel="$kernel $k"
|
||||||
|
}
|
||||||
|
done
|
||||||
|
|
||||||
|
kvers=$(find /lib/firmware/ -name '[2-9].*' -print)
|
||||||
|
for k_dir in $kvers; do
|
||||||
|
k="${k_dir#/lib/firmware/}"
|
||||||
|
[ ! -d "$k_dir" ] || {
|
||||||
|
debug " Adding $k (from /lib/firmware)"
|
||||||
|
kernel="$kernel $k"
|
||||||
|
}
|
||||||
|
done
|
||||||
|
|
||||||
|
kernel=$(printf "%s" "$kernel" | xargs -n 1 | sort -u)
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Unknown action \"$action\"" >&2
|
||||||
|
usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Generic part: managing intel ucode
|
||||||
|
debug "Running action \"$action\" on common Intel microcode directory"
|
||||||
|
while :; do
|
||||||
|
[ 0 -eq "$skip_common" ] || break
|
||||||
|
|
||||||
|
[ ! -e "/etc/microcode_ctl/intel-ucode-disallow" ] || {
|
||||||
|
debug " Skipping \"$i\":" \
|
||||||
|
"\"/etc/microcode_ctl/intel-ucode-disallow\"" \
|
||||||
|
"present"
|
||||||
|
break
|
||||||
|
}
|
||||||
|
[ ! -e "$FW_DIR/intel-ucode-disallow" ] || {
|
||||||
|
debug " Found \"$FW_DIR/intel-ucode-disallow\"," \
|
||||||
|
"skipping"
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
# Removing old files
|
||||||
|
case "$action" in
|
||||||
|
refresh|remove|list)
|
||||||
|
debug " Removing old files from ${FW_DIR}/${INTEL_UCODE_DIR}"
|
||||||
|
if [ 0 = "$remove_cleanup" ]; then
|
||||||
|
find "${MC_DIR}/${INTEL_UCODE_DIR}" \
|
||||||
|
-maxdepth 1 -mindepth 1 \
|
||||||
|
-type f -printf '%f\n'
|
||||||
|
else
|
||||||
|
cat "$cleanup_intel"
|
||||||
|
fi | while read -r fname; do
|
||||||
|
name="${FW_DIR}/${INTEL_UCODE_DIR}/${fname}"
|
||||||
|
|
||||||
|
# Needed in case we downgrade to a version where
|
||||||
|
# no symlinks in /lib/firmware were used
|
||||||
|
if [ 1 = "$remove_cleanup" ]; then
|
||||||
|
[ -L "$name" ] || continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ "xlist" != "x$action" ] || {
|
||||||
|
echo "$name"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
$cmd rm -f $verbose_opt "$name"
|
||||||
|
done
|
||||||
|
[ "xlist" = "x$action" ] || {
|
||||||
|
$cmd rmdir -p $verbose_opt \
|
||||||
|
"${FW_DIR}/${INTEL_UCODE_DIR}" 2>/dev/null \
|
||||||
|
|| true
|
||||||
|
}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Adding new ones
|
||||||
|
case "$action" in
|
||||||
|
add|refresh)
|
||||||
|
debug " Creating symlinks in ${FW_DIR}/${INTEL_UCODE_DIR}"
|
||||||
|
$cmd mkdir -p $verbose_opt "${FW_DIR}/${INTEL_UCODE_DIR}"
|
||||||
|
$cmd find "${MC_DIR}/${INTEL_UCODE_DIR}" -maxdepth 1 -mindepth 1 \
|
||||||
|
-type f -exec bash -c 'ln -fs '"$verbose_opt"' '\''{}'\'' \
|
||||||
|
"'"${FW_DIR}/${INTEL_UCODE_DIR}/"'$(basename '\''{}'\'')"' \;
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
break
|
||||||
|
done
|
||||||
|
|
||||||
|
debug "Running action \"$action\" on kernels $kernel"
|
||||||
|
|
||||||
|
if [ 0 = "$remove_cleanup" ]; then
|
||||||
|
ls "$DATA_DIR"
|
||||||
|
else
|
||||||
|
cat "$cleanup_caveats"
|
||||||
|
fi | while read -r i; do
|
||||||
|
[ 0 -eq "$skip_caveats" ] || break
|
||||||
|
|
||||||
|
debug "Processing data directory \"$i\"..."
|
||||||
|
|
||||||
|
for k in $(echo "$kernel"); do
|
||||||
|
debug " Processing kernel version \"$k\""
|
||||||
|
{
|
||||||
|
out=$($check_caveats -k "$k" -c "$i" $verbose_opt)
|
||||||
|
ret="$?"
|
||||||
|
} || :
|
||||||
|
paths=$(printf "%s" "$out" | sed -n 's/^paths //p')
|
||||||
|
ignore=$(printf "%s" "$out" | sed -n 's/^skip_cfgs //p')
|
||||||
|
|
||||||
|
[ -z "$ignore" ] || {
|
||||||
|
debug " Configuration is ignored, skipping"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$action" in
|
||||||
|
remove|refresh|list)
|
||||||
|
[ "xlist" = "x$action" ] || \
|
||||||
|
debug " Removing \"$paths\" (part of $action)..."
|
||||||
|
|
||||||
|
for p in $(printf "%s" "$paths"); do
|
||||||
|
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
||||||
|
-printf "%P\n"
|
||||||
|
done | while read -r path; do
|
||||||
|
[ -e "$FW_DIR/$k/readme-$i" ] || {
|
||||||
|
debug " \"$FW_DIR/$k/readme-$i\"" \
|
||||||
|
"is not found, skipping" \
|
||||||
|
"\"$paths\" removal"
|
||||||
|
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ "xlist" = "x$action" ]; then
|
||||||
|
echo "$FW_DIR/$k/$path"
|
||||||
|
else
|
||||||
|
debug " Removing \"$FW_DIR/$k/$path\""
|
||||||
|
$cmd rm -f $verbose_opt "$FW_DIR/$k/$path"
|
||||||
|
$cmd rmdir -p $verbose_opt \
|
||||||
|
"$FW_DIR/$k/$(dirname $path)" 2>/dev/null \
|
||||||
|
|| true
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -e "$FW_DIR/$k/readme-$i" ]; then
|
||||||
|
if [ "xlist" = "x$action" ]; then
|
||||||
|
echo "$FW_DIR/$k/readme-$i"
|
||||||
|
else
|
||||||
|
$cmd rm -f $verbose_opt \
|
||||||
|
"$FW_DIR/$k/readme-$i"
|
||||||
|
$cmd rmdir -p $verbose_opt \
|
||||||
|
"$FW_DIR/$k" 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
[ 0 -eq "$ret" ] || {
|
||||||
|
debug " Checking for caveats failed" \
|
||||||
|
"(kernel version \"$k\"), skipping"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
[ -n "$paths" ] || {
|
||||||
|
debug " List of paths to add is empty, skipping"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$action" in
|
||||||
|
add|refresh)
|
||||||
|
debug " Adding $paths (part of $action)..."
|
||||||
|
|
||||||
|
[ -e "/lib/modules/$k/symvers.gz" ] || {
|
||||||
|
debug " \"/lib/modules/$k/symvers.gz\"" \
|
||||||
|
"does not exist, skipping"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
for p in $(printf "%s" "$paths"); do
|
||||||
|
find "$DATA_DIR/$i" -path "$DATA_DIR/$i/$p" \
|
||||||
|
-printf "%P\n"
|
||||||
|
done | while read -r path; do
|
||||||
|
[ ! -e "$FW_DIR/$k/$path" ] || {
|
||||||
|
debug " $FW_DIR/$k/$path already" \
|
||||||
|
"exists, skipping"
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
debug " Adding \"$FW_DIR/$k/$path\""
|
||||||
|
$cmd mkdir -p $verbose_opt \
|
||||||
|
"$(dirname "$FW_DIR/$k/$path")"
|
||||||
|
$cmd ln -fs $verbose_opt "$DATA_DIR/$i/$path" \
|
||||||
|
"$FW_DIR/$k/$path"
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -e "$FW_DIR/$k/readme-$i" ]; then
|
||||||
|
debug " $FW_DIR/$k/readme-$i already" \
|
||||||
|
"exists, skipping creation"
|
||||||
|
else
|
||||||
|
$cmd cp $verbose_opt "$DATA_DIR/$i/readme" \
|
||||||
|
"$FW_DIR/$k/readme-$i"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
remove)
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
done
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue