openwrt/package/firmware/intel-microcode/Makefile

53 lines
1.4 KiB
Makefile
Raw Normal View History

#
# Copyright (C) 2018 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=intel-microcode
firmware: intel-microcode: update to 20240531 Debian changelog: intel-microcode (3.20240531.1) unstable; urgency=medium * New upstream microcode datafile 20240531 * Fix unspecified functional issues on Pentium Silver N/J5xxx, Celeron N/J4xxx * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800 * source: update symlinks to reflect id of the latest release, 20240531 -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Jun 2024 11:49:47 -0300 intel-microcode (3.20240514.1) unstable; urgency=medium * New upstream microcode datafile 20240514 * Mitigations for INTEL-SA-01051 (CVE-2023-45733) Hardware logic contains race conditions in some Intel Processors may allow an authenticated user to potentially enable partial information disclosure via local access. * Mitigations for INTEL-SA-01052 (CVE-2023-46103) Sequence of processor instructions leads to unexpected behavior in Intel Core Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. * Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855) Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. * Fix for unspecified functional issues on 4th gen and 5th gen Xeon Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for Core i3 N-series processors. * Updated microcodes: sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208 sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433 sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808 sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040 sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240 sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960 sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230 * source: update symlinks to reflect id of the latest release, 20240514 -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 May 2024 21:40:52 -0300 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2024-06-02 13:54:14 +00:00
PKG_VERSION:=20240531
PKG_RELEASE:=1
firmware: intel-microcode: update to 20220207 Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-25 23:30:25 +00:00
PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz
firmware: intel-microcode: update to 20230512 Debian changelog: intel-microcode (3.20230512.1) unstable; urgency=medium * New upstream microcode datafile 20230512 (closes: #1036013) * Includes fixes or mitigations for an undisclosed security issue * New microcodes: sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712 sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144 * Updated microcodes: sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864 sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032 sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960 sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664 sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592 sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280 sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400 sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472 sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472 sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224 sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968 sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472 sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448 sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256 sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280 sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280 sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424 sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872 sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112 * source: update symlinks to reflect id of the latest release, 20230512 -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 16 May 2023 00:13:02 -0300 intel-microcode (3.20230214.1) unstable; urgency=medium * Non-maintainer upload. * New upstream microcode datafile 20230214 - Includes Fixes for: (Closes: #1031334) - INTEL-SA-00700: CVE-2022-21216 - INTEL-SA-00730: CVE-2022-33972 - INTEL-SA-00738: CVE-2022-33196 - INTEL-SA-00767: CVE-2022-38090 * New Microcodes: sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152 sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e * Updated Microcodes: sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864 sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960 sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792 sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776 sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800 sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664 sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816 sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136 sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480 sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424 sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872 sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c -- Tobias Frost <tobi@debian.org> Sun, 12 Mar 2023 18:16:50 +0100 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-21 11:11:14 +00:00
PKG_SOURCE_URL:=@DEBIAN/pool/non-free-firmware/i/intel-microcode/
firmware: intel-microcode: update to 20240531 Debian changelog: intel-microcode (3.20240531.1) unstable; urgency=medium * New upstream microcode datafile 20240531 * Fix unspecified functional issues on Pentium Silver N/J5xxx, Celeron N/J4xxx * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800 * source: update symlinks to reflect id of the latest release, 20240531 -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Jun 2024 11:49:47 -0300 intel-microcode (3.20240514.1) unstable; urgency=medium * New upstream microcode datafile 20240514 * Mitigations for INTEL-SA-01051 (CVE-2023-45733) Hardware logic contains race conditions in some Intel Processors may allow an authenticated user to potentially enable partial information disclosure via local access. * Mitigations for INTEL-SA-01052 (CVE-2023-46103) Sequence of processor instructions leads to unexpected behavior in Intel Core Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. * Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855) Improper input validation in some Intel TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. * Fix for unspecified functional issues on 4th gen and 5th gen Xeon Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for Core i3 N-series processors. * Updated microcodes: sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0 sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390 sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035 sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208 sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433 sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808 sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040 sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240 sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960 sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230 * source: update symlinks to reflect id of the latest release, 20240514 -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 May 2024 21:40:52 -0300 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2024-06-02 13:54:14 +00:00
PKG_HASH:=808cbb57a790dab7060b59b31e70e54ac47d3798d75e9784ed57a65b9f951fc4
firmware: intel-microcode: update to 20220207 Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-25 23:30:25 +00:00
PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1
PKG_CPE_ID:=cpe:/a:intel:microcode
PKG_BUILD_DEPENDS:=iucode-tool/host
ifdef CONFIG_TARGET_x86_64
MICROCODE:="intel-microcode-64"
else
MICROCODE:="intel-microcode"
endif
PKG_FLAGS:=nonshared
include $(INCLUDE_DIR)/package.mk
define Package/intel-microcode
SECTION:=firmware
CATEGORY:=Firmware
URL:=$(PKG_SOURCE_URL)
DEPENDS:=@TARGET_x86
TITLE:=Intel x86 CPU microcode
endef
define Build/Compile
IUCODE_TOOL=$(STAGING_DIR)/../host/bin/iucode_tool $(MAKE) -C $(PKG_BUILD_DIR)
mkdir $(PKG_BUILD_DIR)/intel-ucode-ipkg
$(STAGING_DIR)/../host/bin/iucode_tool -q \
--write-firmware=$(PKG_BUILD_DIR)/intel-ucode-ipkg $(PKG_BUILD_DIR)/$(MICROCODE).bin
endef
define Package/intel-microcode/install
$(INSTALL_DIR) $(1)/lib/firmware/intel-ucode
$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel-ucode-ipkg/* $(1)/lib/firmware/intel-ucode
endef
$(eval $(call BuildPackage,intel-microcode))