mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 15:32:33 +00:00
782341458c
20 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Hauke Mehrtens
|
9d10944de7 |
firmware: intel-microcode: update to 20230808
Debian changelog:
intel-microcode (3.20230808.1) unstable; urgency=high
* New upstream microcode datafile 20230808 (closes: #1043305)
Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
* source: update symlinks to reflect id of the latest release, 20230808
intel-microcode (3.20230512.1) unstable; urgency=medium
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
|
||
Christian Lamparter
|
8182c7edcb |
firmware: intel-microcode: update to 20230512
Debian changelog: intel-microcode (3.20230512.1) unstable; urgency=medium * New upstream microcode datafile 20230512 (closes: #1036013) * Includes fixes or mitigations for an undisclosed security issue * New microcodes: sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712 sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144 * Updated microcodes: sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864 sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032 sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960 sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664 sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592 sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280 sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400 sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472 sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472 sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224 sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968 sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472 sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448 sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256 sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280 sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280 sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424 sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872 sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112 * source: update symlinks to reflect id of the latest release, 20230512 -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 16 May 2023 00:13:02 -0300 intel-microcode (3.20230214.1) unstable; urgency=medium * Non-maintainer upload. * New upstream microcode datafile 20230214 - Includes Fixes for: (Closes: #1031334) - INTEL-SA-00700: CVE-2022-21216 - INTEL-SA-00730: CVE-2022-33972 - INTEL-SA-00738: CVE-2022-33196 - INTEL-SA-00767: CVE-2022-38090 * New Microcodes: sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152 sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e * Updated Microcodes: sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864 sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960 sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792 sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776 sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800 sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664 sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816 sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136 sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480 sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424 sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872 sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c -- Tobias Frost <tobi@debian.org> Sun, 12 Mar 2023 18:16:50 +0100 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
||
Linhui Liu
|
340d3d84dc |
firmware: intel-microcode: update to 20221108
Changelog: * New Microcodes: sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720 sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800 * Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664 sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592 sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400 sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472 sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480 sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112 sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026 sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026 sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026 sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088 sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424 sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448 sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256 sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280 sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256 sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280 sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424 We need to update to this version because https://ftp.debian.org/debian/pool/non-free/i/intel-microcode/intel-microcode_3.20220809.1.tar.xz has been removed. Signed-off-by: Linhui Liu <liulinhui36@gmail.com> |
||
Christian Lamparter
|
bb73828b89 |
firmware: intel-microcode: update to 20220809
Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode datafile 20220809 * Fixes INTEL-SA-00657, CVE-2022-21233 Stale data from APIC leaks SGX memory (AEPIC leak) * Fixes unspecified errata (functional issues) on Xeon Scalable * Updated Microcodes: sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816 sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032 sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888 sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776 sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776 sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640 sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280 sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400 sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064 sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064 sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424 sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
||
Christian Lamparter
|
2747a94f09 |
firmware: intel-microcode: update to 20220510
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode datafile 20220419 * Fixes errata APLI-11 in Atom E3900 series processors * Updated Microcodes: sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384 * New upstream microcode datafile 20220510 * Fixes INTEL-SA-000617, CVE-2022-21151: Processor optimization removal or modification of security-critical code may allow an authenticated user to potentially enable information disclosure via local access (closes: #1010947) * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000, Atom E3900 * New Microcodes: sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 * Updated Microcodes: sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224 sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496 sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888 sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888 sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696 sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408 sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568 sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264 sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912 sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776 sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776 sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640 sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280 sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400 sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472 sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472 sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480 sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544 sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472 sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448 sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280 sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256 sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
||
Christian Lamparter
|
1753f8c14b |
firmware: intel-microcode: update to 20220207
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * upstream changelog: new upstream datafile 20220207 * Mitigates (*only* when loaded from UEFI firmware through the FIT) CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through debug port, on Pentium, Celeron and Atom processors with signatures 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint may cause a system hang, on many processors. * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due to improper sanitization of shared resources (fast-store forward predictor), on many processors. * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some Atom Processors may allow information disclosure or denial of service via network access. * Fixes critical errata (functional issues) on many processors * Adds a MSR switch to enable RAPL filtering (default off, once enabled it can only be disabled by poweroff or reboot). Useful to protect SGX and other threads from side-channel info leak. Improves the mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many processors. * Disables TSX in more processor models. * Fixes issue with WBINDV on multi-socket (server) systems which could cause resets and unpredictable system behavior. * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket Lake) processors, to control a fix for (hopefully rare) unpredictable processor behavior when HyperThreading is enabled. This MSR switch is enabled by default on *server* processors. On other processors, it needs to be explicitly enabled by an updated UEFI/BIOS (with added configuration logic). An updated operating system kernel might also be able to enable it. When enabled, this fix can impact performance. * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 * Removed Microcodes: sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 * update .gitignore and debian/.gitignore. Add some missing items from .gitignore and debian/.gitignore. * ucode-blacklist: do not late-load 0x406e3 and 0x506e3. When the BIOS microcode is older than revision 0x7f (and perhaps in some other cases as well), the latest microcode updates for 0x406e3 and 0x506e3 must be applied using the early update method. Otherwise, the system might hang. Also: there must not be any other intermediate microcode update attempts [other than the one done by the BIOS itself], either. It must go from the BIOS microcode update directly to the latest microcode update. * source: update symlinks to reflect id of the latest release, 20220207 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
||
Tan Zien
|
1add2c0d95 |
firmware: intel-microcode: update to 20210608
intel-microcode (3.20210608.2) * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). intel-microcode (3.20210608.1) * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210216.1) * New upstream microcode datafile 20210216 * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx, and Cascade Lake Server (B0/B1) when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. * This issue is related to the INTEL-SA-00381 mitigation. * Updated Microcodes: sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864 sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248 sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248 * source: update symlinks to reflect id of the latest release, 20210216 intel-microcode (3.20201118.1) * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 intel-microcode (3.20201110.1) * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) Signed-off-by: Tan Zien <nabsdh9@gmail.com> [used different .tar.xz source, but with the same content] Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
||
Hauke Mehrtens
|
1903233f2b |
treewide: Mark packages nonshared if they depend on @TARGET_
This marks all packages which depend on a target with @TARGET nonshared. If they are not marked nonshared they would be build by the SDK build and if this happens with a different SDK, then the SDK from the target the package depends on, the package would not be added to the index. This should fix the image builder for some of these packages. This should fix the image builder at least for bcm27xx/bcm2710 and bcm4908/generic. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> |
||
David Bauer
|
9a9cf40dd9 |
download: add mirror alias for Debian
Add an alias for Debian packages and download them from the Debian mirror redirector. Signed-off-by: David Bauer <mail@david-bauer.net> |
||
Tan Zien
|
e826e00765 |
firmware: intel-microcode: update to 20200616
intel-microcode (3.20200616.1) * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 intel-microcode (3.20200609.2) * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. intel-microcode (3.20200609.1) * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) intel-microcode (3.20200520.1) * New upstream microcode datafile 20200520 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 intel-microcode (3.20200508.1) * New upstream microcode datafile 20200508 + Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 * Likely fixes several critical errata on IceLake-U/Y causing system hangs intel-microcode (3.20191115.2) * Microcode rollbacks (closes: #946515, LP#1854764): sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792 * Avoids hangs on warm reboots (cold boots work fine) on HEDT and Xeon processors with signature 0x50654. intel-microcode (3.20191115.1) * New upstream microcode datafile 20191115 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352 sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352 sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136 intel-microcode (3.20191113.1) * New upstream microcode datafile 20191113 + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details Adds microcode update for CFL-S (Coffe Lake Desktop) INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117 + Updated Microcodes (previously removed): sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 intel-microcode (3.20191112.1) * New upstream microcode datafile 20191112 + SECURITY UPDATE - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135 - Implements TA Indirect Sharing mitigation, and improves the MDS mitigation (VERW) - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271, CVE-2019-11139 - Fixes SGX vulnerabilities and errata (including CVE-2019-0117) + CRITICAL ERRATA FIXES - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except Ice Lake), causes a 0-3% typical perforance hit (can be as bad as 10%). But ensures the processor will actually jump where it should, so don't even *dream* of not applying this fix. - Fixes AVX SHUF* instruction implementation flaw erratum + Removed Microcodes: sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 + New Microcodes: sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992 sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200 sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040 sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752 sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400 sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376 sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816 sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200 sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376 sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + Updated Microcodes (previously removed): sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 Signed-off-by: Tan Zien <nabsdh9@gmail.com> |
||
Zoltan HERPAI
|
32287b3913 |
firmware: intel-microcode: bump to 20190918
* New upstream microcode datafile 20190918 *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given the set of processors being updated. * Updated Microcodes: sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456 sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432 sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336 sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792 sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200 sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768 sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576 sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576 sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456 Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> |
||
Zoltan HERPAI
|
db09335848 |
firmware: intel-microcode: bump to 20190618
* Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> |
||
Zoltan HERPAI
|
9a16bcfd79 |
firmware: intel-microcode: bump to 20190514
* New Microcodes: sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304 sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328 sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304 sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280 * Updated Microcodes: sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> |
||
John Crispin
|
231d9d5327 |
Revert "intel-microcode: create early load microcode image"
This reverts commit
|
||
Tomasz Maciej Nowak
|
022ffb56b2 |
intel-microcode: create early load microcode image
Create initrd image with packed microcode. This'll allow to load it at early boot stage. Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl> |
||
Tomasz Maciej Nowak
|
ad83fde30d |
intel-microcode: remove dependency on iucode-tool
It is not necessary to have iucode-tool present on target system to have functional intel-microcode package. The build time dependency is kept. Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl> |
||
Hauke Mehrtens
|
90bb790fbf |
intel-microcode: update to version 20180807a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> |
||
Zoltan HERPAI
|
f4d3047671 |
firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> |
||
Zoltan HERPAI
|
3db9d6e57d |
intel-microcode: update to 20180312
- Update microcode for 24 CPU types - Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for: Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake - Missing production updates: - Broadwell-E/EX Xeons (sig 0x406f1) - Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell, Gemini Lake, Denverton - New Microcodes: - sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140 - sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009 Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> |
||
Zoltan HERPAI
|
01020bc74d |
firmware: add microcode package for Intel
Compiling the Intel microcode package results in a microcode.bin and a microcode-64.bin. As we can decide based on the subtarget which should be used, we'll only split the required .bin file with iucode-tool. x64 will get the intel-microcode-64.bin All other variants will get intel-microcode.bin The microcodes will be updated from preinit via a common script - that's the earliest place where we can do it. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> |