mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-05 05:24:20 +00:00
2ed471a12a
intel-microcode (3.20210608.2)
* Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
debian/changelog (3.20210608.1).
intel-microcode (3.20210608.1)
* New upstream microcode datafile 20210608 (closes: #989615)
* Implements mitigations for CVE-2020-24511 CVE-2020-24512
(INTEL-SA-00464), information leakage through shared resources,
and timing discrepancy sidechannels
* Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
Domain-bypass transient execution vulnerability in some Intel Atom
Processors, affects Intel SGX.
* Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
VT-d privilege escalation
* Fixes critical errata on several processors
* New Microcodes:
sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
* Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
* source: update symlinks to reflect id of the latest release, 20210608
intel-microcode (3.20210216.1)
* New upstream microcode datafile 20210216
* Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
and Cascade Lake Server (B0/B1) when using an active JTAG
agent like In Target Probe (ITP), Direct Connect Interface
(DCI) or a Baseboard Management Controller (BMC) to take the
CPU JTAG/TAP out of reset and then returning it to reset.
* This issue is related to the INTEL-SA-00381 mitigation.
* Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
* source: update symlinks to reflect id of the latest release, 20210216
intel-microcode (3.20201118.1)
* New upstream microcode datafile 20201118
* Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
processors. Note that Debian already had removed this specific falty
microcode update on the 3.20201110.1 release
* Add a microcode update for the Pentium Silver N/J5xxx and Celeron
N/J4xxx which didn't make it to release 20201110, fixing security issues
(INTEL-SA-00381, INTEL-SA-00389)
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
* Removed Microcodes:
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
intel-microcode (3.20201110.1)
* New upstream microcode datafile 20201110 (closes: #974533)
* Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
aka INTEL-SA-00381: AVX register information leakage;
Fast-Forward store predictor information leakage
* Implements mitigation for CVE-2020-8695, Intel SGX information
disclosure via RAPL, aka INTEL-SA-00389
* Fixes critical errata on several processor models
* Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
for Skylake-U/Y, Skylake Xeon E3
* New Microcodes
sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
* Updated Microcodes
sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
* 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your
system vendor for a firmware update, or wait fo a possible fix in a future
Intel microcode release.
* source: update symlinks to reflect id of the latest release, 20201110
* source: ship new upstream documentation (security.md, releasenote.md)
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[used different .tar.xz source, but with the same content]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 1add2c0d95
)
52 lines
1.3 KiB
Makefile
52 lines
1.3 KiB
Makefile
#
|
|
# Copyright (C) 2018 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=intel-microcode
|
|
PKG_VERSION:=20210608
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).2.tar.xz
|
|
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
|
|
PKG_HASH:=fbf82688ffd0d87b352a35c57bd097ea014f0ad32c9c8f9629725c1b43d1c84d
|
|
PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).2
|
|
|
|
PKG_BUILD_DEPENDS:=iucode-tool/host
|
|
|
|
ifdef CONFIG_TARGET_x86_64
|
|
MICROCODE:="intel-microcode-64"
|
|
else
|
|
MICROCODE:="intel-microcode"
|
|
endif
|
|
|
|
PKG_FLAGS:=nonshared
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/intel-microcode
|
|
SECTION:=firmware
|
|
CATEGORY:=Firmware
|
|
URL:=$(PKG_SOURCE_URL)
|
|
DEPENDS:=@TARGET_x86
|
|
TITLE:=Intel x86 CPU microcode
|
|
endef
|
|
|
|
define Build/Compile
|
|
IUCODE_TOOL=$(STAGING_DIR)/../host/bin/iucode_tool $(MAKE) -C $(PKG_BUILD_DIR)
|
|
mkdir $(PKG_BUILD_DIR)/intel-ucode-ipkg
|
|
$(STAGING_DIR)/../host/bin/iucode_tool -q \
|
|
--write-firmware=$(PKG_BUILD_DIR)/intel-ucode-ipkg $(PKG_BUILD_DIR)/$(MICROCODE).bin
|
|
endef
|
|
|
|
define Package/intel-microcode/install
|
|
$(INSTALL_DIR) $(1)/lib/firmware/intel-ucode
|
|
$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel-ucode-ipkg/* $(1)/lib/firmware/intel-ucode
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,intel-microcode))
|