diff --git a/06-2d-07_config b/06-2d-07_config index 979455d55622ed91b88f9c865d233b1f1dac426e..99a8ed746c7968231943146c0edaa2294468316b 100644 --- a/06-2d-07_config +++ b/06-2d-07_config @@ -1,13 +1,3 @@ model GenuineIntel 06-2d-07 path intel-ucode/06-2d-07 -## The "kernel_early" statements are carried over from the intel caveat config -## in order to avoid enabling this newer microcode on these problematic kernels; -## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme -## (That also means that this caveat has to be enforced separately on these -## kernels.) -kernel_early 4.10.0 -kernel_early 3.10.0-930 -kernel_early 3.10.0-862.14.1 -kernel_early 3.10.0-693.38.1 -kernel_early 3.10.0-514.57.1 -kernel_early 3.10.0-327.73.1 +dependency required intel diff --git a/06-4e-03_config b/06-4e-03_config index bee51b29ca805aee9d3aaecb5c5c0e9ce462224a..7c0e333950786ef5a146b5e65e42fadc7be67a84 100644 --- a/06-4e-03_config +++ b/06-4e-03_config @@ -1,3 +1,4 @@ model GenuineIntel 06-4e-03 path intel-ucode/06-4e-03 +dependency required intel disable early late diff --git a/06-4e-03_readme b/06-4e-03_readme index e221544bfcf5c67d15767a11b943d830186afd55..13cb72a63c43fd81a78ff626038af9640ef078b6 100644 --- a/06-4e-03_readme +++ b/06-4e-03_readme @@ -8,10 +8,12 @@ for the OS-driven microcode update. [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 -For the reference, SHA1 checksums of 06-55-04 microcode files containing +For the reference, SHA1 checksums of 06-4e-03 microcode files containing microcode revisions in question are listed below: * 06-4e-03, revision 0xd6: 06432a25053c823b0e2a6b8e84e2e2023ee3d43e * 06-4e-03, revision 0xdc: cd1733458d187486999337ff8b51eeaa0cfbca6c + * 06-4e-03, revision 0xe2: 41f4513cf563605bc85db38056ac430dec948366 + * 06-4e-03, revision 0xea: 5a54cab9f22f69b819d663e5747ed6ea2a326c55 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -35,6 +37,15 @@ to the following knowledge base articles: CVE-2020-0548 (Vector Register Data Sampling), CVE-2020-0549 (L1D Cache Eviction Sampling): https://access.redhat.com/solutions/5142751 + * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), + CVE-2020-8696 (Vector Register Leakage-Active), + CVE-2020-8698 (Fast Forward Store Predictor): + https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 The information regarding enforcing microcode update is provided below. diff --git a/06-4f-01_config b/06-4f-01_config index f589fbf9d15ff33880e569ae29a18698a5876b57..f9871509c007a2cb5bfcaa774f9a54269daf63ab 100644 --- a/06-4f-01_config +++ b/06-4f-01_config @@ -11,11 +11,5 @@ kernel 2.6.32-573.58.1 kernel 2.6.32-504.71.1 kernel 2.6.32-431.90.1 kernel 2.6.32-358.90.1 -kernel_early 4.10.0 -kernel_early 3.10.0-930 -kernel_early 3.10.0-862.14.1 -kernel_early 3.10.0-693.38.1 -kernel_early 3.10.0-514.57.1 -kernel_early 3.10.0-327.73.1 -mc_min_ver_late 0xb000019 +dependency required intel skip=success match-model-mode=off disable early late diff --git a/06-4f-01_readme b/06-4f-01_readme index 962c7a631cb7aeff51d6084a0351773bab26a922..dc33eecdb5d48baa40c4455f363045ea143df229 100644 --- a/06-4f-01_readme +++ b/06-4f-01_readme @@ -28,6 +28,11 @@ to the following knowledge base articles: * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 ("Microarchitectural Data Sampling"): https://access.redhat.com/articles/4138151 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 The information regarding enforcing microcode load is provided below. diff --git a/06-55-04_config b/06-55-04_config index 373c8ac12c78d7d55f95f1efa6a92a1e4696985b..07f06f6c1c54fbec26d0725134528740899217bc 100644 --- a/06-55-04_config +++ b/06-55-04_config @@ -9,14 +9,4 @@ path intel-ucode/06-55-04 ## are provided for speeding up the search only, VID:DID is the real selector. ## Commented out since revision 0x2006906 seems to fix the issue. #pci_config_val mode=success-all device=0x1e function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8 -## The "kernel_early" statements are carried over from the intel caveat config -## in order to avoid enabling this newer microcode on these problematic kernels; -## see the caveat description in /usr/share/doc/microcode_ctl/caveats/intel_readme -## (That also means that this caveat has to be enforced separately on these -## kernels.) -kernel_early 4.10.0 -kernel_early 3.10.0-930 -kernel_early 3.10.0-862.14.1 -kernel_early 3.10.0-693.38.1 -kernel_early 3.10.0-514.57.1 -kernel_early 3.10.0-327.73.1 +dependency required intel diff --git a/06-55-04_readme b/06-55-04_readme index 097e07b1a598dfe49b0fc22208877ef1b973ade5..b8d3618ee356d63748f1e1b84546c749fca1775d 100644 --- a/06-55-04_readme +++ b/06-55-04_readme @@ -17,6 +17,9 @@ microcode revisions in question are listed below: * 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a * 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23 * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967 + * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 + * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 + * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -40,6 +43,15 @@ to the following knowledge base articles: CVE-2020-0548 (Vector Register Data Sampling), CVE-2020-0549 (L1D Cache Eviction Sampling): https://access.redhat.com/solutions/5142751 + * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), + CVE-2020-8696 (Vector Register Leakage-Active), + CVE-2020-8698 (Fast Forward Store Predictor): + https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 The information regarding disabling microcode update is provided below. diff --git a/06-5e-03_config b/06-5e-03_config index 7482d3625ccead4b44bd2a3e82f070c0367ff61e..ced0abcfee462a681d5a6c98fe2137bbb6068f7b 100644 --- a/06-5e-03_config +++ b/06-5e-03_config @@ -1,3 +1,3 @@ model GenuineIntel 06-5e-03 path intel-ucode/06-5e-03 -disable early late +dependency required intel diff --git a/06-5e-03_readme b/06-5e-03_readme index b739bf217f237f887c2d8449aa9cbb3f4dc9aa1b..9beb75ead4e7f7c1b8a608e910410c44775c33ae 100644 --- a/06-5e-03_readme +++ b/06-5e-03_readme @@ -1,17 +1,22 @@ Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94, -stepping 3) have reports of possible system hangs when revision 0xdc +stepping 3) had reports of possible system hangs when revision 0xdc of microcode, that is included in microcode-20200609 update to address -CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, is applied[1]. In order -to address this, microcode update to the newer revision has been disabled +CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order +to address this, microcode updates to the newer revision had been disabled by default on these systems, and the previously published microcode revision -0xd6 is used by default for the OS-driven microcode update. +0xd6 was used by default for the OS-driven microcode update. The revision +0xea seems[2] to have fixed the aforementioned issue, hence it is enabled +by default (but can be disabled explicitly; see below). [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826 +[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014 -For the reference, SHA1 checksums of 06-55-04 microcode files containing +For the reference, SHA1 checksums of 06-5e-03 microcode files containing microcode revisions in question are listed below: * 06-5e-03, revision 0xd6: 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a * 06-5e-03, revision 0xdc: 5e1020a10678cfc60980131c3d3a2cfd462b4dd7 + * 06-5e-03, revision 0xe2: 031e6e148b590d1c9cfdb6677539eeb4899e831c + * 06-5e-03, revision 0xea: e6c37056a849fd281f2fdb975361a914e07b86c8 Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions @@ -35,32 +40,37 @@ to the following knowledge base articles: CVE-2020-0548 (Vector Register Data Sampling), CVE-2020-0549 (L1D Cache Eviction Sampling): https://access.redhat.com/solutions/5142751 + * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), + CVE-2020-8696 (Vector Register Leakage-Active), + CVE-2020-8698 (Fast Forward Store Predictor): + https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 -The information regarding enforcing microcode update is provided below. +The information regarding disabling microcode update is provided below. -To enforce usage of the latest 06-5e-03 microcode revision for a specific kernel -version, please create a file "force-intel-06-5e-03" inside +To prevent usage of the latest 06-5e-03 microcode revision for a specific kernel +version, please create a file "disallow-intel-06-5e-03" inside /lib/firmware/ directory, run -"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory -where microcode will be available for late microcode update, and run +"/usr/libexec/microcode_ctl/update_ucode" to remove it to firmware directory +where microcode is available for late microcode update, and run "dracut -f --kver ", so initramfs for this kernel version -is regenerated and the microcode can be loaded early, for example: +is regenerated, for example: - touch /lib/firmware/3.10.0-862.9.1/force-intel-06-5e-03 + touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-5e-03 /usr/libexec/microcode_ctl/update_ucode dracut -f --kver 3.10.0-862.9.1 -After that, it is possible to perform a late microcode update by executing -"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to -"/sys/devices/system/cpu/microcode/reload" directly. - -To enforce addition of this microcode for all kernels, please create file -"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03", run -"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates, -and "dracut -f --regenerate-all" for enabling early microcode updates: +To avoid addition of the latest microcode for all kernels, please create file +"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03", run +"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates, +and "dracut -f --regenerate-all" for early microcode updates: mkdir -p /etc/microcode_ctl/ucode_with_caveats - touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-5e-03 + touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-5e-03 /usr/libexec/microcode_ctl/update_ucode dracut -f --regenerate-all diff --git a/06-8c-01_config b/06-8c-01_config new file mode 100644 index 0000000000000000000000000000000000000000..880a4197560ed0a1a4a49e340e407cbcf0aa6947 --- /dev/null +++ b/06-8c-01_config @@ -0,0 +1,3 @@ +model GenuineIntel 06-8c-01 +path intel-ucode/06-8c-01 +dependency required intel skip=success match-model-mode=off diff --git a/06-8c-01_disclaimer b/06-8c-01_disclaimer new file mode 100644 index 0000000000000000000000000000000000000000..6e02fa6c34d6aff942a8cccb86095a13087026a0 --- /dev/null +++ b/06-8c-01_disclaimer @@ -0,0 +1,4 @@ +Microcode updates for Intel Tiger Lake-UP3/UP4 (family 6, model 140, stepping 1; +CPUID 0x806c1) are disabled as they may cause system instability. +Please refer to /usr/share/doc/microcode_ctl/caveats/06-8c-01_readme +and /usr/share/doc/microcode_ctl/README.caveats for details. diff --git a/06-8c-01_readme b/06-8c-01_readme new file mode 100644 index 0000000000000000000000000000000000000000..9625c42cc4d2de5ba99045ec23deb939d7c8d656 --- /dev/null +++ b/06-8c-01_readme @@ -0,0 +1,54 @@ +Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1) +had reports of system hangs when a microcode update, that was included +since microcode-20201110 update, was applied[1]. In order to address this, +microcode update had been disabled by default on these systems. The revision +0x88 seems to have fixed the aforementioned issue, hence it is enabled +by default (but can be disabled explicitly; see below). + +[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 + +For the reference, SHA1 checksums of 06-8c-01 microcode files containing +microcode revisions in question are listed below: + * 06-8c-01, revision 0x68: 2204a6dee1688980cd228268fdf4b6ed5904fe04 + * 06-8c-01, revision 0x88: 61b6590feb2769046d5b0c394179beaf2df51290 + +Please contact your system vendor for a BIOS/firmware update that contains +the latest microcode version. For the information regarding microcode versions +required for mitigating specific side-channel cache attacks, please refer +to the following knowledge base articles: + * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), + CVE-2020-8696 (Vector Register Leakage-Active), + CVE-2020-8698 (Fast Forward Store Predictor): + https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 + +The information regarding disabling microcode update is provided below. + +To disable 06-8c-01 microcode updates for a specific kernel +version, please create a file "disallow-intel-06-8c-01" inside +/lib/firmware/ directory, run +"/usr/libexec/microcode_ctl/update_ucode" to remove it from the firmware +directory where microcode is available for late microcode update, and run +"dracut -f --kver ", so initramfs for this kernel version +is regenerated, for example: + + touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-8c-01 + /usr/libexec/microcode_ctl/update_ucode + dracut -f --kver 3.10.0-862.9.1 + +To avoid addition of this microcode for all kernels, please create file +"/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01", run +"/usr/libexec/microcode_ctl/update_ucode" for late microcode updates, +and "dracut -f --regenerate-all" for early microcode updates: + + mkdir -p /etc/microcode_ctl/ucode_with_caveats + touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-8c-01 + /usr/libexec/microcode_ctl/update_ucode + dracut -f --regenerate-all + +Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional +information. diff --git a/README b/README new file mode 100644 index 0000000000000000000000000000000000000000..193ee9ab27c20d38fc16ff2b8c8851a9b410b052 --- /dev/null +++ b/README @@ -0,0 +1,51 @@ +The microcode_ctl package contains microcode files (vendor-provided binary data +and/or code in proprietary format that affects behaviour of a device) for Intel +CPUs that may be loaded into the CPU during boot. + +This directory contains information regarding various aspects of the provided +microcode files and their usage. + + * LICENSE.intel-ucode + "license" file from the Intel x86 CPU microcode archive. + * README + This file. + * README.caveats + Caveats (mechanism for enabling/disabling usage of sets of microcode files + based on caveat configuration and user preferences) documentation. + Also contains general information about microcode update behaviour and links + with additional information about the relevant microarchitectural + vulnerabilities. + * README.intel-ucode + "README.md" file from the Intel x86 CPU microcode archive. + * RELEASE_NOTES.intel-ucode + "releasenote.md" file from the Intel x86 CPU microcode archive. + * SECURITY.intel-ucode + "security.md" file from the Intel x86 CPU microcode archive. + * SUMMARY.intel-ucode + Information about supplied microcode files extracted from their headers, + in a table form. Columns have the following meaning: + * "Path": path to the microcode file under one of the following directories: + * /usr/share/microcode_ctl/ucode_with_caveats/intel + * /usr/share/microcode_ctl/ucode_with_caveats + * /usr/share/microcode_ctl + * /lib/firmware + * /etc/firmware + * "Offset": offset of the microcode blob within the micocode file in bytes. + * "Ext. Offset": offset of the extended signature header within + the microcode file in bytes. + * "Data Size": size of microcode data in bytes. 0 means 2000 bytes. + * "Total Size": size of microcode blob in bytes, incuding headers. + 0 means 2048 bytes. + * "CPUID": CPU ID signature (in format returned by the CPUID instruction). + * "Platform ID Mask": mask of suitable Platform IDs (provided in bits + 52..50 of MSR 0x17). + * "Revision": microcode revision. + * "Date": microcode creation date. + * "Checksum": sum (in base 1<< 32) of all 32-bit values comprising + the microcode (from Offset up to Offset + Total Size). + * "Codenames": list of known CPU codenames associated with the CPUID + and Platform ID Mask combination. + Please refer to README.cavets, section "Microcode file structure" + for additional information regarding microcode header fields. + * caveats + Directory that contains readme files for each specific caveat. diff --git a/README.caveats b/README.caveats index 4e1c53b70d8899ac4c7389523260b9addc81c56d..8db34b00b662910aba897c84ae41425a5ce541b1 100644 --- a/README.caveats +++ b/README.caveats @@ -88,6 +88,75 @@ installation or removal of a kernel RPM in order to provide microcode files for newly installed kernels and cleanup symlinks for the uninstalled ones. +Microcode file structure +------------------------ +Intel x86 CPU microcode file (that is, one that can be directly consumed +by the CPU/kernel, and not its text representation such as used in microcode.dat +files) is a bundle of concatenated microcode blobs. Each blob has a header, +payload, and an optional additional data, as follows (for additional information +please refer to "Intel® 64 and IA-32 Architectures Software Developer’s Manual" +[1], Volume 3A, Section 9.11.1 "Microcode Update"): + * Header (48 bytes) + * Header version (unsigned 32-bit integer): version number of the update + header. Must be 0x1. + * Microcode revision (signed 32-bit integer) + * Microcode date (unsigned 32-bit integer): encoded as BCD in mmddyyyy format + (0x03141592 is 1592-03-14 in ISO 8601) + * CPU signature (unsigned 32-bit integer): CPU ID, as provided + by the CPUID (EAX = 0x1) instruction in the EAX register: + * bits 31..28: reserved + * bits 27..20: "Extended Family", summed with the Family field value + * bits 19..16: "Extended Model", bits 7..4 of the CPU model + * bits 15..14: reserved + * bits 13..12: "Processor Type", non-zero value (other than the "primary + processor") so far used only for the Deschutes (Pentium II) CPU family, + with the processor type of 1, to signify it is an Overdrive processor: + CPUID 0x1632. + * bits 11..08: Family, summed with the Extended Family field value + * bits 07..04: Model (bits 3..0) + * bits 03..00: Stepping + In short, microcode file with Family-Model-Stepping of uv-wx-0z corresponds + to CPUID 0x0TUw0Vxz, where uv = TU + V, with V usually being 0xF when + uv >= 16; with Family being 6 on most of recent Intel CPUs this transforms + into 0x000w06xz. Please also refer to README.intel-ucode, section "About + Processor Signature, Family, Model, Stepping and Platform ID" + for additional information. + * Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) of all + the 32-bit integers comprising the microcode amounts to 0. + * Loader version (unsigned 32-bit integer): 0x1. + * Platform ID mask (unsigned 32-bit integer): lower 8 bits indicate the set + of possible values of bits 52..50 of MSR 0x17 ("Platform ID"). In old + (up to Pentium II) microcode blobs the mask may be zero. + * Data size (unsigned 32-bit integer): size of the Payload in bytes, + has to be divisible by 4. 0 means 2000. + * Total size (unsigned 32-bit integer): total microcode blob size (including + header and extended header), has to be divisible by 1024. 0 means 2048. + * Reserved (12 bytes). + * Payload + * Additional data (optional, 20 + 12 * n bytes) + * Extended signature table header (20 bytes) + * Extended signature count (unsigned 32-bit integer) + * Checksum (unsigned 32-bit integer): correct if sum (in base 1 << 32) + of all the 32-bit integers comprising the extender signature table + amounts to 0. + * Reserved (12 bytes). + * Extended signature (12 bytes each) + * CPU signature (unsigned 32-bit integer): see the description of the CPU + signature field in the Header above. + * Platform ID mask (unsigned 32-bit integer): see the description + of the Platform ID mask field in the Header above. + * Checksum (unsigned 32-bit integer): correct if sum (in base 1<< 32) + of all the 32-bit integers comprising the Header (with CPU signature + and Platform ID mask fields replaced with the values from this signature) + and the Payload amounts to 0. Note that since External signature table + header has its own checksum, sum of all its 32-bit values amounts to 0, + so the Checksum in the Header and in the Extended signature will be + the same if the values of CPU signature and Platform ID mask fields + are the same, + +[1] https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html + + Caveat configuration -------------------- There is a directory for each caveat under @@ -155,10 +224,6 @@ separated by white space. Currently, the following options are supported: configuration. Argument for the argument is a list of stages ("early", "late") for which the caveat should be disable. The configuration option can be provided multiple times in a configuration file. - * "blacklist" is a marker for a start of list of blacklisted model names, - one model name per line. The model name of the running CPU (as reported - in /proc/cpuinfo) is compared against the names in the provided list, and, - if there is a match, caveat check fails. * "pci_config_val" performs check for specific values in selected parts of configuration space of specified PCI devices. If "-m" option is not specified, then the actual check is skipped, and the check returns @@ -201,7 +266,109 @@ separated by white space. Currently, the following options are supported: of the aforementioned value, then the check is successful, otherwise it fails (in accordance with "mode=success-all" semantics). This check fails if "-m" option is not specified. - + * "dmi" performs checks for specific values available in DMI sysfs files + (present under /sys/devices/virtual/dmi/id/). The check (when it is actually + performed; see a not about "no-model-mode" below) fails if one of the files + is not readable. If "-m" option is not specified, then the actual check + is skipped, and the check returns value in accordance with "no-model-mode" + parameter value (see below). Check arguments are a white-space-separated + list of "key=value" pairs. The following keys are supported: + * "key" - DMI file to check. Value can be one of the following: bios_date, + bios_vendor, bios_version, board_asset_tag, board_name, board_serial, + board_vendor, board_version, chassis_asset_tag, chassis_serial, + chassis_type, chassis_vendor, chassis_version, product_family, + product_name, product_serial, product_uuid, product_version, sys_vendor. + Default is empty string. + * "val" - a string to match DMI data present in "key" against. + Can be enclosed in single or double quotes. Default is empty string. + * "keyval" - a pair of "key" and "val" values (with semantics described + above), separated with either "=", ":", "!=", or "!:" characters. Enables + providing of multiple key-value pairs by means of supplying multiple + keyval= parameters. The exclamation sign ("!") character in separator + enables negated matching (so, non-equality of the value in DMI "key" file + and the value of "val" is). The match considered successful when all + the key/val (non-)equalities are in effect. This parameter works + in addition to the pair provided in "key" and "val" parameters + (but allows to avoid using them). Default is empty. + * "mode" - check mode, the way successful matches are interpreted: + * "success-equal" - returns 0 if the value present in the file + with the name supplied via the "key" parameter file under + /sys/devices/virtual/dmi/id/ is equal to the value supplied as a value + of "val" parameter and all the pairs provided in "keyval" parameters + are equal and non-equal in accordance with their definition, + otherwise 1. + * "fail-equal" - returns 1 if the value present in the file + with the name supplied via the "key" parameter file under + /sys/devices/virtual/dmi/id/ is equal to the value supplied as a value + of "val" parameter and all the pairs provided in "keyval" parameters + are equal and non-equal in accordance with their definition, + otherwise 0. + Default is "success-any". + * "no-model-mode" - return value if model filter ("-m" option) + is not enabled: + * "success" - return 0. + * "fail" - return 1. + Default is "success". + An example of a check: + dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc." + It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its + content is "Dell Inc." (without quotes). It succeeds if "-m" option + is not enabled. + Another example: + dmi mode=fail-equal keyval="sys_vendor=Amazon EC2" keyval="product_name=u-18tb1.metal" + dmi mode=fail-equal keyval="sys_vendor=Lenovo" keyval="product_name=ThinkSystem SR950" + It blocks the caveat from using when either both + /sys/devices/virtual/dmi/id/sys_vendor contains the string "Amazon EC2" + and /sys/devices/virtual/dmi/id/product_name contains the string + "u-18tb1.metal" or both /sys/devices/virtual/dmi/id/sys_vendor contains + the string "Lenovo" and /sys/devices/virtual/dmi/id/product_name contains + the string "ThinkSystem SR950", but enables caveat loading for other products + with the aforementioned /sys/devices/virtual/dmi/id/sys_vendor values, + for example. + * "dependency" allows conditional enablement of a caveat based on the check + status of some other caveat(s). It has the following format: + dependency DEPENDENCY_TYPE DEPENDENCY_NAME [OPTION...] + where DEPENDENCY_NAME is the configuration to be checked, OPTIONs + are per-DEPENDENCY_TYPE, and the only DEPENDENCY_TYPE that is supported + currently is "required". + Options for the "required" dependency type: + * "match-model-mode" - whether model matching mode ("-m" option) + has to be used for the nested configuration check. Possible values: + * "on" - model-matching mode is always used during the nested check; + * "off" - model-matching mode is never used during the nested check; + * "same" - used the same model-matching mode as it is now. + Default is "same". + * "skip" - controls result of the check when the nested check indicated + skipping of the configuration. + * "fail" - the dependent check fails; + * "success" - the dependent check succeeds; + * "skip" - the dependent check indicates that the configuration + is to be skipped. + Default is "skip". + * "force-skip" - controls result of the check when the nested check + indicated skipping of the configuration caused by the presence + of an override file (see "check_caveats script" section for details). + * "fail" - the dependent check fails; + * "success" - the dependent check succeeds; + * "skip" - the dependent check indicates that the configuration + is to be skipped. + Default is "skip". + * "nesting-too-deep" - as a measure against dependency loop, configuration + checking logic implements nesting limit on dependency checks (currently + set at 8). This option controls the behaviour of the check + when the nested check cannot be performed due to this limit. + * "fail" - the dependent check fails; + * "success" - the dependent check succeeds; + * "skip" - the dependent check indicates that the configuration + is to be skipped. + Default is "fail". + An example of a check: + dependency required intel skip=success match-model-mode=off + It checks "intel" caveat configuration (see the "Early microcode load + inside a virtual machine" section) with model-matching mode being disabled, + treats skipping of the configuration as a success (unless the configuration + is forced to be skipped, in that case the dependent configuration + is to be skipped as well). check_caveats script @@ -438,6 +605,8 @@ Caveat name: intel-06-4f-01 Affected microcode: intel-ucode/06-4f-01. +Dependencies: intel + Mitigation: microcode loading is disabled for the affected CPU model. Minimum versions of the kernel package that contain the aforementioned patch @@ -466,6 +635,8 @@ Caveat name: intel Affected microcode: all. +Dependencies: (none) + Mitigation: early microcode loading is disabled for all CPU models on kernels without the fix. @@ -502,6 +673,8 @@ Caveat name: intel-06-2d-07 Affected microcode: intel-ucode/06-2d-07. +Dependencies: intel + Mitigation: None; the latest revision of the microcode file is used by default; previously published microcode revision 0x714 is still available as a fallback as part of "intel" caveat. @@ -531,35 +704,86 @@ Caveat name: intel-06-55-04 Affected microcode: intel-ucode/06-55-04. +Dependencies: intel + Mitigation: None; the latest revision of the microcode file is used by default; previously published microcode revision 0x2000064 is still available as a fallback as part of "intel" caveat. -Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats ----------------------------------------- -Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3; -and SKL-H/S/Xeon E3 v5, family 6, model 94, stepping 3) have reports of system -hangs when revision 0xdc of microcode, that is included in microcode-20200609 -update to address CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549, -is applied[1][2]. In order to address this, microcode update to the newer -revision has been disabled by default on these systems, and the previously -published microcode revision 0xd6 is used instead; the newer microcode files, -however, are still shipped as part of microcode_ctl package and can be used -for performing a microcode update if they are enforced via the aforementioned -overrides. (See the sections "check_caveats script" and "reload_microcode -script" for details.) +Intel Skylake-U/Y caveat +------------------------ +Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3) +have reports of system hangs when revision 0xdc of microcode, that is included +in microcode-20200609 update to address CVE-2020-0543, CVE-2020-0548, +and CVE-2020-0549, is applied[1]. In order to address this, microcode update +to the newer revision has been disabled by default on these systems, +and the previously published microcode revision 0xd6 is used instead; the newer +microcode files, however, are still shipped as part of microcode_ctl package +and can be used for performing a microcode update if they are enforced +via the aforementioned overrides. (See the sections "check_caveats script" +and "reload_microcode script" for details.) [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 -[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826 -Caveat names: intel-06-4e-03, intel-06-5e-03 +Caveat name: intel-06-4e-03 + +Affected microcode: intel-ucode/06-4e-03 -Affected microcode: intel-ucode/06-4e-03, intel-ucode/06-5e-03. +Dependencies: intel Mitigation: previously published microcode revision 0xd6 is used by default. +Intel Skylake-H/S/Xeon E3 v5 caveat +----------------------------------- +Some Intel Skylake CPU models (SKL-H/S/Xeon E3 v5, family 6, model 94, +stepping 3) had reports of system hangs when revision 0xdc of microcode, +that is included in microcode-20200609 update to address CVE-2020-0543, +CVE-2020-0548, and CVE-2020-0549, was applied[1]. In order to address this, +microcode update to the newer revision had been disabled by default on these +systems, and the previously published microcode revision 0xd6 was used instead. +The revision 0xea seems[2] to have fixed the aforementioned issue, hence +the latest microcode revision usage it is enabled by default, +but can be disabled explicitly via the aforementioned overrides. (See +the sections "check_caveats script" and "reload_microcode script" for details.) + +[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826 +[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-857806014 + +Caveat names: intel-06-5e-03 + +Affected microcode: intel-ucode/06-5e-03. + +Dependencies: intel + +Mitigation: None; the latest revision of the microcode file is used by default; +previously published microcode revision 0xd6 is still available as a fallback +as part of "intel" caveat. + + +Intel Tiger Lake-UP3/UP4 caveat +------------------------------- +Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140, +stepping 1) had reports of system hangs when a microcode update, +that was included since microcode-20201110 release, was applied[1]. +In order to address this, microcode update to a newer revision had been disabled +by default on these systems. The revision 0x88 seems to have fixed +the aforementioned issue, hence it is enabled by default; however, it is still +can be disabled via the aforementioned overrides. (See the sections +"check_caveats script" and "reload_microcode script" for details.) + +[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 + +Caveat names: intel-06-8c-01 + +Affected microcode: intel-ucode/06-8c-01. + +Dependencies: intel + +Mitigation: None; the latest revision of the microcode file is used by default. + + Additional information ====================== @@ -588,3 +812,12 @@ Intel CPU vulnerabilities is available in the following knowledge base articles: CVE-2020-0548 (Vector Register Data Sampling), CVE-2020-0549 (L1D Cache Eviction Sampling): https://access.redhat.com/solutions/5142751 + * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), + CVE-2020-8696 (Vector Register Leakage-Active), + CVE-2020-8698 (Fast Forward Store Predictor): + https://access.redhat.com/articles/5569051 + * CVE-2020-24489 (VT-d-related Privilege Escalation), + CVE-2020-24511 (Improper Isolation of Shared Resources), + CVE-2020-24512 (Observable Timing Discrepancy), + CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): + https://access.redhat.com/articles/6101171 diff --git a/check_caveats b/check_caveats index f43fb4aa11c7b812441d435d404416a54fb650de..b8211606180f4748e130ee2d4e6bf17a4e1a8937 100755 --- a/check_caveats +++ b/check_caveats @@ -9,6 +9,8 @@ : ${FW_DIR=/lib/firmware} : ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats} +MAX_NESTING_LEVEL=8 + usage() { echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]' echo ' [-m] [-v]' @@ -138,7 +140,7 @@ check_kver() # [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 # [2] https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13 # -# $1 - params in config file, space-spearated, in key=value form: +# $1 - params in config file, space-separated, in key=value form: # domain=* - PCI domain, '*' or number # bus=* - PCI bus, '*' or number # device=* - PCI device, '*' or number @@ -165,7 +167,7 @@ check_pci_config_val() local checked=0 matched=0 path='' local dev_path dev_vid dev_did dev_val local opts="${1:-}" - local match_model="${2:0}" + local match_model="${2:-0}" set -- $1 while [ "$#" -gt 0 ]; do @@ -258,6 +260,278 @@ check_pci_config_val() ) } +# It is needed for filtering by BIOS vendor name that is available in DMI data +# +# $1 - params in config file, space-separated, in key=value form: +# key= - DMI data record to check. Can be one of the following: bios_date, +# bios_vendor, bios_version, board_asset_tag, board_name, board_serial, +# board_vendor, board_version, chassis_asset_tag, chassis_serial, +# chassis_type, chassis_vendor, chassis_version, product_family, +# product_name, product_serial, product_uuid, product_version, +# sys_vendor. +# val= - a string to match DMI data against. Can be enclosed in single +# or double quotes. +# keyval= - a string of format "KEY(!)?[=:]VAL" (so, one of "KEY=VAL", +# "KEY!=VAL", "KEY:VAL", "KEY!:VAL") that allows providing +# a key-value pair in a single parameter. It is possible to provide +# multiple keyval= parameters. "!" before :/= means negated match. +# The action supplied in the mode= parameter is executed upon +# successful (non-)matching of all the keyval pairs (as well +# as the pair provided in a pair of key= and val= parameters). +# mode=success-equal [ success-equal, fail-equal ] - matching mode: +# success-equal: Returns 0 if the all values present in the corresponding +# files under /sys/devices/virtual/dmi/id/ are equal +# (or not equal in case of a keyval= with negated match) +# to the respective values supplied as the values +# of the keyval= parameters or the pair of key= vand val= +# parameters, otherwise 1. +# fail-equal: Returns 1 if all the values present in DMI files in sysfs +# match (as described above), otherwise 0. +# no-model-mode=success [ success, fail ] - return value if model filter +# is not enabled: +# success: Return 0. +# fail: Return 1. +# $2 - whether model filter is engaged (if it is not '1', just return the result +# based on "no-model-mode" value). +check_dmi_val() +{ + local key= val= keyval= keyvals= mode='success-equal' nm_mode='success' + local opts="${1:-}" opt= opt_= + local match_model="${2:-0}" + + local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor " + local success=1 + + while [ -n "$opts" ]; do + opt="${opts%%[ ]*}" + [ -n "${opt}" ] || { opts="${opts#[ ]}"; continue; } + + [ "x${opt#key=}" = "x${opt}" ] || key="${opt#key=}" + [ "x${opt#mode=}" = "x${opt}" ] || mode="${opt#mode=}" + [ "x${opt#no-model-mode=}" = "x${opt}" ] || \ + nm_mode="${opt#no-model-mode=}" + + # Handle possible quoting + [ "x${opt#val=}" = "x${opt}" ] || { + case "${opt#val=}" in + [\']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val='${val}'" ;; + [\"]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;; + *) val="${opt#val=}" ;; + esac + } + [ "x${opt#keyval=}" = "x${opt}" ] || { + case "${opt#keyval=}" in + [\']*) + opt_="${opts#keyval=\'}" + keyval="${opt_%%\'*}" + opt="keyval='${keyval}'" + keyvals="${keyvals} + ${keyval}" + ;; + [\"]*) + opt_="${opts#keyval=\"}" + keyval="${opt_%%\"*}" + opt="keyval=\"${keyval}\"" + keyvals="${keyvals} + ${keyval}" + ;; + *) + keyvals="${keyvals} + ${opt#keyval=}" + ;; + esac + } + + opts="${opts#"${opt}"}" + continue + done + + [ -z "$key" -a -z "$val" ] || keyvals="${key}=${val}${keyvals}" + + [ -n "x${keyvals}" ] || { + debug "Neither key=, val=, nor keyval= parameters were privoded" + echo 2 + return + } + + [ 1 = "$match_model" ] || { + case "$nm_mode" in + success) echo 0 ;; + fail) echo 1 ;; + *) + debug "Invalid no-model-mode value: \"${nm_mode}\"" + echo 2 + ;; + esac + + return + } + + case "$mode" in + success-equal|fail-equal) ;; + *) debug "Invalid mode value: \"${nm_mode}\""; echo 2; return ;; + esac + + printf "%s\n" "${keyvals}" | ( + while read l; do + [ -n "$l" ] || continue + key="${l%%[=:]*}" + val="${l#${key}[=:]}" + + cmp="=" + [ "x${key%!}" = "x${key}" ] || { + cmp="!=" + key="${key%!}" + } + + # Check key for validity + [ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || { + debug "Invalid \"key\" parameter value: \"${key}\"" + echo 2 + return + } + + [ -r "/sys/devices/virtual/dmi/id/${key}" ] || { + debug "Can't access /sys/devices/virtual/dmi/id/${key}" + echo 3 + return + } + + file_val="$(/bin/cat "/sys/devices/virtual/dmi/id/${key}")" + + [ "x${val}" "${cmp}" "x${file_val}" ] || { + case "$mode" in + success-equal) echo 1 ;; + fail-equal) echo 0 ;; + esac + + return + } + done + + case "$mode" in + success-equal) echo 0 ;; + fail-equal) echo 1 ;; + esac + ) +} + +# check_dependency CURLEVEL DEP_TYPE DEP_NAME OPTS +# DEP_TYPE: +# required - caveat can be enabled only if dependency is enabled +# (is not forcefully disabled and meets caveat conditions) +# OPTS: +# match-model-mode=same [ on, off, same ] - what mode matching mode is to be used for dependency +# skip=skip [ fail, skip, success ] +# force-skip=skip [ fail, skip, success ] +# nesting-too-deep=fail [ fail, skip, success ] +# Return values: +# 0 - success +# 1 - fail +# 2 - skip +# 9 - error +check_dependency() +{ + local cur_level="$1" + local dep_type="$2" + local dep_name="$3" + local match_model_mode=same old_match_model="${match_model}" + local skip=skip + local force_skip=skip + local nesting_too_deep=fail + + local check="Dependency check for ${dep_type} ${dep_name}" + + set -- ${4:-} + while [ "$#" -gt 0 ]; do + [ "x${1#match-model-mode=}" = "x${1}" ] || match_model_mode="${1#match-model-mode=}" + [ "x${1#skip=}" = "x${1}" ] || skip="${1#skip=}" + [ "x${1#force-skip=}" = "x${1}" ] || force_skip="${1#force-skip=}" + [ "x${1#nesting-too-deep=}" = "x${1}" ] || nesting_too_deep="${1#nesting-too-deep=}" + + shift + done + + case "${dep_type}" in + required) + [ "x${dep_name%/*}" = "x${dep_name}" ] || { + debug "${check} error: dependency name (${dep_name})" \ + "cannot contain slashes" + echo 9 + return + } + + [ "${MAX_NESTING_LEVEL}" -ge "$cur_level" ] || { + local reason="nesting level is too deep (${cur_level}) and nesting-too-deep='${nesting_too_deep}'" + + case "$nesting_too_deep" in + success) debug "${check} succeeded: ${reason}"; echo 0 ;; + fail) debug "${check} failed: ${reason}"; echo 1 ;; + skip) debug "${check} skipped: ${reason}"; echo 2 ;; + *) debug "${check} error: invalid" \ + "nesting-too-deep mode" \ + "(${nesting_too_deep})"; echo 9 ;; + esac + + return + } + + case "${match_model_mode}" in + same) ;; + on) match_model=1 ;; + off) match_model=0 ;; + *) + debug "${check} error: invalid match-model-mode" \ + "(${match_model_mode})" + echo 9 + return + ;; + esac + + local result=0 + debug "${check}: calling check_caveat '${dep_name}'" \ + "'$(($cur_level + 1))' match_model=${match_model}" + check_caveat "${dep_name}" "$(($cur_level + 1))" > /dev/null || result="$?" + + match_model="${old_match_model}" + + case "${result}" in + 0) debug "${check} succeeded: result=${result}"; echo "${result}" ;; + 1) debug "${check} failed: result=${result}"; echo "${result}" ;; + 2) + local reason="result=${result} and skip='${skip}'" + + case "${skip}" in + success) debug "${check} succeeded: ${reason}"; echo 0 ;; + fail) debug "${check} failed: ${reason}"; echo 1 ;; + skip) debug "${check} skipped: ${reason}"; echo 2 ;; + *) debug "${check} error: unexpected skip=" \ + "setting (${skip})"; echo 9 ;; + esac + ;; + 3) + local reason="result=${result} and force_skip='${force_skip}'" + + case "${force_skip}" in + success) debug "${check} succeeded: ${reason}"; echo 0 ;; + fail) debug "${check} failed: ${reason}"; echo 1 ;; + skip) debug "${check} skipped: ${reason}"; echo 2 ;; + *) debug "${check} error: unexpected force-skip=" \ + "setting (${skip})"; echo 9 ;; + esac + ;; + *) + debug "${check} error: unexpected check_caveat result" \ + "(${result})"; echo 9 ;; + esac + ;; + *) + debug "${check} error: unknown dependency type '${dep_type}'" + echo 9 + ;; + esac +} + # Provides model in format "VENDOR_ID FAMILY-MODEL-STEPPING" # # We check only the first processor as we don't expect non-symmetrical setups @@ -292,6 +566,12 @@ get_mc_path() AuthenticAMD) echo "amd-ucode/$2" ;; + *) + # We actually only support Intel ucode, but things may break + # if nothing is printed (input would be gotten from stdin + # otherwise). + echo "invalid" + ;; esac } @@ -300,19 +580,6 @@ get_mc_ver() /bin/sed -rn '1,/^$/s/^microcode[[:space:]]*: (.*)$/\1/p' /proc/cpuinfo } -fail() -{ - ret=1 - - fail_cfgs="$fail_cfgs $cfg" - fail_paths="$fail_paths $cfg_path" - - [ 0 -eq "$print_disclaimers" ] || [ ! -e "${dir}/disclaimer" ] \ - || /bin/cat "${dir}/disclaimer" -} - -#check_kver "$@" -#get_model_name match_model=0 configs= @@ -373,33 +640,44 @@ else stage="late" fi - -for cfg in $(echo "${configs}"); do - dir="$MC_CAVEATS_DATA_DIR/$cfg" - - # We add cfg to the skip list first and then, if we do not skip it, - # we remove the configuration from the list. - skip_cfgs="$skip_cfgs $cfg" +# check_caveat CFG [CHECK_LEVEL] +# changes ret_paths, ok_paths, fail_paths, ret_cfgs, ok_cfgs, fail_cfgs, +# skip_cfgs if CHECK_LEVEL is set to 0 (default). +# CHECK_LEVEL is used for recursive configuration dependency checks, +# and indicates nesting level. +# Return value: +# 0 - check is successful +# 1 - check has been failed +# 2 - configuration has been skipped +# 3 - configuration has been skipped due to presence of an override file +check_caveat() { + local cfg="$1" + local check_level="${2:-0}" + local dir="$MC_CAVEATS_DATA_DIR/$cfg" [ -r "${dir}/readme" ] || { debug "File 'readme' in ${dir} is not found, skipping" - continue + return 2 } [ -r "${dir}/config" ] || { debug "File 'config' in ${dir} is not found, skipping" - continue + return 2 } - cfg_model= - cfg_vendor= - cfg_path= - cfg_kvers= - cfg_kvers_early= - cfg_blacklist= - cfg_mc_min_ver_late= - cfg_disable= - cfg_pci= + local cfg_model= + local cfg_vendor= + local cfg_path= + local cfg_kvers= + local cfg_kvers_early= + local cfg_mc_min_ver_late= + local cfg_disable= + local cfg_pci= + local cfg_dmi= + local cfg_dependency= + + local key + local value while read -r key value; do case "$key" in @@ -424,13 +702,18 @@ for cfg in $(echo "${configs}"); do disable) cfg_disable="$cfg_disable $value " ;; - blacklist) - cfg_blacklist=1 - ;; pci_config_val) cfg_pci="$cfg_pci $value" ;; + dmi) + cfg_dmi="$cfg_dmi + $value" + ;; + dependency) + cfg_dependency="$cfg_dependency + $value" + ;; '#'*|'') continue ;; @@ -441,12 +724,8 @@ for cfg in $(echo "${configs}"); do esac done < "${dir}/config" - [ -z "${cfg_blacklist}" ] || \ - cfg_blacklist=$(/bin/sed -n '/^blacklist$/,$p' "${dir}/config" | - /usr/bin/tail -n +2) - debug "${cfg}: model '$cfg_model', path '$cfg_path', kvers '$cfg_kvers'" - debug "${cfg}: blacklist '$cfg_blacklist'" + echo "$cfg_path" # Check for override files in the following order: # - disallow early/late specific caveat for specific kernel @@ -467,10 +746,10 @@ for cfg in $(echo "${configs}"); do # - force early/late everyhting # - disallow everything # - force everyhting - ignore_cfg=0 - force_cfg=0 - override_file="" - overrides=" + local ignore_cfg=0 + local force_cfg=0 + local override_file="" + local overrides=" 0:$FW_DIR/$kver/disallow-$stage-$cfg 1:$FW_DIR/$kver/force-$stage-$cfg 0:$FW_DIR/$kver/disallow-$cfg @@ -487,6 +766,9 @@ for cfg in $(echo "${configs}"); do 1:$CFG_DIR/force-$stage 0:$CFG_DIR/disallow 1:$CFG_DIR/force" + local o + local o_force + local override_file for o in $(echo "$overrides"); do o_force=${o%%:*} override_file=${o#$o_force:} @@ -505,7 +787,7 @@ for cfg in $(echo "${configs}"); do [ 0 -eq "$ignore_cfg" ] || { debug "Configuration \"$cfg\" is ignored due to presence of" \ "\"$override_file\"." - continue + return 3 } # Check model if model filter is enabled @@ -514,21 +796,22 @@ for cfg in $(echo "${configs}"); do debug "Current CPU model '$cpu_model' doesn't" \ "match configuration CPU model '$cfg_model'," \ "skipping" - continue + return 2 } fi # Check paths if model filter is enabled + local cpu_mc_path + local cfg_mc_present if [ 1 -eq "$match_model" -a -n "$cfg_path" ]; then cpu_mc_path="$MC_CAVEATS_DATA_DIR/$cfg/$(get_mc_path \ "$cpu_vendor" "${cpu_model#* }")" cfg_mc_present=0 for p in $(printf "%s" "$cfg_path"); do - { /usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \ - -path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0; - /bin/true; } \ - | /bin/grep -zFxq "$cpu_mc_path" \ + /usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \ + -path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0 \ + | /bin/grep -zFxc "$cpu_mc_path" > /dev/null \ || continue cfg_mc_present=1 @@ -538,7 +821,7 @@ for cfg in $(echo "${configs}"); do [ 1 = "$cfg_mc_present" ] || { debug "No matching microcode files in '$cfg_path'" \ "for CPU model '$cpu_model', skipping" - continue + return 2 } fi @@ -548,30 +831,56 @@ for cfg in $(echo "${configs}"); do debug "Current CPU vendor '$cpu_vendor' doesn't" \ "match configuration CPU vendor '$cfg_vendor'," \ "skipping" - continue + return 2 } fi - # Check configuration files - - ret_cfgs="$ret_cfgs $cfg" - ret_paths="$ret_paths $cfg_path" - skip_cfgs="${skip_cfgs% $cfg}" - + # Has to be performed before dependency checks [ 0 -eq "$force_cfg" ] || { debug "Checks for configuration \"$cfg\" are ignored due to" \ "presence of \"$override_file\"." - ok_cfgs="$ok_cfgs $cfg" - ok_paths="$ok_paths $cfg_path" - - continue + return 0 } + # Check dependencies + # It has to be performed here (before adding configuration + # to $ret_cfgs/$ret_paths) since it may be skipped. + if [ -n "$cfg_dependency" ]; then + dep_line="$(printf "%s\n" "$cfg_dependency" | \ + while read -r dep_type dep_name dep_opts + do + [ -n "$dep_type" ] || continue + dep_res=$(check_dependency "$check_level" \ + "$dep_type" \ + "$dep_name" \ + "$dep_opts") + [ 0 != "$dep_res" ] || continue + echo "$dep_res $dep_type $dep_name $dep_opts" + break + done + echo "0 ")" + + case "${dep_line%% *}" in + 0) ;; + 2) + debug "Dependency check '${dep_line#* }'" \ + "induced configuration skip" + return 2 + ;; + *) + debug "Dependency check '${dep_line#* }'" \ + "failed (with return code ${dep_line%% *})" + return 1 + ;; + esac + fi + + # Check configuration files + [ "x${cfg_disable%%* $stage *}" = "x$cfg_disable" ] || { debug "${cfg}: caveat is disabled in configuration" - fail - continue + return 1 } # Check late load kernel version @@ -579,8 +888,7 @@ for cfg in $(echo "${configs}"); do check_kver "$kver" $cfg_kvers || { debug "${cfg}: late load kernel version check for" \ " '$kver' against '$cfg_kvers' failed" - fail - continue + return 1 } fi @@ -589,17 +897,7 @@ for cfg in $(echo "${configs}"); do check_kver "$kver" $cfg_kvers_early || { debug "${cfg}: early load kernel version check for" \ "'$kver' against '$cfg_kvers_early' failed" - fail - continue - } - fi - - # Check model blacklist - if [ -n "$cfg_blacklist" ]; then - echo "$cfg_blacklist" | /bin/grep -vqFx "${cpu_model_name}" || { - debug "${cfg}: model '${cpu_model_name}' is blacklisted" - fail - continue + return 1 } fi @@ -612,8 +910,7 @@ for cfg in $(echo "${configs}"); do debug "${cfg}: CPU microcode version $cpu_mc_ver" \ "failed check (should be at least" \ "${cfg_mc_min_ver_late})" - fail - continue + return 1 } fi @@ -634,13 +931,66 @@ for cfg in $(echo "${configs}"); do [ -z "${pci_line#* }" ] || { debug "PCI configuration word check '${pci_line#* }'" \ "failed (with return code ${pci_line%% *})" - fail - continue + return 1 + } + fi + + # Check DMI data if model filter is enabled + # Note that the model filter check is done inside check_dmi_val + # (which returns the value of 'no-model-mode=' parameter + # if it is disenaged). + if [ -n "$cfg_dmi" ]; then + dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line + do + [ -n "$dmi_line" ] || continue + dmi_res=$(check_dmi_val "$dmi_line" \ + "$match_model") + [ 0 != "$dmi_res" ] || continue + echo "$dmi_res $dmi_line" + break + done + echo "0 ")" + + [ -z "${dmi_line#* }" ] || { + debug "DMI data check '${dmi_line#* }'" \ + "failed (with return code ${dmi_line%% *})" + return 1 } fi - ok_cfgs="$ok_cfgs $cfg" - ok_paths="$ok_paths $cfg_path" + return 0 +} + +for cfg in $(echo "${configs}"); do + if cfg_path=$(check_caveat "$cfg"; exit "$?") + then + ret_cfgs="$ret_cfgs $cfg" + ret_paths="$ret_paths $cfg_path" + ok_cfgs="$ok_cfgs $cfg" + ok_paths="$ok_paths $cfg_path" + else + case "$?" in + 1) + ret=1 + + ret_cfgs="$ret_cfgs $cfg" + ret_paths="$ret_paths $cfg_path" + fail_cfgs="$fail_cfgs $cfg" + fail_paths="$fail_paths $cfg_path" + + [ 0 -eq "$print_disclaimers" ] \ + || [ ! -e "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer" ] \ + || /bin/cat "${MC_CAVEATS_DATA_DIR}/${cfg}/disclaimer" + ;; + 2|3) + skip_cfgs="$skip_cfgs $cfg"; + ;; + *) + debug "Unexpected check_caveat return code '$?'" \ + "for config '$cfg'" + ;; + esac + fi done [ 0 -eq "$print_disclaimers" ] || exit 0 diff --git a/codenames.list b/codenames.list new file mode 100644 index 0000000000000000000000000000000000000000..f2eaa753797afc00ac0182b3bdb6104cd4640d80 --- /dev/null +++ b/codenames.list @@ -0,0 +1,323 @@ +# format=extended +# SPDX-License-Identifier: CC0-1.0 +# Segment; Unused; Codename; Stepping; PF; CPUID; Abbreviation; Variant(s); Families; Models + +Server;;Pentium Pro;B0;00;611;;;Pentium Pro; +Server;;Pentium Pro;C0;00;612;;;Pentium Pro; +Server;;Pentium Pro;sA0;00;616;;;Pentium Pro; +Server;;Pentium Pro;sA1;00;617;;;Pentium Pro; +Server;;Pentium Pro;sB1;00;619;;;Pentium Pro; +Desktop;;Klamath (PII);C0;ff;633;;;Pentium II; +Desktop;;Klamath (PII);C1;ff;634;;;Pentium II; +Desktop;;Deschutes SEPP (PII);A0;01;650;;;Celeron; +Mobile;;Deschutes Mini-Cart (PII);A0;02;650;;;Pentium II Mobile; +Server;;Deschutes SECC (PII);A0;04;650;;;Pentium II Xeon; +Mobile;;Deschutes MMC1/MMC2 (PII);A0;08;650;;;Pentium II Mobile; +Mobile;;Deschutes Micro-PGA1 (PII);A0;20;650;;;Pentium II Mobile; +Mobile;;Deschutes (PII);A0;80;650;;;Pentium II Mobile; +Desktop;;Deschutes SECC/SECC2 (PII);A1;01;651;;;Celeron; +Desktop;;Deschutes SEPP (PII);A1;01;651;;;Celeron; +Mobile;;Deschutes Mini-Cart (PII);A1;02;651;;;Pentium II Mobile; +Mobile;;Deschutes MMC1/MMC2 (PII);A1;08;651;;;Pentium II Mobile; +Desktop;;Deschutes SECC/SECC2 (PII);B0;01;652;;;Pentium II; +Mobile;;Deschutes Mini-Cart (PII);B0;02;652;;;Pentium II Mobile; +Server;;Deschutes SECC (PII);B0;04;652;;;Pentium II Xeon; +Mobile;;Deschutes MMC1/MMC2 (PII);B0;08;652;;;Pentium II Mobile; +Desktop;;Deschutes SECC/SECC2 (PII);B1;01;653;;;Pentium II; +Mobile;;Deschutes Mini-Cart (PII);B1;02;653;;;Pentium II Mobile; +Server;;Deschutes SECC (PII);B1;04;653;;;Pentium II Xeon; +Mobile;;Deschutes MMC1/MMC2 (PII);B1;08;653;;;Pentium II Mobile; +Desktop;;Mendocino SEPP (PII);A0;01;660;;;Celeron; +Desktop;;Mendocino PPGA (PII);B0;10;665;;;Celeron; +Mobile;;Dixon Mini-Cart (PII);A1;02;66a;;;Pentium II Mobile; +Mobile;;Dixon MMC1/MMC2 (PII);A1;08;66a;;;Pentium II Mobile, Celeron Mobile; +Mobile;;Dixon Micro-PGA1 (PII);A1;20;66a;;;Pentium II Mobile, Celeron Mobile; +Mobile;;Dixon Mini-Cart (PII);A1;02;66d;;;Pentium II Mobile; +Mobile;;Dixon MMC1/MMC2 (PII);A1;08;66d;;;Pentium II Mobile; +Mobile;;Dixon Micro-PGA1 (PII);A1;20;66d;;;Pentium II Mobile; +Desktop;;Katmai SECC/SECC2 (PIII);B0;01;671;;;Pentium III; +Server;;Tanner SECC (PIII);B0;04;671;;;Pentium III Xeon; +Desktop;;Katmai SECC/SECC2 (PIII);B0;01;672;;;Pentium III; +Server;;Tanner SECC (PIII);B0;04;672;;;Pentium III Xeon; +Desktop;;Katmai SECC/SECC2 (PIII);C0;01;673;;;Pentium III; +Server;;Tanner SECC (PIII);C0;04;673;;;Pentium III Xeon; +Desktop;;Coppermine SECC/SECC2 (PIII);A2;01;681;;;Pentium III; +Server;;Cascades SECC (PIII);A2;04;681;;;Pentium III Xeon; +Mobile;;Coppermine MMC2 (PIII);A2;08;681;;;Pentium III Mobile; +Desktop;;Coppermine FC-PGA (PIII);A2;10;681;;;Pentium III; +Mobile;;Coppermine Micro-PGA2 (PIII);A2;20;681;;;Pentium III Mobile; +Desktop;;Coppermine SECC/SECC2 (PIII);B0;01;683;;;Pentium III; +Server;;Cascades SECC (PIII);B0;04;683;;;Pentium III Xeon; +Mobile;;Coppermine MMC2 (PIII);B0;08;683;;;Pentium III Mobile; +Desktop;;Coppermine FC-PGA (PIII);B0;10;683;;;Pentium III; +Mobile;;Coppermine Micro-PGA2 (PIII);B0;20;683;;;Pentium III Mobile; +Desktop;;Coppermine SECC/SECC2 (PIII);C0;01;686;;;Pentium III; +Mobile;;Coppermine (PIII);C0;02;686;;;Pentium III Mobile; +Server;;Cascades SECC (PIII);C0;04;686;;;Pentium III Xeon; +Mobile;;Coppermine MMC2 (PIII);C0;08;686;;;Pentium III Mobile; +Desktop;;Coppermine FC-PGA (PIII);C0;10;686;;;Pentium III; +Mobile;;Coppermine Micro-PGA2 (PIII);C0;20;686;;;Pentium III Mobile; +Desktop;;Coppermine FC-PGA2 (PIII);C0;20;686;;;Pentium III; +Desktop;;Coppermine (PIII);C0;80;686;;;Pentium III; +Desktop;;Coppermine (PIII);D0;ff;68a;;;Pentium III; +Mobile;;Banias (P-M);B1;b0;695;;;Pentium M, Celeron M; +Server;;Cascades (PIII);A0;04;6a0;;;Pentium III Xeon; +Server;;Cascades (PIII);A1;04;6a1;;;Pentium III Xeon; +Server;;Cascades (PIII);B0;04;6a4;;;Pentium III Xeon; +Desktop;;Tualatin FC-PGA2 (PIII);A0;10;6b0;;;Pentium III; +Desktop;;Tualatin FC-PGA2 (PIII);A1;10;6b1;;;Pentium III; +Mobile;;Tualatin Micro-PGA2 (PIII);A1;20;6b1;;;Pentium III Mobile; +Desktop;;Tualatin FC-PGA2 (PIII);B1;10;6b4;;;Pentium III; +Mobile;;Tualatin Micro-PGA2 (PIII);B1;20;6b4;;;Pentium III Mobile; +Mobile;;Dothan (P-M);B0;20;6d6;;;Pentium M; +Mobile;;Dothan (P-M);C0;20;6d8;;;Pentium M; +Mobile;;Yonah;B0;20;6e4;;;Core Duo, Core Solo; +Mobile;;Yonah;C0;20;6e8;;;Core Duo, Core Solo; +Server;;Sossaman (Yonah);C0;00;6e8;;;Xeon LV; +Mobile;;Yonah;E0;a0;6ec;;;Core Duo, Core Solo; +Server;;Sossaman (Yonah);D0;00;6ec;;;Xeon LV, Xeon ULV; +Mobile;;Yonah;M0;20;6ed;;;Core Duo Mobile; +Desktop;;Conroe (Merom);L2;01;6f2;;;Core2 Duo E4xxx, E6xxx; +Mobile;;Merom;L2;20;6f2;;;Core2 Duo Mobile; +Server;;Conroe Xeon (Merom);L2;01;6f2;;;;Xeon 3040, 3050 +Desktop;;Conroe (Merom);B0;01;6f4;;;Core2 Duo E4xxx, E6xxx; +Server;;Woodcrest (Merom);B0;04;6f4;;;Xeon 51xx; +Desktop;;Conroe (Merom);B2;01;6f6;;;Core2 Duo E4xxx, E6xxx; +Mobile;;Merom;B2;20;6f6;;;Core2 Duo Mobile; +Server;;Conroe Xeon (Merom);B2;01;6f6;;;;Xeon 3040, 3050, 3060, 3070 +Server;;Woodcrest (Merom);B2;04;6f6;;;;Xeon 5110, 5120, 5130, 5140, 5150, 5160, Xeon LV 5128, 5133, 5138, 5148 +Desktop;;Kentsfield (Merom);B3;10;6f7;;;; +Server;;Kentsfield Xeon (Merom);B3;10;6f7;;;;Xeon X3210, X3220 +Server;;Clovertown (Merom);B3;40;6f7;;;;Xeon E5310, E5320, E5335, E5345, X5355, X5365, L5310, L5320 +Desktop;;Tigerton (Merom);E0;01;6f9;;;; +Mobile;;Merom;E1;80;6fa;;;Core 2 Duo Mobile, Celeron Processor 500; +Desktop;;Conroe (Merom);G0;01;6fb;;;; +Desktop;;Kentsfield (Merom);G0;10;6fb;;;; +Mobile;;Merom;G0;a0;6fb;;;; +Server;;Conroe Xeon (Merom);G0;01;6fb;;;;Xeon 3065, 3075, 3085 +Server;;Woodcrest (Merom);G0;04;6fb;;;;Xeon 5110, 5120, 5130, 5140, 5150, 5160, Xeon LV 5113, 5128, 5133, 5138, 5148 +Server;;Tigerton (Merom);G0;08;6fb;;;;Xeon E7210, E7220, E7310, E7320, E7330, E7340, X7350, L7345 +Server;;Kentsfield Xeon (Merom);G0;10;6fb;;;;Xeon X3210, X3220, X3230 +Server;;Clovertown (Merom);G0;40;6fb;;;;Xeon E5310, E5320, E5335, E5345, X5355, X5365, L5310, L5318, L5320, L5335 +Desktop;;Conroe (Merom);M0;01;6fd;;;; +Mobile;;Merom;M0;a0;6fd;;;; +Desktop;;Willamette (NetBurst);B2;01;f07;;;Pentium 4 (Socket 423); +Server;;Foster DP (NetBurst);B2;02;f07;;;Pentium 4 Xeon (Socket 603); +Desktop;;Willamette (NetBurst);B2;04;f07;;;Pentium 4 (Willamette, Socket 478); +Desktop;;Willamette (NetBurst);C1;01;f0a;;;Pentium 4 (Socket 423); +Server;;Foster DP (NetBurst);C1;02;f0a;;;Pentium 4 Xeon (Socket 603); +Desktop;;Willamette (NetBurst);C1;04;f0a;;;Pentium 4 (Willamette, Socket 478); +Server;;Foster MP (NetBurst);C0;02;f11;;;Pentium 4 Xeon MP (Socket 603); +Desktop;;Willamette (NetBurst);D0;01;f12;;;Pentium 4 (Socket 423); +Server;;Foster DP (NetBurst);D0;02;f12;;;Pentium 4 Xeon (Socket 603); +Desktop;;Willamette (NetBurst);D0;04;f12;;;Pentium 4 (Willamette, Socket 478); +Desktop;;Willamette (NetBurst);E0;04;f13;;;Pentium 4 (Willamette, Socket 478), Celeron (Willamette, Socket 478); +Server;;Prestonia (NetBurst);A0;02;f22;;;Pentium 4 Xeon MP (Socket 603); +Desktop;;Northwood (NetBurst);B0;04;f24;;;Pentium 4 (Northwood); +Mobile;;Northwood (NetBurst);B0;08;f24;;;Pentium 4-M; +Mobile;;Northwood (NetBurst);B0;10;f24;;;Pentium 4 Mobile; +Server;;Prestonia (NetBurst);B0;02;f24;;;Pentium 4 Xeon (Socket 603/604); +Desktop;;Northwood (NetBurst);B1,M0;14;f25;;;Pentium 4 (Northwood); +Server;;Prestonia (NetBurst);B1,M0;01;f25;;;Pentium 4 Xeon (Socket 603/604); +Server;;Gallatin (NetBurst);B1;02;f25;;;Pentium 4 Xeon (Socket 603/604); +Server;;Gallatin (NetBurst);B1;02;f26;;;Pentium 4 Xeon (Socket 603/604); +Desktop;;Northwood (NetBurst);C1;04;f27;;;Pentium 4 (Northwood), Celeron (Northwood); +Mobile;;Northwood (NetBurst);C1;08;f27;;;Pentium 4-M, Celeron Mobile; +Server;;Prestonia (NetBurst);C1;02;f27;;;Pentium 4 Xeon (Socket 603/604); +Desktop;;Northwood (NetBurst);D1;04;f29;;;Pentium 4 (Northwood), Celeron (Northwood); +Mobile;;Northwood (NetBurst);D1;08;f29;;;Pentium 4-M, Celeron Mobile; +Server;;Prestonia (NetBurst);D1;02;f29;;;Pentium 4 Xeon (Socket 603/604); +Desktop;;Prescott (NetBurst);B1;0d;f32;;;Pentium 4 (Prescott); +Desktop;;Prescott (NetBurst);C0;0d;f33;;;Pentium 4 (Prescott), Celeron D; +Desktop;;Prescott (NetBurst);D0;1d;f34;;;Pentium 4 (Prescott), Celeron D; +Server;;Nocona (NetBurst);D0;1d;f34;;;Pentium 4 (Prescott); +Desktop;;Prescott (NetBurst);E0;bd;f41;;;Pentium 4 (Prescott), Celeron D; +Server;;Protomac (NetBurst);C0;02;f41;;;Pentium 4 Xeon MP (Socket 604); +Server;;Cranford (NetBurst);A0;bd;f41;;;Pentium 4 Xeon MP (Socket 604); +Server;;Nocona (NetBurst);E0;bd;f41;;;Pentium 4 Xeon (Socket 604); +Desktop;;Prescott (NetBurst);N0;9d;f43;;;Pentium 4 (Prescott); +Server;;Irwindale (NetBurst);N0;9d;f43;;;Pentium 4 Xeon (Socket 604); +Desktop;;Smithfield (NetBurst);A0;9d;f44;;;Pentium D 8x0 (Smithfield); +Desktop;;Smithfield (NetBurst);B0;9d;f47;;;Pentium D 8x0 (Smithfield); +Server;;Paxwille (NetBurst);A0;01;f48;;;Pentium 4 Dual-Core Xeon 70xx; +Server;;Paxwille (NetBurst);A0;02;f48;;;Pentium 4 Dual-Core Xeon MP 70xx; +Desktop;;Prescott (NetBurst);G1;bd;f49;;;Pentium 4 (Prescott), Celeron D; +Server;;Cranford (NetBurst);B0;bd;f49;;;Pentium 4 Xeon MP (Socket 604); +Server;;Nocona (NetBurst);G1;bd;f49;;;Pentium 4 Xeon (Socket 604); +Desktop;;Prescott (NetBurst);R0;5c;f4a;;;Pentium 4 (Prescott); +Server;;Irwindale (NetBurst);R0;5d;f4a;;;Pentium 4 Xeon (Socket 604); +Desktop;;Cedar Mill (NetBurst);B1;04;f62;;;;Pentium 4 HT 631, 641, 651, 661 +Desktop;;Presler (NetBurst);B1;04;f62;;;;Pentium D 920, 930, 940, 950, Pentium Extreme Edition 955 +Desktop;;Cedar Mill (NetBurst);C1;34;f64;;;;Pentium 4 HT 631, 641, 651, 661, Celeron D 347, 352, 356 +Desktop;;Presler (NetBurst);C1;34;f64;;;;Pentium D 915, 920, 925, 930, 940, 945, 950, 960, Pentium Extreme Edition 965 +Server;;Dempsey (NetBurst);C1;01;f64;;;Xeon 50xx; +Desktop;;Cedar Mill (NetBurst);D0;04;f65;;;;Pentium 4 HT 631, 641, 651, 661, Celeron D 347, 352, 356, 360, 365 +Desktop;;Presler (NetBurst);D0;04;f65;;;;Pentium D 915, 925, 935, 945, 950, 960 +Server;;Dempsey (NetBurst);D0;01;f65;;;Xeon 50xx; +Server;;Tulsa (NetBurst);B0;22;f68;;;;Xeon 7110N, 7110M, 7120N, 7120M, 7130N, 7130M, 7140N, 7140M, 7150N +Server;;Deschutes (PII);B0;00;01632;;;Pentium II Xeon; +SOC;;Tolapai (P-M);B0;ff;10650;;;;EP80579 +Desktop;;Conroe-L (Merom);A1;01;10661;;;;Celeron 220, 420, 430, 440, 450 +Mobile;;Merom-L;A1;82;10661;;;; +Desktop;;Wolfdale (Penryn);M0;91;10676;;;;Core2 Duo E7200, E7300, E8190, E8200, E8300, E8400, E8500, Core2 Quad Q9450, Q9550, Core2 Extreme QX9650, QX9770, QX9775 +Desktop;;Yorkfield (Penryn);C0;91;10676;;;;Core2 Quad Q9450, Q9550, Core2 Extreme QX9650, QX9770, QX9775 +Mobile;;Penryn;C0;91;10676;;;;Core2 Duo E8135, E8235, E8335, E8435, T8100, T8300, T9300, T9400, T9500, T9600, P7350, P7450, P8400, P8600, P9500, SP9300, SP9400, SL9300, SL9380, SL9400, SU9300, SU9400, Core2 Extreme X9000, X9100 +Server;;Wolfdale Xeon (Penryn);C0;91;10676;;;;Xeon E3110 +Server;;Yorkfield Xeon (Penryn);C0;91;10676;;;;Xeon X3350, X3360 +Server;;Wolfdale-DP (Penryn);M0;04;10676;;;;Xeon E5205, E5220, E5240, X5260, X5272 +Server;;Harpertown (Penryn);C0;40;10676;;;;Xeon L5408, L5410, L5420, E5405,E5410,E5420,E5430, E5440, E5450, E5462, E5472, X5450, X5460, X5470, X5472, X5482 +Desktop;;Yorkfield (Penryn);C1,M1;10;10677;;;Core2 Extreme, Core2 Quad;Core2 Extreme QX9650, QX9770, QX9775, Core2 Quad Q8200, Q8200S, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650 +Server;;Yorkfield Xeon (Penryn);C1,M1;10;10677;;;Xeon L33xx, X33xx;Xeon L3360, X3320, X3330, X3350, X3360, X3370, X3380 +Desktop;;Wolfdale (Penryn);E0,R0;b1;1067a;;;Core2 Extreme, Core2 Quad, Core2 Duo;Core2 Extreme QX9650, QX9770, QX9775, Core2 Quad Q8200, Q8200S, Q8300, Q8400, Q8400S, Q9300, Q9400, Q9400S, Q9450, Q9500, Q9505, Q9505S, Q9550, Q9550S, Q9650, Core2 Duo E7200, E7300, E7400, E7500, E7600, E8190, E8200, E8300, E8400, E8500, E8600, Pentium E5200, E5300, E5400, E5500, E5700, E5800, E6300, E6500, E6500K, E6600, E6700, E6800, Celeron E3200, E3300, E3400, E3500 +Mobile;;Wolfdale (Penryn);E0,R0;b1;1067a;;;Core2 Extreme, Core2 Quad, Core2 Duo, Core2 Solo, Pentium T4x00;Core2 Extreme QX9300, X9000, X9100, Core2 Quad Q9000, Q9100, Core2 Duo T6400, T6500, T6670, T8100, T8300, T9300, T9400, T9500, T9550, T9600, T9800, T9900, SU9300, SU9400, SU9600, SP9300, SP9400, SP9600, SL9380, SL9400, SL9600, SL9300, P7350, P7370, P7450, P7550, P7570, P8400, P8600, P8700, P8800, P9500, P9600, P9700, Core2 Solo SU3500, ULV SU3500, ULV SU3300, Pentium T4200, T4300, T4400, T4500, Celeron 900, 925, SU2300, T3100, T3300, T3500, ULV 763, Celeron M Processor ULV 722, ULV 723, ULV 743 +Server;;Harpertown (Penryn);E0;44;1067a;;;;Xeon L5408, L5410, L5420, L5430, E5405, E5410, E5420, E5430, E5440, E5450, E5462, E5472, X5450, X5460, X5470, X5492 +Server;;Wolfdale-DP (Penryn);E0;44;1067a;;;;Xeon E3110, E3120, E5205, E5220, L3110, L5215, L5240, X5260, X5270, X5272 +Dekstop;;Bloomfield (Nehalem);C0;03;106a4;NHM;;Core i7-9xx; +Dekstop;;Bloomfield (Nehalem);D0;03;106a5;NHM;;Core i7-9xx; +Server;;Bloomfield Xeon (Nehalem);D0;03;106a5;NHM;EP,WS;Xeon E/L/X/W55xx; +Mobile;;Silverthorne (Bonnell);C0;01;106c2;;;Intel Atom Z5x0; +Desktop;;Diamondville (Bonnell);C0;04;106c2;;;;Intel Atom 230 +Desktop;;Diamondville (Bonnell);C0;08;106c2;;;;Intel Atom 330 +Mobile;;Diamondville (Bonnell);C0;04;106c2;;;;Intel Atom N270, N280 +Desktop;;Pineview (Bonnell);A0;05;106ca;;;;Intel Atom D410, D425 +Desktop;;Pineview (Bonnell);B0;18;106ca;;;;Intel Atom D510, D525 +Mobile;;Pineview (Bonnell);A0;05;106ca;;;;Intel Atom N435, N450, N455, N470, N475 +Mobile;;Pineview (Bonnell);B0;18;106ca;;;;Intel Atom N550, N570 +Server;;Dunnington (Penryn);A1;08;106d1;;;Intel Xeon MP;Intel Xeon E7420, E7430, E7440, E7450, E7458, L7445, X7460 +Server;;Jasper Forest (Nehalem);B0;09;106e4;NHM;;;Xeon EC3528, EC3529, EC5509, EC5539, EC5549, LC3518, LC3528, LC5518, LC5528, Celeron P1053 +Dekstop;;Lynnfield (Nehalem);B1;13;106e5;NHM;;Core i7-8xx, i5-7xx; +Mobile;;Clarksfield (Nehalem);B1;13;106e5;NHM;;Core i7-9xxXM, i7-8xxQM, i7-7xxQM; +Server;;Lynnfield Xeon (Nehalem);B1;13;106e5;NHM;;Xeon L3426, X24xx; +Desktop;;Westmere;K0,C2;12;20652;WSM;;Core i7-6xx, i5-6xx/5xx/4xx, i3-5xx/3xx, Pentium G69xx/P6xxx/U5xxx, Celeon P45xx/U3xxx; +Mobile;;Westmere;K0,C2;12;20652;WSM;;Core i7-6xxM, i5-6xxM/4xxM, i3-5xxM/3xxM; +Server;;Westmere;K0,C2;12;20652;WSM;;Xeon L3406; +Desktop;;Clarkdale (Westmere);K0;92;20655;WSM;;Core i7-6xxE/LE/UE, i5-5xxE, i3-3xxE; +Mobile;;Arrandale (Westmere);K0;92;20655;WSM;;Core i7-6xxM/LM/UM, i5-5xxM/UM, i3-3xxM/UM, Pentium Mobile P6xxx/U5xxx, Celeron Mobile P4xxx/U3xxx; +SOC;;Lincroft (Bonnell);C0;01;20661;;;;Intel Atom Z600, Z605, Z610, Z612, Z615, Z620, Z625, Z650, Z670 +SOC;;Tunnell Creek (Bonnell);B0,B1;02;20661;;;;Intel Atom E620, E620T, E640, E640T, E660, E660T, E680, E680T +Desktop;;Sandy Bridge;D2,J1,Q0;12;206a7;SNB;;Core Gen2; +Mobile;;Sandy Bridge;D2,J1,Q0;12;206a7;SNB;;Core Gen2 Mobile; +Server;;Sandy Bridge;D2,Q0;12;206a7;SNB;Xeon E3;Xeon E3; +Desktop;;Gulftown (Westmere);B1;03;206c2;WSM;;;Core i7-970/980/980X/990X +Server;;Westmere-EP;B1;03;206c2;WSM;EP;Xeon E/L/X56xx; +Server;;Westmere-WS;B1;03;206c2;WSM;WS;Xeon W36xx; +Desktop;;Sandy Bridge;C1,M0;6d;206d6;SNB;E;Core i7-39xx, i7-38xx; +Server;;Sandy Bridge;C1,M0;6d;206d6;SNB;EN,EP;Xeon E5; +Desktop;;Sandy Bridge;C2,M1;6d;206d7;SNB;E;Core i7-39xx, i7-38xx; +Server;;Sandy Bridge;C2,M1;6d;206d7;SNB;EN,EP;Xeon E5; +Server;;Nehalem;D0;04;206e6;NHM;EX;Xeon E/L/X65xx/75xx; +Server;;Westmere-EX;A2;05;206f2;WSM;EX;Xeon E7; +SOC;;Valleyview;C0;02;30678;VLV;;Atom Z36xx, Z37xx, Z38xx, Z39xx; +SOC;;Valleyview;C0;0C;30678;VLV;;Celeron N2xxx, Pentium N35xx; +SOC;;Valleyview;D0;0F;30679;VLV;;Atom E38xx; +Desktop;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Core Gen3; +Mobile;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Core Gen3 Mobile; +Server;;Ivy Bridge;E1,E2,L1;12;306a9;IVB;;Xeon E3 v2; +Desktop;;Haswell;Cx,Dx;32;306c3;HSW;S;Core Gen4; +Mobile;;Haswell;Cx,Dx;32;306c3;HSW;H;Core Gen4 Mobile; +Server;;Haswell;Cx,Dx;32;306c3;HSW;Xeon E3;Xeon E3 v3; +Mobile;;Broadwell;E0,F0;c0;306d4;BDW;U,Y;Core Gen5 Mobile; +Desktop;;Ivy Bridge;S1;ed;306e4;IVB;E;Core-i7 49xx/48xx;Core i7-4960X/4930K/4820K +Server;;Ivy Bridge;C0,C1,M1,S1;ed;306e4;IVB;EP;Xeon E5 v2; +Server;;Ivy Bridge;;ed;306e6;IVB;EX;Xeon E7 v2 ES; +Server;;Ivy Bridge;D1;ed;306e7;IVB;EX;Xeon E7 v2; +Desktop;;Haswell;C0,C1,M1,R2;6f;306f2;HSX;E;Core i7-59xx/58xx; +Server;;Haswell;C0,C1,M1,R2;6f;306f2;HSX;EN,EP,EP 4S;Xeon E5 v3; +Server;;Haswell;E0;80;306f4;HSX;EX;Xeon E7 v3; +Mobile;;Haswell;Cx,Dx;72;40651;HSW;U;Core Gen4 Mobile; +Desktop;;Broadwell;E0,G0;22;40671;BDW;S;Core Gen5; +Mobile;;Broadwell;E0,G0;22;40671;BDW;H;Core Gen5 Mobile; +Server;;Broadwell;E0,G0;22;40671;BDW;Xeon E3;Xeon E3 v4; +Desktop;;Haswell;Cx,Dx;32;40661;HSW;R;Core Gen4; +Mobile;;Haswell;Cx,Dx;32;40661;HSW;H;Core Gen4 Mobile; +SOC;;Cherry View;C0;01;406c3;CHV;;Atom x5-Zxxxx; +SOC;;Cherry View;D0;01;406c4;CHV;;Celeron Jxxxx, N3xxx, Pentium J3xxx, N3xxx, Atom x5-E8000; +SOC;;Avoton;B0,C0;01;406d8;AVN;;Atom C2xxx; +Mobile;;Skylake;D0;c0;406e3;SKL;U,Y;Core Gen6 Mobile; +Mobile;;Skylake;K1;c0;406e3;SKL;U 2+3e;Core Gen6 Mobile; +Desktop;;Broadwell;B0,M0,R0;ef;406f1;BDX;E;Core i7-69xx/68xx; +Server;;Broadwell;B0,M0,R0;ef;406f1;BDX;EP,EX;Xeon E5/E7 v4; +Server;;Broadwell;B0,M0,R0;ef;406f1;BDX;ML;Xeon E5/E7 v4; +Server;;Skylake;B1;97;50653;SKX;SP;Xeon Scalable; +Desktop;;Skylake;H0,M0,U0;b7;50654;SKX;X;Core i9-7xxxX, i9-9xxxX; +Server;;Skylake;H0,M0,U0;b7;50654;SKX;SP,W;Xeon Scalable; +Server;;Skylake;M1;b7;50654;SKX;D;Xeon D-21xx; +Server;;Cascade Lake;A0;b7;50655;CLX;SP;Xeon Scalable Gen2; +Server;;Cascade Lake;B0;bf;50656;CLX;SP;Xeon Scalable Gen2; +Desktop;;Cascade Lake;B1,L1;bf;50657;CLX;X;; +Server;;Cascade Lake;B1,L1;bf;50657;CLX;SP;Xeon Scalable Gen2; +Server;;Cascade Lake;B1,L1;bf;50657;CLX;W;;Xeon W-3275M, W-3275, W-3265M, W-3265, W-3245M, W-3245, W-3235, W-3225, W-3223, W-2295, W-2275, W-2265, W-2255, W-2245, W-2235, W-2225, W-2223 +Server;;Cooper Lake;A1;bf;5065b;CPX;SP;Xeon Scalable Gen3; +Server;;Broadwell;V1;10;50662;BDX;DE;;Xeon D-1520/40 +Server;;Broadwell;V2,V3;10;50663;BDX;DE;;Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19 +Server;;Broadwell;Y0;10;50664;BDX;DE;;Xeon D-1557/59/67/71/77/81/87 +Server;;Broadwell;A0,A1;10;50665;BDX;NS;;Xeon D-1513N/23/33/43/53 +Server;;Hewitt Lake (Broadwell);A1;10;50665;HWL;;;Xeon D-1602/22/23N/27/33N/37/49N/53N +Server;;Knights Landing;B0;78;50671;KNL;;Xeon Phi x200;Xeon Phi 7210, 7210F, 7230, 7230F, 7250, 7250F, 7290, 7290F +SOC;;Broxton;C0;01;506c2;BXT;;Atom T5500/5700 +SOC;;Apollo Lake;D0;03;506c9;APL;;Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx; +SOC;;Apollo Lake;B1,F1;03;506ca;APL;;Atom 3900 Series;Atom x5-E3930, x5-E3940, x7-E3950 +Desktop;;Skylake;N0,R0,S0;36;506e3;SKL;S;Core Gen6; +Mobile;;Skylake;N0,R0,S0;36;506e3;SKL;H;Core Gen6 Mobile; +Server;;Skylake;N0,R0,S0;36;506e3;SKL;Xeon E3;Xeon E3 v5; +SOC;;Denverton;B0;01;506f1;DNV;;Atom C3xxx; +SOC;;XMM 7272 (SoFIA);;01;60650;;;XMM 7272 +Mobile;;Cannon Lake;D0;80;60663;CNL;U;Core Gen8 Mobile; +Server;;Ice Lake;C0;87;606a5;ICX;SP;Xeon Scalable Gen3; +Server;;Ice Lake;D0;87;606a6;ICX;SP;Xeon Scalable Gen3; +SOC;;Gemini Lake;B0;01;706a1;GLK;;;Pentium J5005/N5000, Celeron J4005/J4105/N4000/N4100 +SOC;;Gemini Lake;R0;01;706a8;GLK;R;;Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 +Mobile;;Ice Lake;D1;80;706e5;ICL;U,Y;Core Gen10 Mobile; +Server;;Knights Mill;A0;08;80650;KNM;;Xeon Phi 72x5;Xeon Phi 7235, 7285, 7295 +SOC;;Snow Ridge;B0;01;80664;SNR;;Atom P59xxB; +SOC;;Snow Ridge;B1;01;80665;SNR;;Atom P59xxB; +Mobile;;Tiger Lake;B1;80;806c1;TGL;UP3,UP4;Core Gen11 Mobile; +Mobile;;Tiger Lake Refresh;C0;80;806c2;TGL;R;Core Gen11 Mobile; +Mobile;;Tiger Lake;R0;c2;806d1;TGL;H;Core Gen11 Mobile; +Mobile;;Amber Lake;H0;10;806e9;AML;Y 2+2;Core Gen8 Mobile; +Mobile;;Kaby Lake;H0;c0;806e9;KBL;U,Y;Core Gen7 Mobile; +Mobile;;Kaby Lake;J1;c0;806e9;KBL;U 2+3e;Core Gen7 Mobile; +Mobile;;Coffee Lake;D0;c0;806ea;CFL;U 4+3e;Core Gen8 Mobile; +Mobile;;Kaby Lake;Y0;c0;806ea;KBL;R;Core Gen8 Mobile; +Mobile;;Amber Lake;V0;94;806ec;AML;Y 4+2;Core Gen10 Mobile; +Mobile;;Comet Lake;V0;94;806ec;CML;U 4+2;Core Gen10 Mobile; +Mobile;;Whiskey Lake;W0;d0;806eb;WHL;U;Core Gen8 Mobile; +Mobile;;Whiskey Lake;V0;94;806ec;WHL;U;Core Gen8 Mobile; +Mobile;;Whiskey Lake;V0;94;806ed;WHL;U;Core Gen8 Mobile; +SOC;;Elkhart Rate;B1;01;90661;EHL;;Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E; +Desktop;;Kaby Lake;B0;2a;906e9;KBL;S,X;Core Gen7; +Mobile;;Kaby Lake;B0;2a;906e9;KBL;G,H;Core Gen7 Mobile; +Server;;Kaby Lake;B0;2a;906e9;KBL;Xeon E3;Xeon E3 v6; +Desktop;;Coffee Lake;U0;22;906ea;CFL;S;Core Gen8 Desktop; +Mobile;;Coffee Lake;U0;22;906ea;CFL;H;Core Gen8 Mobile; +Server;;Coffee Lake;U0;22;906ea;CFL;Xeon E;Xeon E; +Desktop;;Coffee Lake;B0;02;906eb;CFL;S;Core Gen8 Desktop; +Mobile;;Coffee Lake;B0;02;906eb;CFL;H;Core Gen8 Mobile; +Server;;Coffee Lake;B0;02;906eb;CFL;E;Xeon E; +Desktop;;Coffee Lake;P0;22;906ec;CFL;S;Core Gen9 Desktop; +Mobile;;Coffee Lake;P0;22;906ec;CFL;H;Core Gen9 Mobile; +Server;;Coffee Lake;P0;22;906ec;CFL;Xeon E;Xeon E; +Desktop;;Coffee Lake;R0;22;906ed;CFL;S;Core Gen9 Desktop; +Mobile;;Coffee Lake;R0;22;906ed;CFL;H;Core Gen9 Mobile; +Server;;Coffee Lake;R0;22;906ed;CFL;Xeon E;Xeon E; +SOC;;Jasper Lake;A0,A1;01;906c0;JSL;;Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105; +Mobile;;Comet Lake;R1;20;a0652;CML;H;Core Gen10 Mobile; +Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop; +Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop; +Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile; +Mobile;;Comet Lake;K1;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile; +Desktop;;Rocket Lake;B0;02;a0671;RKL;S;Core Gen11; +SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology; + +# sources: +# https://en.wikichip.org/wiki/intel/cpuid +# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/include/asm/intel-family.h +# releasenote from microcode releases +# https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model +# https://en.wikipedia.org/wiki/Cascade_Lake_(microarchitecture) +# https://en.wikipedia.org/wiki/List_of_Intel_Broadwell-based_Xeon_microprocessors +# https://github.com/InstLatx64/InstLatx64 +# https://fossies.org/linux/cpuid/cpuid.c +# https://software.intel.com/content/www/us/en/develop/articles/intel-architecture-and-processor-identification-with-cpuid-model-and-family-numbers.html +# http://ixbtlabs.com/articles/cpuerrata/index.html +# http://bios.rom.by/ROMutils/BIOS_Patcher/ALLCODES.TXT diff --git a/gen_provides.sh b/gen_provides.sh index 5e2a2a41da040d3f02ebe42bd96bc3df819a2287..c71969452318fdc2cb7c6a8c8fe1f6dd609bd4d1 100755 --- a/gen_provides.sh +++ b/gen_provides.sh @@ -127,23 +127,41 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0- # Generate tags with codename information, in case # it is available - cpuid_up="$(echo "$cpuid" | tr 'a-z' 'A-Z')" if [ -e "$CODENAMES" ]; then - grep ' '"$cpuid_up"' ' "$CODENAMES" \ - | while IFS=$'\t' read segm int_fname codename stepping candidate_pf rest; do + cpuid_up="$(echo "$cpuid" | tr 'a-z' 'A-Z')" + cpuid_short="$(printf "%x" "0x$cpuid")" + (grep ' '"$cpuid_up"' ' "$CODENAMES" || :; grep ';'"$cpuid_short"';' "$CODENAMES" || :) \ + | while IFS=$';\t' read segm int_fname codename stepping candidate_pf cpuid_cn cname variants rest; do + [ "x${segm###}" = "x$segm" ] || continue + [ -n "${segm}" ] || continue codename=$(echo "$codename" | tr ' (),' '_[];') candidate_pf=$(printf "%u" "0x${candidate_pf}") - [ \( 0 -ne "$pf_mask" \) -a \ - \( "$candidate_pf" -ne "$((candidate_pf & pf_mask))" \) ] || { \ - printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \ - "$ucode_fname" "$cpuid" "$pf_mask" \ - "$segm" "$codename" "$stepping" "$candidate_pf" \ - "$rev"; - printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \ - "$ucode_fname" "$cpuid" "$pf_mask" \ - "$segm" "$codename" "$stepping" "$candidate_pf" \ - "$date_y" "$date_m" "$date_d"; - } + (IFS=','; for s in $stepping; do + [ \( 0 -ne "$pf_mask" \) -a \ + \( 0 -eq "$((candidate_pf & pf_mask))" \) ] || { \ + printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \ + "$ucode_fname" "$cpuid" "$pf_mask" \ + "$segm" "$codename" "$s" "$candidate_pf" \ + "$rev"; + printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \ + "$ucode_fname" "$cpuid" "$pf_mask" \ + "$segm" "$codename" "$s" "$candidate_pf" \ + "$date_y" "$date_m" "$date_d"; + if [ "$cpuid_short" = "$cpuid_cn" -a -n "$variants" ]; then + (IFS=','; for v in $variants; do + v=$(echo "$v" | tr ' (),' '_[];') + printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s_%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \ + "$ucode_fname" "$cpuid" "$pf_mask" \ + "$segm" "$codename" "$v" "$s" "$candidate_pf" \ + "$rev"; + printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s_%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \ + "$ucode_fname" "$cpuid" "$pf_mask" \ + "$segm" "$codename" "$v" "$s" "$candidate_pf" \ + "$date_y" "$date_m" "$date_d"; + done) + fi + } + done) done fi diff --git a/gen_updates2.py b/gen_updates2.py new file mode 100755 index 0000000000000000000000000000000000000000..51056f96b439a1081874209b875dc256d85ce2ba --- /dev/null +++ b/gen_updates2.py @@ -0,0 +1,999 @@ +#! /usr/bin/python +# SPDX-License-Identifier: CC0-1.0 + +import argparse +import errno +import fnmatch +import io +import itertools +import os +import re +import shutil +import struct +import sys +import tarfile +import tempfile +from subprocess import PIPE, Popen, STDOUT + +# Python 3 shims +try: + from functools import reduce +except: + pass +try: + from itertools import zip_longest as izip_longest +except: + from itertools import izip_longest + +# revs: +# [ { "path", "cpuid", "pf", "rev", "date" } ] + +# artifacts: +# * content summary (per-file) +# * overlay summary (per-fms/pf) +# * changelog (per-file?) +# * discrepancies (per-fms/pf) + +log_level = 0 +print_date = False +file_glob = ["*??-??-??", "*microcode*.dat"] + + +def log_status(msg, level=0): + global log_level + + if log_level >= level: + sys.stderr.write(msg + "\n") + + +def log_info(msg, level=2): + global log_level + + if log_level >= level: + sys.stderr.write("INFO: " + msg + "\n") + + +def log_warn(msg, level=1): + global log_level + + if log_level >= level: + sys.stderr.write("WARNING: " + msg + "\n") + + +def log_error(msg, level=-1): + global log_level + + if log_level >= level: + sys.stderr.write("ERROR: " + msg + "\n") + + +def remove_prefix(text, prefix): + if isinstance(prefix, str): + prefix = [prefix, ] + + for p in prefix: + pfx = p if p.endswith(os.sep) else p + os.sep + if text.startswith(pfx): + return text[len(pfx):] + + return text + + +def file_walk(args, yield_dirs=False): + for content in args: + if os.path.isdir(content): + if yield_dirs: + yield ("", content) + for root, dirs, files in os.walk(content): + if yield_dirs: + for f in dirs: + p = os.path.join(root, f) + yield (remove_prefix(p, content), p) + for f in files: + p = os.path.join(root, f) + yield (remove_prefix(p, content), p) + elif os.path.exists(content): + yield ("", content) + else: + raise IOError(errno.ENOENT, os.strerror(errno.ENOENT), content) + + +def cpuid_fname(c): + # Note that the Extended Family is summed up with the Family, + # while the Extended Model is concatenated with the Model. + return "%02x-%02x-%02x" % ( + ((c >> 20) & 0xff) + ((c >> 8) & 0xf), + ((c >> 12) & 0xf0) + ((c >> 4) & 0xf), + c & 0xf) + + +def read_revs_dir(path, args, src=None, ret=None): + if ret is None: + ret = [] + + ucode_re = re.compile('[0-9a-f]{2}-[0-9a-f]{2}-0[0-9a-f]$') + ucode_dat_re = re.compile('microcode.*\.dat$') + + for rp, ap in file_walk([path, ]): + rp_fname = os.path.basename(rp) + if not ucode_re.match(rp_fname) and not ucode_dat_re.match(rp_fname): + continue + + # Text-based format + data = None + if ucode_dat_re.match(rp_fname): + data = io.BytesIO() + with open(ap, "r") as f: + for line in f: + if line.startswith("/"): + continue + vals = line.split(",") + for val in vals: + val = val.strip() + if not val: + continue + data.write(struct.pack(" 48: + f.seek(hdr[7], os.SEEK_CUR) + ext_tbl = struct.unpack("IIIII", f.read(20)) + log_status("Found %u extended signatures for %s:%#x" % + (ext_tbl[0], rp, offs), level=1) + + cur_offs = offs + hdr[7] + 48 + 20 + ext_sig_cnt = 0 + while cur_offs < offs + hdr[8] \ + and ext_sig_cnt <= ext_tbl[0]: + ext_sig = struct.unpack("III", f.read(12)) + ignore = args.ignore_ext_dups and \ + (ext_sig[0] == hdr[3]) + if not ignore: + ret.append({"path": rp, "src": src or path, + "cpuid": ext_sig[0], + "pf": ext_sig[1], + "rev": hdr[1], "date": hdr[2], + "offs": offs, "ext_offs": cur_offs, + "cksum": hdr[4], + "ext_cksum": ext_sig[2], + "data_size": hdr[7], + "total_size": hdr[8]}) + log_status(("Got ext sig %#x/%#x for " + + "%s:%#x:%#x/%#x%s") % + (ext_sig[0], ext_sig[1], + rp, offs, hdr[3], hdr[6], + " (ignored)" if ignore else ""), + level=2) + + cur_offs += 12 + ext_sig_cnt += 1 + + offs += hdr[8] or 2048 + except Exception as e: + log_error("a problem occurred while processing %s: %s" % (ap, e), + level=1) + + return ret + + +def read_revs_rpm(path, args, ret=None): + if ret is None: + ret = [] + + dir_tmp = tempfile.mkdtemp() + + log_status("Trying to extract files from RPM \"%s\"..." % path, + level=1) + + rpm2cpio = Popen(args=["rpm2cpio", path], stdout=PIPE, stderr=PIPE, + close_fds=True) + cpio = Popen(args=["cpio", "-idmv"] + file_glob, + cwd=dir_tmp, stdin=rpm2cpio.stdout, + stdout=PIPE, stderr=STDOUT) + out, cpio_stderr = cpio.communicate() + rpm2cpio_out, rpm2cpio_err = rpm2cpio.communicate() + + rpm2cpio_ret = rpm2cpio.returncode + cpio_ret = cpio.returncode + + log_info("rpm2cpio exit code: %d, cpio exit code: %d" % + (rpm2cpio_ret, cpio_ret)) + if rpm2cpio_err: + log_info("rpm2cpio stderr:\n%s" % rpm2cpio_err, level=3) + if out: + log_info("cpio output:\n%s" % out, level=3) + if cpio_stderr: + log_info("cpio stderr:\n%s" % cpio_stderr, level=3) + + if rpm2cpio_ret == 0 and cpio_ret == 0: + ret = read_revs_dir(dir_tmp, args, path) + + shutil.rmtree(dir_tmp) + + return ret + + +def read_revs_tar(path, args, ret=None): + if ret is None: + ret = [] + + dir_tmp = tempfile.mkdtemp() + + log_status("Trying to extract files from tarball \"%s\"..." % path, + level=1) + + try: + with tarfile.open(path, "r:*") as tar: + for ti in tar: + if any(fnmatch.fnmatchcase(ti.name, p) for p in file_glob): + d = os.path.normpath(os.path.join("/", + os.path.dirname(ti.name))) + # For now, strip exactl one level + d = os.path.join(*(d.split(os.path.sep)[2:])) + n = os.path.join(d, os.path.basename(ti.name)) + + if not os.path.exists(d): + os.makedirs(d) + t = tar.extractfile(ti) + with open(n, "wb") as f: + shutil.copyfileobj(t, f) + t.close() + + ret = read_revs_dir(dir_tmp, args, path) + except Exception as err: + log_error("Error while reading \"%s\" as a tarball: \"%s\"" % + (path, str(err))) + + shutil.rmtree(dir_tmp) + + return ret + + +def read_revs(path, args, ret=None): + if ret is None: + ret = [] + if os.path.isdir(path): + return read_revs_dir(path, args, ret) + elif tarfile.is_tarfile(path): + return read_revs_tar(path, args, ret) + else: + return read_revs_rpm(path, args, ret) + + +def gen_mc_map(mc_data, merge=False, merge_path=False): + """ + Converts an array of microcode file information to a map with path/sig/pf + as a key. + + merge: whether to leave only the newest mc variant in the map or leave all + possible variants. + """ + res = dict() + + for mc in mc_data: + key = (None if merge_path else mc["path"], mc["cpuid"], mc["pf"]) + + if key not in res: + res[key] = dict() + + cpuid = mc["cpuid"] + cur_pf = mc["pf"] + pid = 1 + while cur_pf > 0: + if cur_pf & 1 and not (merge and pid in res[key] + and res[key][pid]["rev"][0] >= mc["rev"]): + if pid not in res[cpuid] or merge: + res[cpuid][pid] = [] + res[cpuid][pid].append(mc) + + cur_pf = cur_pf / 2 + pid = pid * 2 + + return res + + +def gen_fn_map(mc_data, merge=False, merge_path=False): + res = dict() + + for mc in mc_data: + key = (None if merge_path else mc["path"], mc["cpuid"], mc["pf"]) + if key in res: + log_warn("Duplicate path/cpuid/pf: %s/%#x/%#x" % key) + else: + res[key] = [] + if merge and len(res[key]): + if mc["rev"] > res[key][0]["rev"]: + res[key][0] = mc + else: + res[key].append(mc) + + return res + + +def revcmp(a, b): + return b["rev"] - a["rev"] + + +class ChangeLogEntry: + ADDED = 0 + REMOVED = 1 + UPDATED = 2 + DOWNGRADED = 3 + OTHER = 4 + + +def mc_stripped_path(mc): + paths = ("usr/share/microcode_ctl/ucode_with_caveats/intel", + "usr/share/microcode_ctl/ucode_with_caveats", + "usr/share/microcode_ctl", + "lib/firmware", + "etc/firmware", + ) + + return remove_prefix(mc["path"], paths) + + +class mcnm: + MCNM_ABBREV = 0 + MCNM_FAMILIES = 1 + MCNM_MODELS = 2 + MCNM_FAMILIES_MODELS = 3 + MCNM_CODENAME = 4 + + +def get_mc_cnames(mc, cmap, mode=mcnm.MCNM_ABBREV, stringify=True, + segment=False): + if not isinstance(mc, dict): + mc = mc_from_mc_key(mc) + sig = mc["cpuid"] + pf = mc["pf"] + res = [] + + if not cmap: + return None + if sig not in cmap: + log_info("No codename information for sig %#x" % sig) + return None + + cnames = cmap[sig] + + if mode in (mcnm.MCNM_FAMILIES, mcnm.MCNM_MODELS, + mcnm.MCNM_FAMILIES_MODELS): + for c in cnames: + if not (pf & c["pf_mask"]): + continue + for m, f in ((mcnm.MCNM_FAMILIES, "families"), + (mcnm.MCNM_MODELS, "models")): + if m & mode == 0: + continue + if f not in c or not c[f]: + log_info("No %s for sig %#x in %r" % (f, sig, c)) + continue + + res.append(c[f]) + + return ", ".join(res) or None + + steppings = dict() + suffices = dict() + for c in cnames: + if pf and not (pf & c["pf_mask"]): + continue + + if mode == mcnm.MCNM_ABBREV and "abbrev" in c and c["abbrev"]: + cname = c["abbrev"] + else: + cname = c["codename"] + + if segment: + cname = c["segment"] + " " + cname + + if cname not in suffices: + suffices[cname] = set() + if "variant" in c and c["variant"]: + suffices[cname] |= set(c["variant"]) + + if cname not in steppings: + steppings[cname] = set() + if c["stepping"]: + steppings[cname] |= set(c["stepping"]) + + for cname in sorted(steppings.keys()): + cname_res = [cname] + if len(suffices[cname]): + cname_res[0] += "-" + "/".join(sorted(suffices[cname])) + if len(steppings[cname]): + cname_res.append("/".join(sorted(steppings[cname]))) + res.append(" ".join(cname_res) if stringify else cname_res) + + return (", ".join(res) or None) if stringify else res + + +def mc_from_mc_key(k): + return dict(zip(("path", "cpuid", "pf"), k)) + + +def mc_path(mc, pf_sfx=True, midword=None, cmap=None, cname_segment=False): + if not isinstance(mc, dict): + mc = mc_from_mc_key(mc) + path = mc_stripped_path(mc) if mc["path"] is not None else None + cpuid_fn = cpuid_fname(mc["cpuid"]) + fname = os.path.basename(mc["path"] or cpuid_fn) + midword = "" if midword is None else " " + midword + cname = get_mc_cnames(mc, cmap, segment=cname_segment) + cname_str = " (" + cname + ")" if cname else "" + + if pf_sfx: + sfx = "/0x%02x" % mc["pf"] + else: + sfx = "" + + if not path or path == os.path.join("intel-ucode", cpuid_fn): + return "%s%s%s%s" % (fname, sfx, cname_str, midword) + else: + return "%s%s%s%s (in %s)" % (cpuid_fn, sfx, cname_str, midword, path) + + +def gen_changelog_file(old, new): + pass + + +def mc_cmp(old_mc, new_mc): + res = [] + + old_mc_revs = [x["rev"] for x in old_mc] + new_mc_revs = [x["rev"] for x in new_mc] + common = set(old_mc_revs) & set(new_mc_revs) + old_rev_list = [x for x in sorted(old_mc_revs) if x not in common] + new_rev_list = [x for x in sorted(new_mc_revs) if x not in common] + + if len(old_rev_list) != 1 or len(new_rev_list) != 1: + for i in new_mc: + if i["rev"] in new_rev_list: + res.append((ChangeLogEntry.ADDED, None, i)) + for i in old_mc: + if i["rev"] in old_rev_list: + res.append((ChangeLogEntry.REMOVED, i, None)) + else: + for old in old_mc: + if old["rev"] == old_rev_list[0]: + break + for new in new_mc: + if new["rev"] == new_rev_list[0]: + break + if new["rev"] > old["rev"]: + res.append((ChangeLogEntry.UPDATED, old, new)) + elif new["rev"] < old["rev"]: + res.append((ChangeLogEntry.DOWNGRADED, old, new)) + + return res + + +def gen_changelog(old, new): + res = [] + + old_map = gen_fn_map(old) + new_map = gen_fn_map(new) + + old_files = set(old_map.keys()) + new_files = set(new_map.keys()) + + both = old_files & new_files + added = new_files - old_files + removed = old_files - new_files + + for f in sorted(added): + p = mc_path(new_map[f][0]) + for old_f in sorted(removed): + old_p = mc_path(old_map[old_f][0]) + if p == old_p and f[1] == old_f[1] and f[2] == old_f[2]: + log_info("Matched %s (%s and %s)" % + (p, old_map[old_f][0]["path"], new_map[f][0]["path"])) + added.remove(f) + removed.remove(old_f) + + res += mc_cmp(old_map[old_f], new_map[f]) + + for f in sorted(added): + for i in new_map[f]: + res.append((ChangeLogEntry.ADDED, None, i)) + for f in sorted(removed): + for i in old_map[f]: + res.append((ChangeLogEntry.REMOVED, i, None)) + for f in sorted(both): + res += mc_cmp(old_map[f], new_map[f]) + + return res + + +def mc_date(mc): + if isinstance(mc, dict): + mc = mc["date"] + return "%04x-%02x-%02x" % (mc & 0xffff, mc >> 24, (mc >> 16) & 0xff) + + +def mc_rev(mc, date=None): + ''' + While revision is signed for comparison purposes, historically + it is printed as unsigned, Oh well. + ''' + global print_date + + if mc["rev"] < 0: + rev = 2**32 + mc["rev"] + else: + rev = mc["rev"] + + if date if date is not None else print_date: + return "%#x (%s)" % (rev, mc_date(mc)) + else: + return "%#x" % rev + + +def print_changelog_rpm(clog, cmap, args): + for e, old, new in clog: + mc_str = mc_path(new if e == ChangeLogEntry.ADDED else old, + midword="microcode", + cmap=cmap, cname_segment=args.segment) + + if e == ChangeLogEntry.ADDED: + print("Addition of %s at revision %s" % (mc_str, mc_rev(new))) + elif e == ChangeLogEntry.REMOVED: + print("Removal of %s at revision %s" % (mc_str, mc_rev(old))) + elif e == ChangeLogEntry.UPDATED: + print("Update of %s from revision %s up to %s" % + (mc_str, mc_rev(old), mc_rev(new))) + elif e == ChangeLogEntry.DOWNGRADED: + print("Downgrade of %s from revision %s down to %s" % + (mc_str, mc_rev(old), mc_rev(new))) + elif e == ChangeLogEntry.OTHER: + print("Other change in %s:" % old["path"]) + print(" old: %#x/%#x: rev %s (offs %#x)" % + (old["cpuid"], old["pf"], mc_rev(old), old["offs"])) + print(" new: %#x/%#x: rev %s (offs %#x)" % + (new["cpuid"], new["pf"], mc_rev(new), new["offs"])) + + +def print_changelog_intel(clog, cmap, args): + def clog_sort_key(x): + res = str(x[0]) + + if x[0] != ChangeLogEntry.ADDED: + res += "%08x%02x" % (x[1]["cpuid"], x[1]["pf"]) + else: + res += "0" * 10 + + if x[0] != ChangeLogEntry.REMOVED: + res += "%08x%02x" % (x[2]["cpuid"], x[2]["pf"]) + else: + res += "0" * 10 + + return res + + sorted_clog = sorted(clog, key=clog_sort_key) + sections = (("New Platforms", (ChangeLogEntry.ADDED, )), + ("Updated Platforms", (ChangeLogEntry.UPDATED, + ChangeLogEntry.DOWNGRADED)), + ("Removed Platforms", (ChangeLogEntry.REMOVED, ))) + + def print_line(e, old, new, types): + if e not in types: + return + + if not print_line.hdr: + print(""" +| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products +|:---------------|:---------|:------------|:---------|:---------|:---------""") + print_line.hdr = True + + mc = new if e == ChangeLogEntry.ADDED else old + cnames = get_mc_cnames(mc, cmap, stringify=False, + segment=args.segment) or (("???", ""), ) + for cn in cnames: + cname = cn[0] + stepping = cn[1] if len(cn) > 1 else "" + print("| %-14s | %-8s | %8s/%02x | %8s | %8s | %s" % + (cname, + stepping, + cpuid_fname(mc["cpuid"]), mc["pf"], + ("%08x" % old["rev"]) if e != ChangeLogEntry.ADDED else "", + ("%08x" % new["rev"]) if e != ChangeLogEntry.REMOVED else "", + get_mc_cnames(mc, cmap, mode=mcnm.MCNM_FAMILIES, + segment=args.segment) or "")) + + for h, types in sections: + print("\n### %s" % h) + print_line.hdr = False + for e, old, new in sorted_clog: + print_line(e, old, new, types) + + +def print_changelog(clog, cmap, args): + if args.format == "rpm": + print_changelog_rpm(clog, cmap, args) + elif args.format == "intel": + print_changelog_intel(clog, cmap, args) + else: + log_error(("unknown changelog format: \"%s\". " + + "Supported formats are: rpm, intel.") % args.format) + + +class TableStyles: + TS_CSV = 0 + TS_FANCY = 1 + + +def print_line(line, column_sz): + print(" | ".join([str(x).ljust(column_sz[i]) + for i, x in zip(itertools.count(), + itertools.chain(line, + [""] * (len(column_sz) - + len(line))))]).rstrip()) + + +def print_table(items, header=[], style=TableStyles.TS_CSV): + if style == TableStyles.TS_CSV: + for i in items: + print(";".join(i)) + elif style == TableStyles.TS_FANCY: + column_sz = list(reduce(lambda x, y: + map(max, izip_longest(x, y, fillvalue=0)), + [[len(x) for x in i] + for i in itertools.chain(header, items)])) + for i in header: + print_line(i, column_sz) + if header: + print("-+-".join(["-" * x for x in column_sz])) + for i in items: + print_line(i, column_sz) + + +def print_summary(revs, cmap, args): + m = gen_fn_map(revs) + cnames_mode = mcnm.MCNM_ABBREV if args.abbrev else mcnm.MCNM_CODENAME + + header = [] + if args.header: + header.append(["Path", "Offset", "Ext. Offset", "Data Size", + "Total Size", "CPUID", "Platform ID Mask", "Revision", + "Date", "Checksum", "Codenames"] + + (["Models"] if args.models else [])) + tbl = [] + for k in sorted(m.keys()): + for mc in m[k]: + tbl.append([mc_stripped_path(mc), + "0x%x" % mc["offs"], + "0x%x" % mc["ext_offs"] if "ext_offs" in mc else "-", + "0x%05x" % mc["data_size"], + "0x%05x" % mc["total_size"], + "0x%05x" % mc["cpuid"], + "0x%02x" % mc["pf"], + mc_rev(mc, date=False), + mc_date(mc), + "0x%08x" % (mc["ext_cksum"] + if "ext_cksum" in mc else mc["cksum"]), + get_mc_cnames(mc, cmap, cnames_mode, + segment=args.segment) or ""] + + ([get_mc_cnames(mc, cmap, + mcnm.MCNM_FAMILIES_MODELS, + segment=args.segment)] + if args.models else [])) + + print_table(tbl, header, style=TableStyles.TS_FANCY) + + +def read_codenames_file(path): + ''' + Supports two formats: new and old + * old: tab-separated. Field order: + Segment, (unused), Codename, (dash-separated) Stepping, + Platform ID mask, CPUID, (unused) Update link, (unused) Specs link + * new: semicolon-separated; support comments. Distinguished + by the first line that starts with octothorp. Field order: + Segment, Unused, Codename, Stepping, Platform ID mask, CPUID, + Abbreviation, Variant(s), Families, Models + ''' + old_fields = ["segment", "_", "codename", "stepping", "pf_mask", "sig", + "_update", "_specs"] + new_fields = ["segment", "_", "codename", "stepping", "pf_mask", "sig", + "abbrev", "variant", "families", "models"] + new_fmt = False + field_names = old_fields + + res = dict() + + try: + with open(path, "r") as f: + for line in f: + line = line.strip() + if len(line) == 0: + continue + if line[0] == '#': + new_fmt = True + field_names = new_fields + continue + + fields = line.split(";" if new_fmt else "\t", + 1 + len(field_names)) + fields = dict(zip(field_names, fields)) + if "sig" not in fields: + log_warn("Skipping %r (from \"%s\")" % (fields, line)) + continue + + sig = fields["sig"] = int(fields["sig"], 16) + fields["pf_mask"] = int(fields["pf_mask"], 16) + fields["stepping"] = fields["stepping"].split(",") + if "variant" in fields: + if fields["variant"]: + fields["variant"] = fields["variant"].split(",") + else: + fields["variant"] = [] + + if sig not in res: + res[sig] = list() + res[sig].append(fields) + except Exception as e: + log_error("a problem occurred while reading code names: %s" % e) + + return res + + +def print_discrepancies(rev_map, deps, cmap, args): + """ + rev_map: dict "name": revs + deps: list of tuples (name, parent/None) + """ + sigs = set() + + for p, r in rev_map.items(): + sigs |= set(r.keys()) + + if args.header: + header1 = ["sig"] + if args.print_vs: + header2 = [""] + for p, n, d in deps: + header1.append(n) + if args.print_vs: + add = "" + if d: + for pd, nd, dd in deps: + if pd == d: + add = "(vs. %s)" % nd + break + header2.append(add) + if args.models: + header1.append("Model names") + if args.print_vs: + header2.append("") + header = [header1] + ([header2] if args.print_vs else []) + + tbl = [] + for s in sorted(sigs): + out = [mc_path(s)] + print_out = not args.print_filter + print_date = args.min_date is None + + for p, n, d in deps: + cur = dict([(x["rev"], x) for x in rev_map[p][s]]) \ + if s in rev_map[p] else [] + v = "/".join([mc_rev(y) for x, y in sorted(cur.items())]) \ + if cur else "-" + if d is not None: + prev = [x["rev"] for x in rev_map[d][s]] if s in rev_map[d] \ + else [] + if [x for x in cur if x not in prev]: + v += " (*)" + print_out = True + if args.min_date is not None and s in rev_map[p]: + for x in rev_map[p][s]: + print_date |= mc_date(x) > args.min_date + out.append(v) + + if print_out and print_date: + if args.models: + out.append(get_mc_cnames(s, cmap, segment=args.segment) or "") + tbl.append(out) + + print_table(tbl, header, style=TableStyles.TS_FANCY) + + +def cmd_summary(args): + revs = [] + for p in args.filelist: + revs = read_revs(p, args, ret=revs) + + codenames_map = read_codenames_file(args.codenames) + + print_summary(revs, codenames_map, args) + + return 0 + + +def cmd_changelog(args): + codenames_map = read_codenames_file(args.codenames) + base_path = args.filelist[0] + upd_path = args.filelist[1] + + base = read_revs(base_path, args) + upd = read_revs(upd_path, args) + + print_changelog(gen_changelog(base, upd), codenames_map, args) + + return 0 + + +def cmd_discrepancies(args): + """ + filenames: + * "<" prefix (possibly multiple times) to refer to a previous entry + to compare against + * "[name]" prefix is a name reference + """ + codenames_map = read_codenames_file(args.codenames) + rev_map = dict() + deps = list() + cur = -1 + + for path in args.filelist: + orig_path = path + name = None + cur += 1 + dep = None + while True: + if path[0] == '<': + path = path[1:] + dep = cur - 1 if dep is None else dep - 1 + elif path[0] == '[' and path.find(']') > 0: + pos = path.find(']') + name = path[1:pos] + path = path[pos + 1:] + else: + break + if name is None: + name = path + if dep is not None and dep < 0: + log_error("Incorrect dep reference for '%s' (points to index %d)" % + (orig_path, dep)) + return 1 + deps.append((path, name, deps[dep][0] if dep is not None else None)) + rev_map[path] = gen_fn_map(read_revs(path, args), merge=args.merge, + merge_path=True) + + print_discrepancies(rev_map, deps, codenames_map, args) + + return 0 + + +def parse_cli(): + root_parser = argparse.ArgumentParser(prog="gen_updates", + description="Intel CPU Microcode " + + "parser") + root_parser.add_argument("-C", "--codenames", default='codenames', + help="Code names file") + root_parser.add_argument("-v", "--verbose", action="count", default=0, + help="Increase output verbosity") + root_parser.add_argument("-E", "--no-ignore-ext-duplicates", + action="store_const", dest="ignore_ext_dups", + default=False, const=False, + help="Do not ignore duplicates of the main " + + "signature in the extended signature header") + root_parser.add_argument("-e", "--ignore-ext-duplicates", + action="store_const", dest="ignore_ext_dups", + const=True, + help="Ignore duplicates of the main signature " + + "in the extended signature header") + root_parser.add_argument("-t", "--print-segment", action="store_const", + dest="segment", const=True, + help="Print model segment") + root_parser.add_argument("-T", "--no-print-segment", action="store_const", + dest="segment", const=False, default=False, + help="Do not print model segment") + + cmdparsers = root_parser.add_subparsers(title="Commands", + help="main gen_updates commands") + + parser_s = cmdparsers.add_parser("summary", + help="Generate microcode summary") + parser_s.add_argument("-a", "--abbreviate", action="store_const", + dest="abbrev", const=True, default=True, + help="Abbreviate code names") + parser_s.add_argument("-A", "--no-abbreviate", action="store_const", + dest="abbrev", const=False, + help="Do not abbreviate code names") + parser_s.add_argument("-m", "--print-models", action="store_const", + dest="models", const=True, default=False, + help="Print models") + parser_s.add_argument("-M", "--no-print-models", + action="store_const", dest="models", + const=False, help="Do not print models") + parser_s.add_argument("-H", "--no-print-header", + action="store_const", dest="header", + const=False, default=True, + help="Do not print hader") + parser_s.add_argument("filelist", nargs="*", default=[], + help="List or RPMs/directories to process") + parser_s.set_defaults(func=cmd_summary) + + parser_c = cmdparsers.add_parser("changelog", + help="Generate changelog") + parser_c.add_argument("-F", "--format", choices=["rpm", "intel"], + default="rpm", help="Changelog format") + parser_c.add_argument("filelist", nargs=2, + help="RPMs/directories to compare") + parser_c.set_defaults(func=cmd_changelog) + + parser_d = cmdparsers.add_parser("discrepancies", + help="Generate discrepancies") + parser_d.add_argument("-s", "--merge-revs", action="store_const", + dest="merge", const=True, default=False, + help="Merge revisions that come" + + " from different files") + parser_d.add_argument("-S", "--no-merge-revs", action="store_const", + dest="merge", const=False, + help="Do not Merge revisions that come" + + " from different files") + parser_d.add_argument("-v", "--print-vs", action="store_const", + dest="print_vs", const=True, default=False, + help="Print base version ") + parser_d.add_argument("-V", "--no-print-vs", action="store_const", + dest="print_vs", const=False, + help="Do not Merge revisions that come" + + " from different files") + parser_d.add_argument("-m", "--print-models", action="store_const", + dest="models", const=True, default=True, + help="Print model names") + parser_d.add_argument("-M", "--no-print-models", action="store_const", + dest="models", const=False, + help="Do not print model names") + parser_d.add_argument("-H", "--no-print-header", action="store_const", + dest="header", const=False, default=True, + help="Do not print hader") + parser_d.add_argument("-a", "--print-all-files", action="store_const", + dest="print_filter", const=False, default=True, + help="Print all files") + parser_d.add_argument("-c", "--print-changed-files", action="store_const", + dest="print_filter", const=True, + help="Print only changed files") + parser_d.add_argument("-d", "--min-date", action="store", + help="Minimum date filter") + parser_d.add_argument("filelist", nargs='*', + help="RPMs/directories to compare") + parser_d.set_defaults(func=cmd_discrepancies) + + args = root_parser.parse_args() + if not hasattr(args, "func"): + root_parser.print_help() + return None + + global log_level + log_level = args.verbose + + return args + + +def main(): + args = parse_cli() + if args is None: + return 1 + + return args.func(args) + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/microcode-20200609.tar.gz b/microcode-20200609.tar.gz deleted file mode 100644 index 672db69756671736c4b707ab16618824be7b25dd..0000000000000000000000000000000000000000 Binary files a/microcode-20200609.tar.gz and /dev/null differ diff --git a/microcode-20210608.tar.gz b/microcode-20210608.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..0d66a7e0afcbbb8f64c918f57dba4dfb583f5138 Binary files /dev/null and b/microcode-20210608.tar.gz differ diff --git a/microcode_ctl-use-microcode-20200609-tgz.patch b/microcode_ctl-use-microcode-20210608-tgz.patch similarity index 91% rename from microcode_ctl-use-microcode-20200609-tgz.patch rename to microcode_ctl-use-microcode-20210608-tgz.patch index d2aa2f2b3cc7872cf83ab830d8b9e7c5e7a3b3a6..ebf634de727bace74195c4d8743649d3a3265717 100644 --- a/microcode_ctl-use-microcode-20200609-tgz.patch +++ b/microcode_ctl-use-microcode-20210608-tgz.patch @@ -7,7 +7,7 @@ Index: microcode_ctl-2.1-18/Makefile PROGRAM = intel-microcode2ucode -MICROCODE_INTEL = microcode-20180703.tgz -+MICROCODE_INTEL = microcode-20200609.tar.gz ++MICROCODE_INTEL = microcode-20210608.tar.gz INS = install CC = gcc diff --git a/microcode_ctl.spec b/microcode_ctl.spec index f5f4892556a6db45db99a9dbc065f1070867ac1d..811a0781cfa6242b1745836daf3d3e52d841b23c 100644 --- a/microcode_ctl.spec +++ b/microcode_ctl.spec @@ -1,5 +1,5 @@ %define upstream_version 2.1-18 -%define intel_ucode_version 20200609 +%define intel_ucode_version 20210608 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl @@ -21,7 +21,7 @@ Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 -Release: 73%{?dist} +Release: 73.11%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted @@ -55,6 +55,7 @@ Source32: reload_microcode # docs Source40: %{i_m2u_man}.in Source41: README.caveats +Source42: README ## Caveats # BDW EP/EX @@ -96,9 +97,17 @@ Source150: 06-5e-03_readme Source151: 06-5e-03_config Source152: 06-5e-03_disclaimer +# TGL-UP3/UP4 (CPUID 06-8c-01) hangs +# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 +Source180: 06-8c-01_readme +Source181: 06-8c-01_config +Source182: 06-8c-01_disclaimer + # "Provides:" RPM tags generator -Source200: gen_provides.sh +Source1000: gen_provides.sh +Source1001: codenames.list +Source1002: gen_updates2.py Patch1: microcode_ctl-do-not-merge-ucode-with-caveats.patch Patch2: microcode_ctl-revert-intel-microcode2ucode-removal.patch @@ -111,7 +120,7 @@ Buildroot: %{_tmppath}/%{name}-%{version}-root ExclusiveArch: %{ix86} x86_64 BuildRequires: systemd-units # hexdump is used in gen_provides.sh -BuildRequires: coreutils util-linux +BuildRequires: coreutils util-linux python Requires: coreutils Requires(post): systemd coreutils Requires(preun): systemd coreutils @@ -119,7 +128,7 @@ Requires(postun): systemd coreutils Requires(posttrans): dracut coreutils %global _use_internal_dependency_generator 0 -%define __find_provides "%{SOURCE200}" +%define __find_provides "%{SOURCE1000}" "%{SOURCE1001}" %description The microcode_ctl utility is a companion to the microcode driver written @@ -133,7 +142,8 @@ back to the old microcode. %setup -q -n %{name}-%{upstream_version} tar xf "%{SOURCE1}" --wildcards --strip-components=1 \ - \*/intel-ucode-with-caveats \*/license \*/releasenote + \*/intel-ucode-with-caveats \ + \*/license \*/releasenote.md \*/README.md \*/security.md %patch1 -p1 %patch2 -p1 @@ -178,6 +188,9 @@ cp "%{SOURCE4}" intel-ucode/ mv intel-ucode/06-5e-03 intel-ucode-with-caveats/ cp "%{SOURCE5}" intel-ucode/ +# Moving 06-8c-01 microcode to intel-ucode-with-caveats +mv intel-ucode/06-8c-01 intel-ucode-with-caveats/ + # man page sed "%{SOURCE40}" \ -e "s/@DATE@/2019-05-09/g" \ @@ -216,20 +229,25 @@ install "%{SOURCE30}" "%{SOURCE31}" "%{SOURCE32}" \ install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats" # caveats readme -install "%{SOURCE41}" \ +install "%{SOURCE41}" "%{SOURCE42}" \ -m 644 -t "%{buildroot}/%{_pkgdocdir}/" # Provide Intel microcode license, as it requires so install -m 644 license \ "%{buildroot}/%{_pkgdocdir}/LICENSE.intel-ucode" -# Provide release notes for Intel microcode -install -m 644 releasenote \ +# Provide release notes, README and security for Intel microcode +install -m 644 README.md \ + "%{buildroot}/%{_pkgdocdir}/README.intel-ucode" +install -m 644 security.md \ + "%{buildroot}/%{_pkgdocdir}/SECURITY.intel-ucode" +install -m 644 releasenote.md \ "%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode" # caveats install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \ "%{SOURCE140}" "%{SOURCE150}" \ + "%{SOURCE180}" \ -t "%{buildroot}/%{_pkgdocdir}/caveats/" # Man page @@ -287,15 +305,32 @@ install -m 644 "%{SOURCE150}" "%{skl_hs_inst_dir}/readme" install -m 644 "%{SOURCE151}" "%{skl_hs_inst_dir}/config" install -m 644 "%{SOURCE152}" "%{skl_hs_inst_dir}/disclaimer" +# TGL caveat +%define tgl_inst_dir %{buildroot}/%{caveat_dir}/intel-06-8c-01/ +install -m 755 -d "%{tgl_inst_dir}/intel-ucode" +install -m 644 intel-ucode-with-caveats/06-8c-01 -t "%{tgl_inst_dir}/intel-ucode/" +install -m 644 "%{SOURCE180}" "%{tgl_inst_dir}/readme" +install -m 644 "%{SOURCE181}" "%{tgl_inst_dir}/config" +install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer" + +# SUMMARY.intel-ucode generation +# It is to be done only after file population, so, it is here, +# at the end of the install stage +/usr/bin/python "%{SOURCE1002}" -C "%{SOURCE1001}" \ + summary -A "%{buildroot}" \ + > "%{buildroot}/%{_pkgdocdir}/SUMMARY.intel-ucode" + # Cleanup rm -f intel-ucode-with-caveats/06-2d-07 rm -f intel-ucode-with-caveats/06-4e-03 rm -f intel-ucode-with-caveats/06-4f-01 rm -f intel-ucode-with-caveats/06-55-04 rm -f intel-ucode-with-caveats/06-5e-03 +rm -f intel-ucode-with-caveats/06-8c-01 rmdir intel-ucode-with-caveats rm -rf intel-ucode + %post %systemd_post microcode.service %{update_ucode} @@ -517,6 +552,225 @@ rm -rf %{buildroot} %changelog +* Fri Jul 23 2021 Eugene Syromiatnikov - 2:2.1-73.11 +- Update Intel CPU microcode to microcode-20210608 release: + - Fixes in releasenote.md file. + +* Fri Jul 23 2021 Eugene Syromiatnikov - 2:2.1-73.10 +- Make intel-06-2d-07, intel-06-4e-03, intel-06-4f-01, intel-06-55-04, + intel-06-5e-03, intel-06-8c-01, intel-06-8e-9e-0x-0xca, + and intel-06-8e-9e-0x-dell caveats dependent on intel caveat. +- Enable 06-8c-01 microcode update by default. +- Enable 06-5e-03 microcode update by default (#1897684). + +* Thu May 27 2021 Eugene Syromiatnikov - 2:2.1-73.9 +- Update Intel CPU microcode to microcode-20210525 release, addresses + CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, and CVE-2020-24513 + (#1962659, #1962709, #1962729, #1962675): + - Addition of 06-55-05/0xb7 (CLX-SP A0) microcode at revision 0x3000010; + - Addition of 06-6a-05/0x87 (ICX-SP C0) microcode at revision 0xc0002f0; + - Addition of 06-6a-06/0x87 (ICX-SP D0) microcode at revision 0xd0002a0; + - Addition of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f; + - Addition of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04) + at revision 0xb00000f; + - Addition of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05) + at revision 0xb00000f; + - Addition of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f; + - Addition of 06-8c-02/0xc2 (TGL-R C0) microcode at revision 0x16; + - Addition of 06-8d-01/0xc2 (TGL-H R0) microcode at revision 0x2c; + - Addition of 06-96-01/0x01 (EHL B1) microcode at revision 0x11; + - Addition of 06-9c-00/0x01 (JSL A0/A1) microcode at revision 0x1d; + - Addition of 06-a7-01/0x02 (RKL-S B0) microcode at revision 0x40; + - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in + intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xe2 up to 0xea; + - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in + intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb000038 up + to 0xb00003e; + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a0a up + to 0x2006b06; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in + intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xe2 up to 0xea; + - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in + intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x68 up to 0x88; + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xde up + to 0xea; + - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xde up + to 0xea; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xe0 up + to 0xea; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xde up + to 0xea; + - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) + microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from + revision 0xde up to 0xea; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xde up + to 0xea; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xde up + to 0xea; + - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xde up + to 0xea; + - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xde up + to 0xea; + - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xde up + to 0xea; + - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode + from revision 0x44 up to 0x46; + - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x16 up + to 0x19; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000159 + up to 0x100015b; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003006 + up to 0x4003102; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5003006 up to 0x5003102; + - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x700001e + up to 0x7002302; + - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision + 0x7000019 up to 0x700001b; + - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000017 + up to 0xf000019; + - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision + 0xe00000f up to 0xe000012; + - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x40 up + to 0x44; + - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x1e up + to 0x20; + - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x2e up + to 0x34; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x34 up + to 0x36; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x18 up + to 0x1a; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa0 + up to 0xa6; + - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x28 up + to 0x2a; + - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xe0 up + to 0xea; + - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xe0 + up to 0xea; + - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xe0 + up to 0xec; + - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe0 + up to 0xe8; + - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode from revision + 0xe0 up to 0xea. + +* Wed Feb 17 2021 Eugene Syromiatnikov - 2:2.1-73.8 +- Update Intel CPU microcode to microcode-20210216 release (#1905111): + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a08 up + to 0x2006a0a; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003003 + up to 0x4003006; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5003003 up to 0x5003006. + +* Wed Feb 17 2021 Eugene Syromiatnikov - 2:2.1-73.7 +- Remove 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats. + +* Thu Feb 11 2021 Eugene Syromiatnikov - 2:2.1-73.6 +- Backport check_dmi_val to check_caveats from RHEL 8. + +* Fri Dec 11 2020 Eugene Syromiatnikov - 2:2.1-73.5 +- Do not use "grep -q" in a pipe in check_caveats. +- Add 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats + (#1905111). + +* Fri Nov 13 2020 Eugene Syromiatnikov - 2:2.1-73.4 +- Update Intel CPU microcode to microcode-20201112 release: + - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28; + - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up + to 0x34; + - Updated releasenote file. + +* Fri Nov 13 2020 Eugene Syromiatnikov - 2:2.1-73.3 +- Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default. + +* Fri Oct 30 2020 Eugene Syromiatnikov - 2:2.1-73.2 +- Update Intel CPU microcode to microcode-20201027 release, addresses + CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 + (#1893261, #1893249, #1893229): + - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; + - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; + - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; + - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; + - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; + - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision + 0xe0; + - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in + intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; + - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in + intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up + to 0x2006a08; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in + intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up + to 0xde; + - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up + to 0xde; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up + to 0xe0; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up + to 0xde; + - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) + microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from + revision 0xd6 up to 0xde; + - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up + to 0xde; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up + to 0xde; + - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up + to 0xde; + - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up + to 0xde; + - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in + intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up + to 0xde; + - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode + from revision 0x43 up to 0x44; + - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 + up to 0x1000159; + - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 + up to 0x4003003; + - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision + 0x5002f01 up to 0x5003003; + - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up + to 0x40; + - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up + to 0x1e; + - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up + to 0x18; + - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 + up to 0xa0; + - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca + up to 0xe0. + +* Fri Oct 30 2020 Eugene Syromiatnikov - 2:2.1-73.1 +- Add README file to the documentation directory. +- Add publicly-sourced codenames list to supply to gen_provides.sh; update + the latter to handle the somewhat different format. +- Add SUMMARY.intel-ucode file containing metadata information from + the microcode file headers. + * Mon Jun 15 2020 Eugene Syromiatnikov - 2:2.1-73 - Update Intel CPU microcode to microcode-20200609 release (#1826589): - Fixed a typo in the release note file.