%define upstream_version 2.1-18 %define intel_ucode_version 20200602 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl %define update_ucode %{microcode_ctl_libexec}/update_ucode %define check_caveats %{microcode_ctl_libexec}/check_caveats %define reload_microcode %{microcode_ctl_libexec}/reload_microcode %define dracutlibdir %{_prefix}/lib/dracut %define i_m2u_man intel-microcode2ucode.8 # In microcode_ctl, documentation directory is unversioned historically. # In RHEL 8 spec, %{_pkgdocdir} is used as installation destination; however, # it is unversioned only since Fedora 20, per #986871, # and not in Fedora 18/19-based RHEL 7. %define _pkgdocdir %{_docdir}/%{name} Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 Release: 61.6%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted URL: https://pagure.io/microcode_ctl Source0: https://releases.pagure.org/microcode_ctl/%{name}-%{upstream_version}.tar.xz Source1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz # (Pre-MDS) revision 0x714 of 06-2d-07 microcode Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 # (Pre-20191112) revision 0x2000064 of 06-55-04 microcode Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190918/intel-ucode/06-55-04 # systemd unit Source10: microcode.service # dracut-related stuff Source20: 01-microcode.conf Source21: 99-microcode-override.conf Source22: dracut_99microcode_ctl-fw_dir_override_module_init.sh # libexec Source30: update_ucode Source31: check_caveats Source32: reload_microcode # docs Source40: %{i_m2u_man}.in Source41: README.caveats ## Caveats # BDW EP/EX # https://bugzilla.redhat.com/show_bug.cgi?id=1622180 # https://bugzilla.redhat.com/show_bug.cgi?id=1623630 # https://bugzilla.redhat.com/show_bug.cgi?id=1646383 Source100: 06-4f-01_readme Source101: 06-4f-01_config Source102: 06-4f-01_disclaimer # Unsafe early MC update inside VM: # https://bugzilla.redhat.com/show_bug.cgi?id=1596627 Source110: intel_readme Source111: intel_config Source112: intel_disclaimer # SNB-EP (CPUID 0x206d7) post-MDS hangs # https://bugzilla.redhat.com/show_bug.cgi?id=1758382 # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15 Source120: 06-2d-07_readme Source121: 06-2d-07_config Source122: 06-2d-07_disclaimer # SKL-SP/W/X (CPUID 0x50654) post-20191112 hangs # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 Source130: 06-55-04_readme Source131: 06-55-04_config Source132: 06-55-04_disclaimer # "Provides:" RPM tags generator Source200: gen_provides.sh Patch1: microcode_ctl-do-not-merge-ucode-with-caveats.patch Patch2: microcode_ctl-revert-intel-microcode2ucode-removal.patch Patch3: microcode_ctl-use-microcode-%{intel_ucode_version}-tgz.patch Patch4: microcode_ctl-do-not-install-intel-ucode.patch Patch5: microcode_ctl-intel-microcode2ucode-buf-handling.patch Patch6: microcode_ctl-ignore-first-directory-level-in-archive.patch Buildroot: %{_tmppath}/%{name}-%{version}-root ExclusiveArch: %{ix86} x86_64 BuildRequires: systemd-units # hexdump is used in gen_provides.sh BuildRequires: coreutils util-linux Requires: coreutils Requires(post): systemd coreutils Requires(preun): systemd coreutils Requires(postun): systemd coreutils Requires(posttrans): dracut coreutils %global _use_internal_dependency_generator 0 %define __find_provides "%{SOURCE200}" %description The microcode_ctl utility is a companion to the microcode driver written by Tigran Aivazian . The microcode update is volatile and needs to be uploaded on each system boot i.e. it doesn't reflash your cpu permanently, reboot and it reverts back to the old microcode. %prep %setup -q -n %{name}-%{upstream_version} tar xf "%{SOURCE1}" --wildcards --strip-components=1 \ \*/intel-ucode-with-caveats \*/license \*/releasenote %patch1 -p1 %patch2 -p1 # Use the latest archive instead of microcode-20180703.tgz bundled # with upstream microcode_ctl-2.1-18. cp "%{SOURCE1}" . %patch3 -p1 # We install ucode files manually into "intel" caveat directory %patch4 -p1 %patch5 -p1 # The archive published on github has an additional top-level directory, # strip it. %patch6 -p1 %build make CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags} # We do not populate any intel-ucode files into /lib/firmware directly due to # early microcode load inside VM issue: # https://bugzilla.redhat.com/show_bug.cgi?id=1596627 # https://bugzilla.redhat.com/show_bug.cgi?id=1607899 #find intel-ucode -type f | sed 's/^/%%ghost \/lib\/firmware\//' > ghost_list touch ghost_list # replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version mv intel-ucode/06-2d-07 intel-ucode-with-caveats/ cp "%{SOURCE2}" intel-ucode/ # replacing SKL-SP/W/X (CPUID 0x50654) microcode with pre-20191112 version mv intel-ucode/06-55-04 intel-ucode-with-caveats/ cp "%{SOURCE3}" intel-ucode/ # man page sed "%{SOURCE40}" \ -e "s/@DATE@/2019-05-09/g" \ -e "s/@VERSION@/%{version}-%{release}/g" \ -e "s|@MICROCODE_URL@|https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files|g" > "%{i_m2u_man}" %install rm -rf %{buildroot} make DESTDIR=%{buildroot} PREFIX=%{_prefix} INSDIR=/usr/sbin MICDIR=/usr/share/microcode_ctl install clean install -m 755 -d \ "%{buildroot}/%{_datarootdir}/microcode_ctl/intel-ucode" \ "%{buildroot}/%{caveat_dir}/" \ "%{buildroot}/etc/microcode_ctl/ucode_with_caveats/" # systemd unit install -m 755 -d "%{buildroot}/%{_unitdir}" install -m 644 "%{SOURCE10}" -t "%{buildroot}/%{_unitdir}/" # dracut %define dracut_mod_dir "%{buildroot}/%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override" install -m 755 -d \ "%{dracut_mod_dir}" \ "%{buildroot}/%{dracutlibdir}/dracut.conf.d/" install -m 644 "%{SOURCE20}" "%{SOURCE21}" \ -t "%{buildroot}/%{dracutlibdir}/dracut.conf.d/" install -m 755 "%{SOURCE22}" "%{dracut_mod_dir}/module-setup.sh" # Internal helper scripts install -m 755 -d "%{buildroot}/%{microcode_ctl_libexec}" install "%{SOURCE30}" "%{SOURCE31}" "%{SOURCE32}" \ -m 755 -t "%{buildroot}/%{microcode_ctl_libexec}" ## Documentation install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats" # caveats readme install "%{SOURCE41}" \ -m 644 -t "%{buildroot}/%{_pkgdocdir}/" # Provide Intel microcode license, as it requires so install -m 644 license \ "%{buildroot}/%{_pkgdocdir}/LICENSE.intel-ucode" # Provide release notes for Intel microcode install -m 644 releasenote \ "%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode" # caveats install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \ -t "%{buildroot}/%{_pkgdocdir}/caveats/" # Man page install -m 755 -d %{buildroot}/%{_mandir}/man8/ install -m 644 "%{i_m2u_man}" -t %{buildroot}/%{_mandir}/man8/ ## Caveat data # BDW caveat %define bdw_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4f-01/ install -m 755 -d "%{bdw_inst_dir}/intel-ucode" install -m 644 intel-ucode-with-caveats/06-4f-01 -t "%{bdw_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE100}" "%{bdw_inst_dir}/readme" install -m 644 "%{SOURCE101}" "%{bdw_inst_dir}/config" install -m 644 "%{SOURCE102}" "%{bdw_inst_dir}/disclaimer" # Early update caveat %define intel_inst_dir %{buildroot}/%{caveat_dir}/intel/ install -m 755 -d "%{intel_inst_dir}/intel-ucode" install -m 644 intel-ucode/* -t "%{intel_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme" install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config" install -m 644 "%{SOURCE112}" "%{intel_inst_dir}/disclaimer" # SNB caveat %define snb_inst_dir %{buildroot}/%{caveat_dir}/intel-06-2d-07/ install -m 755 -d "%{snb_inst_dir}/intel-ucode" install -m 644 intel-ucode-with-caveats/06-2d-07 -t "%{snb_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE120}" "%{snb_inst_dir}/readme" install -m 644 "%{SOURCE121}" "%{snb_inst_dir}/config" install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer" # SKL-SP caveat %define skl_inst_dir %{buildroot}/%{caveat_dir}/intel-06-55-04/ install -m 755 -d "%{skl_inst_dir}/intel-ucode" install -m 644 intel-ucode-with-caveats/06-55-04 -t "%{skl_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE130}" "%{skl_inst_dir}/readme" install -m 644 "%{SOURCE131}" "%{skl_inst_dir}/config" install -m 644 "%{SOURCE132}" "%{skl_inst_dir}/disclaimer" # Cleanup rm -f intel-ucode-with-caveats/06-4f-01 rm -f intel-ucode-with-caveats/06-2d-07 rm -f intel-ucode-with-caveats/06-55-04 rmdir intel-ucode-with-caveats rm -rf intel-ucode %post %systemd_post microcode.service %{update_ucode} %{reload_microcode} # send the message to syslog, so it gets recorded on /var/log if [ -e /usr/bin/logger ]; then %{check_caveats} -m -d | /usr/bin/logger -p syslog.notice -t DISCLAIMER fi # also paste it over dmesg (some customers drop dmesg messages while # others keep them into /var/log for the later case, we'll have the # disclaimer recorded twice into system logs. %{check_caveats} -m -d > /dev/kmsg exit 0 %posttrans # We only want to regenerate the initramfs for a fully booted # system; if this package happened to e.g. be pulled in as a build # dependency, it is pointless at best to regenerate the initramfs, # and also does not work with rpm-ostree: # https://bugzilla.redhat.com/show_bug.cgi?id=1199582 # https://bugzilla.redhat.com/show_bug.cgi?id=1530400 [ -d /run/systemd/system ] || exit 0 # We can't simply update all initramfs images, since "dracut --regenerate-all" # generates initramfs even for removed kernels and if dracut generates botched # initramfs image, that results in unbootable system, even with older kernels # that can't be used as a fallback: # https://bugzilla.redhat.com/show_bug.cgi?id=1420180 # https://access.redhat.com/support/cases/#/case/01779274 # https://access.redhat.com/support/cases/#/case/01814106 # # ...and we can't simply limit ourselves to updating only the currently # running kernel, as this doesn't work well with cases where kernel # is installed before the updated microcode, or in the same transaction. # And we can't rely on late update either, due to issues like this: # https://bugzilla.redhat.com/show_bug.cgi?id=1710445 # # ...and there are also issues with setups with increased "installonly_limit" # in /etc/yum.conf, which could lead to unacceptably long package installation # times. # # So, in the end, we try to grab no more than 2 most recently installed kernels # that are installed after the currently running one (with the currently running # kernel that makes up to 3 in total, the default "installonly_limit" value) # as a kernel package selection heuristic that tries to accomodate both the need # to put the latest microcode in freshly installed kernels and also addresses # existing concerns. # # For RPM selection, kernel flavours (like "debug" or "kdump" or "zfcp", # with only the former being relevant to x86 architecture) are a part or RPM # name; it's also a part of uname, with different separator used in RHEL 6/7 # and RHEL 8. RT kernel, however, is special, as "rt" is another part # of RPM name and it has its own versioning scheme both in NVR and uname. # And there's the kernel package split in RHEL 8, so one should look for *-core # and not the main package. pkgs="kernel kernel-debug kernel-rt kernel-rt-debug" qf='%%{NAME} %%{VERSION}-%%{RELEASE}.%%{ARCH} %%{installtime}\n' : "${MICROCODE_RPM_KVER_LIMIT=2}" rpm -qa --qf "${qf}" ${pkgs} | sort -r -n -k'3,3' | { kver_cnt=0 processed="" skipped="" skip=0 while read -r pkgname vra install_ts; do flavour='' # For x86, only "debug" flavour exists in RHEL 8 [ "x${pkgname%*-debug}" = "x${pkgname}" ] \ || flavour='.debug' kver_cnt="$((kver_cnt + 1))" kver_uname="${vra}${flavour}" # Also check that the kernel is actually installed: # https://bugzilla.redhat.com/show_bug.cgi?id=1591664 # We use the presence of symvers file as an indicator, the check # similar to what weak-modules script does. # # XXX: Not sure if this check is still needed, since we now # iterate over the rpm output. [ -e "/boot/symvers-${kver_uname}.gz" ] || continue # Check that modules.dep for the kernel is present as well, # otherwise dracut complains with "/lib/modules/.../modules.dep # is missing. Did you run depmod?". [ -e "/lib/modules/${kver_uname}/modules.dep" ] || continue # We update the kernels with the same uname as the running kernel # regardless of the selected limit if [ "x$(uname -r)" = "x${kver_uname}" \ -o \( "${kver_cnt}" -le "${MICROCODE_RPM_KVER_LIMIT}" \ -a "${skip}" = 0 \) ] then dracut -f --kver "${kver_uname}" processed="${processed} ${pkgname}-${vra}" else skipped="${skipped} ${pkgname}-${vra}" fi # The packages are processed until a package with the same uname # as the running kernel is hit (since they are sorted # in the descending installation time stamp older). [ "x$(uname -r)" != "x${kver_uname}" ] || skip=1 done if [ -n "${skipped}" ]; then skip_msg="After installation of a new version of microcode_ctl package, initramfs hasn't been re-generated for all the installed kernel packages. The following kernel packages have been skipped:${skipped}. Please re-generate initramfs manually for these kernel packages with the \"dracut -f --kver KERNEL_VERSION\" command in order to get the latest Intel CPU microcode included into early initramfs image for it, if needed." if [ -e /usr/bin/logger ]; then echo "${skip_msg}" | /usr/bin/logger -p syslog.notice -t microcode_ctl fi if [ -e /dev/kmsg ]; then echo "${skip_msg}" > /dev/kmsg fi fi } exit 0 %global rpm_state_dir %{_localstatedir}/lib/rpm-state %preun %systemd_preun microcode.service # Storing ucode list before uninstall ls /usr/share/microcode_ctl/intel-ucode | sort > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode" ls /usr/share/microcode_ctl/ucode_with_caveats | sort > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" %{update_ucode} --action list --skip-common | sort > "%{rpm_state_dir}/microcode_ctl_un_file_list" %postun %systemd_postun microcode.service ls /usr/share/microcode_ctl/intel-ucode 2> /dev/null | sort > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" comm -23 \ "%{rpm_state_dir}/microcode_ctl_un_intel-ucode" \ "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" \ > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" if [ -e "%{update_ucode}" ]; then ls /usr/share/microcode_ctl/ucode_with_caveats 2> /dev/null | sort > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" comm -23 \ "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" \ "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" \ > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" %{update_ucode} --action remove --cleanup \ "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" \ "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" || : rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" else while read -r f; do [ -L "/lib/firmware/intel-ucode/$f" ] || continue rm -f "/lib/firmware/intel-ucode/$f" done < "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" rmdir "/lib/firmware/intel-ucode" 2>/dev/null || : # We presume that if we don't have update_ucode script, we can remove # all the caveats-related files. while read -r f; do if [ -L "$f" ] || [ "${f%%readme-*}" != "$f" ]; then rm -f "$f" rmdir -p $(dirname "$f") 2>/dev/null || : fi done < "%{rpm_state_dir}/microcode_ctl_un_file_list" fi rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode" rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" rm -f "%{rpm_state_dir}/microcode_ctl_un_file_list" exit 0 %triggerin -- kernel, kernel-debug, kernel-rt, kernel-rt-debug %{update_ucode} %triggerpostun -- kernel, kernel-debug, kernel-rt, kernel-rt-debug %{update_ucode} %clean rm -rf %{buildroot} %files -f ghost_list %ghost %attr(0755, root, root) /lib/firmware/intel-ucode/ /usr/sbin/intel-microcode2ucode %{microcode_ctl_libexec} /usr/share/microcode_ctl %{dracutlibdir}/modules.d/* %config(noreplace) %{dracutlibdir}/dracut.conf.d/* %{_unitdir}/microcode.service %doc %{_pkgdocdir} %{_mandir}/man8/* %changelog * Thu Jun 04 2020 Eugene Syromiatnikov - 2:2.1-61.6 - Avoid temporary file creation, used for here-documents in check_caveats. * Thu Jun 04 2020 Eugene Syromiatnikov - 2:2.1-61.5 - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827189): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. - Change the URL in the intel-microcode2ucode.8 to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. * Thu Jun 04 2020 Eugene Syromiatnikov - 2:2.1-61.4 - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models. * Thu Jun 04 2020 Eugene Syromiatnikov - 2:2.1-61.3 - Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. * Thu Jun 04 2020 Eugene Syromiatnikov - 2:2.1-61.2 - Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script. * Thu Jun 04 2020 Eugene Syromiatnikov - 2:2.1-61.1 - Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt. * Wed Nov 20 2019 Eugene Syromiatnikov - 2:2.1-61 - Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default (#1774329). * Sat Nov 16 2019 Eugene Syromiatnikov - 2:2.1-60 - Update Intel CPU microcode to microcode-20191115 release: - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca; - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca; - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca; - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca; - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca; - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. * Fri Nov 15 2019 Eugene Syromiatnikov - 2:2.1-59 - Update Intel CPU microcode to microcode-20191113 release: - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6. - Drop 0001-releasenote-changes-summary-fixes.patch. * Tue Nov 12 2019 Eugene Syromiatnikov - 2:2.1-58 - Package the publicy available microcode-20191112 release (#1755025): - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c; - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16; - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151; - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065; - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c; - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32; - Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release. - Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch). - Update README.caveats with the link to the new Knowledge Base article. * Thu Nov 07 2019 Eugene Syromiatnikov - 2:2.1-57 - Intel CPU microcode update to 20191112, addresses CVE-2017-5715, CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1755025, #1764058, #1764071, #1764950, #1764970, #1764998, #1765402, #1765414, #1766439, #1766871): - Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6; - Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a; - Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150; - Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc to 0xd4 - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4 to 0xc6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6; - Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6; - Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6; - Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6; - Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6; - Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4 to 0xc6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4 to 0xc6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6. * Thu Oct 10 2019 Eugene Syromiatnikov - 2:2.1-56 - Rework dracut hook to address dracut's early initramfs generation behaviour (#1769413). * Sun Oct 06 2019 Eugene Syromiatnikov - 2:2.1-55 - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 by default. * Thu Sep 19 2019 Eugene Syromiatnikov - 2:2.1-54 - Intel CPU microcode update to 20190918. - Add new disclaimer, generated based on relevant caveats. - Resolves: #1753541. * Wed Jun 19 2019 Eugene Syromiatnikov - 2:2.1-53 - Intel CPU microcode update to 20190618. - Resolves: #1717241. * Sun Jun 02 2019 Eugene Syromiatnikov - 2:2.1-52 - Remove disclaimer, as it is not as important now to justify kmsg/log pollution; its contents are partially adopted in README.caveats. * Mon May 20 2019 Eugene Syromiatnikov - 2:2.1-51 - Intel CPU microcode update to 20190514a. - Resolves: #1711941. * Thu May 09 2019 Eugene Syromiatnikov - 2:2.1-50 - Intel CPU microcode update to 20190507_Public_DEMO. - Resolves: #1697904. * Mon Apr 15 2019 Eugene Syromiatnikov - 2:2.1-49 - Intel CPU microcode update to 20190312. - Add "Provides:" tags generation. - Resolves: #1697904. * Thu Sep 20 2018 Eugene Syromiatnikov - 2:2.1-48 - Fix %postun script (#1628629) * Wed Sep 05 2018 Eugene Syromiatnikov - 2:2.1-47 - Add 7.3.z kernel version to kernel_early configuration. * Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-46 - Fix dracut module checks in Host-Only mode. * Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-45 - Disable 06-4f-01 microcode in config (#1623630). * Tue Aug 28 2018 Eugene Syromiatnikov - 2:2.1-44 - Intel CPU microcode update to 20180807a. - Add README.caveats documentation file. - Add intel-microcode2ucode manual page. - Add check for early microcode load, use it in microcode_ctl dracut module. - Resolves: #1596627. * Mon Aug 20 2018 Eugene Syromiatnikov - 2:2.1-43 - Check that the currently running kernel is installed before running dracut -f. * Thu Aug 16 2018 Eugene Syromiatnikov - 2:2.1-42 - Drop "hypervisor" /proc/cpuinfo flag check. * Thu Aug 09 2018 Eugene Syromiatnikov - 2:2.1-41 - Intel CPU microcode update to 20180807. - Resolves: #1614422 * Mon Aug 06 2018 Eugene Syromiatnikov - 2:2.1-40 - Add an ability to disable "hypervisor" /proc/cpuinfo flag check. * Fri Jul 27 2018 Eugene Syromiatnikov - 2:2.1-39 - Provide %attr for the ghosted /lib/firmware/intel-ucode. * Thu Jul 26 2018 Eugene Syromiatnikov - 2:2.1-38 - Remove model name blacklists from caveats configuration files. - Resolves: #1596627 * Wed Jul 25 2018 Eugene Syromiatnikov - 2:2.1-37 - Add model name blacklist infrastructure. - Store Intel ucode files in /usr/share/microcode_ctl; do not populate them in a virtualised environment. - Resolves: #1596627 * Fri Jul 20 2018 Eugene Syromiatnikov - 2:2.1-35 - Add intel-microcode2ucode back - Resolves: #1574582 * Fri Jul 20 2018 Eugene Syromiatnikov - 2:2.1-34 - Update to upstream 2.1-18. Intel CPU microcode update to 20180703. - Add infrastructure for handling kernel-version-dependant microcode. - Resolves: #1574582 * Wed Jun 13 2018 Petr Oros - 2.1-33 - CVE-2018-3639 hw: cpu: speculative store bypass - Resolves: #1495071 * Mon Jun 11 2018 Petr Oros - 2.1-32 - Fix: Operation not permitted when installing microcode_ctl - Resolves: #1584247 * Tue May 15 2018 Petr Oros - 2.1-31 - Update disclaimer text - Resolves: #1574574 * Mon May 7 2018 Petr Oros - 2.1-30 - Intel CPU microcode update to 20180425. - Resolves: #1574574 * Fri Jan 12 2018 Petr Oros - 2.1-29 - Revert Microcode from Intel for Side Channel attack - Resolves: #1533939 * Fri Jan 12 2018 Petr Oros - 2.1-29 - Don't run dracut if not on a live system - Resolves: #1530400 * Tue Jan 9 2018 Petr Oros - 2.1-28 - Remove old binary tool - Resolves: #1527360 * Tue Jan 9 2018 Petr Oros - 2.1-27 - Update to upstream 2.1-15. Intel CPU microcode update to 20180108. - Resolves: #1527360 * Fri Dec 15 2017 Petr Oros - 2.1-26 - Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04 - Resolves: #1527360 * Wed Nov 22 2017 Petr Oros - 2.1-25 - Update to upstream 2.1-14. Intel CPU microcode update to 20171117. - Resolves: #1457522 * Tue Oct 17 2017 Petr Oros - 2.1-24 - Fix upstream URL - Resolves: #1502360 * Fri Jul 14 2017 Petr Oros - 2.1-23 - Update to upstream 2.1-13. Intel CPU microcode update to 20170707. - Resolves: #1457522 * Wed May 24 2017 Petr Oros - 2.1-22 - Update to upstream 2.1-12. Intel CPU microcode update to 20170511. - Resolves: #1384218 * Tue Mar 7 2017 Petr Oros - 2.1-21 - Rpm scriptlets should only rebuild the current kernel's initrd. - Resolves: #1420180 * Wed Jan 18 2017 Petr Oros - 2.1-20 - Fix issue with hot microcode cpu reload. - Resolves: #1411232 * Mon Jan 9 2017 Petr Oros - 2.1-19 - Fix broken quoting in ExecStart line. - Resolves: #1411232 * Fri Dec 16 2016 Petr Oros - 2.1-18 - Fix issue with hot microcode cpu reload. - Resolves: #1398698 * Wed Nov 30 2016 Petr Oros - 2.1-17 - Move dracut call into posttrans phase. - Resolves: #1398698 * Thu Jul 21 2016 Petr Oros - 2.1-16 - Update to upstream 2.1-10. Intel CPU microcode update to 20160714. - Resolves: #1358047 * Wed Jun 29 2016 Petr Oros - 2.1-15 - Load CPU microcode update only on supproted systems. - Resolves: #1307179 * Fri Jun 24 2016 Petr Oros - 2.1-14 - Update to upstream 2.1-9. Intel CPU microcode update to 20160607. - Resolves: #1253106 * Thu May 19 2016 Petr Oros - 2.1-13 - Run dracut -f for all kernels. - Resolves: #1292158 * Fri Jul 3 2015 Petr Oros - 2.1-12 - Update to upstream 2.1-7. Intel CPU microcode update to 20150121. - Resolves: #1174983 * Fri Oct 10 2014 Petr Oros - 2.1-11 - Run dracut -f after install microcode for update initramfs. - Resolves: #1151192 * Tue Sep 30 2014 Petr Oros - 2.1-10 - Update to upstream 2.1-6. Intel CPU microcode update to 20140913. - Resolves: #1142302 * Tue Jul 15 2014 Petr Oros - 2.1-9 - Update to upstream 2.1-5. Intel CPU microcode update to 20140624. - Resolves: #1113396 * Tue Jun 3 2014 Petr Oros - 2.1-8 - Fix bogus time in changelog - Resolves: #1085117 * Tue Jun 3 2014 Petr Oros - 2.1-8 - Update to upstream 2.1-4. Intel CPU microcode update to 20140430. - Resolves: #1085117 * Wed Mar 12 2014 Anton Arapov - 2.1-7.1 - Fix the microcode's behaviour in virtual environment. * Fri Feb 28 2014 Anton Arapov - 2.1-7 - Fix the microcode's dracut configuration file location. * Tue Feb 18 2014 Anton Arapov - 2.1-6 - Enable early microcode capabilities. Systemd and Dracut support. (Jeff Bastian) * Fri Jan 24 2014 Anton Arapov - 2.1-5 - Update to upstream 2.1-3. Intel CPU microcode update to 20140122. * Fri Dec 27 2013 Daniel Mach - 2:2.1-4 - Mass rebuild 2013-12-27 * Mon Sep 09 2013 Anton Arapov 2.1-3 - Imported to RHEL tree * Mon Sep 09 2013 Anton Arapov 2.1-2 - Update to upstream 2.1-2. * Wed Aug 14 2013 Anton Arapov 2.1-1 - Update to upstream 2.1-1. * Sat Jul 27 2013 Anton Arapov 2.1-0 - Update to upstream 2.1. AMD microcode has been removed, find it in linux-firmware. * Wed Apr 03 2013 Anton Arapov 2.0-3.1 - Update to upstream 2.0-3 * Thu Feb 14 2013 Fedora Release Engineering - 2:2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Oct 17 2012 Anton Arapov 2.0-2 - Update to upstream 2.0-2 * Tue Oct 02 2012 Anton Arapov 2.0-1 - Update to upstream 2.0-1 * Mon Aug 06 2012 Anton Arapov 2.0 - Update to upstream 2.0 * Wed Jul 25 2012 Anton Arapov 1.18-1 - Update to upstream 1.18 * Fri Jul 20 2012 Fedora Release Engineering - 1:1.17-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 07 2012 Anton Arapov 1.17-25 - Update to microcode-20120606.dat * Tue Feb 07 2012 Anton Arapov 1.17-24 - Update to amd-ucode-2012-01-17.tar * Fri Jan 13 2012 Fedora Release Engineering - 1:1.17-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Dec 22 2011 Anton Arapov 1.17-21 - Fix a segfault that may be triggered by very long parameter [#768803] * Tue Dec 13 2011 Anton Arapov 1.17-20 - Update to microcode-20111110.dat * Tue Sep 27 2011 Anton Arapov 1.17-19 - Update to microcode-20110915.dat * Thu Aug 04 2011 Anton Arapov 1.17-18 - Ship splitted microcode for Intel CPUs [#690930] - Include tool for splitting microcode for Intl CPUs (Kay Sievers ) * Thu Jun 30 2011 Anton Arapov 1.17-17 - Fix udev rules (Dave Jones ) [#690930] * Thu May 12 2011 Anton Arapov 1.17-14 - Update to microcode-20110428.dat * Thu Mar 24 2011 Anton Arapov 1.17-13 - fix memory leak. * Mon Mar 07 2011 Anton Arapov 1.17-12 - Update to amd-ucode-2011-01-11.tar * Tue Feb 08 2011 Fedora Release Engineering - 1:1.17-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Jan 19 2011 Anton Arapov 1.17-10 - manpage fix (John Bradshaw ) [#670879] * Wed Jan 05 2011 Anton Arapov 1.17-9 - Update to microcode-20101123.dat * Mon Nov 01 2010 Anton Arapov 1.17-8 - Update to microcode-20100914.dat * Wed Sep 29 2010 jkeating - 1:1.17-7 - Rebuilt for gcc bug 634757 * Wed Sep 15 2010 Anton Arapov 1.17-6 - Update to microcode-20100826.dat * Tue Sep 07 2010 Toshio Kuratomi 1.17-5 - Fix license tag: bz#450491 * Fri Aug 27 2010 Dave Jones 1.17-4 - Update to microcode-20100826.dat * Tue Mar 23 2010 Anton Arapov 1.17-3 - Fix the udev rules (Harald Hoyer ) * Mon Mar 22 2010 Anton Arapov 1.17-2 - Make microcode_ctl event driven (Bill Nottingham ) [#479898] * Thu Feb 11 2010 Dave Jones 1.17-1.58 - Update to microcode-20100209.dat * Fri Dec 04 2009 Kyle McMartin 1.17-1.57 - Fix duplicate message pointed out by Edward Sheldrake. * Wed Dec 02 2009 Kyle McMartin 1.17-1.56 - Add AMD x86/x86-64 microcode. (Dated: 2009-10-09) Doesn't need microcode_ctl modifications as it's loaded by request_firmware() like any other sensible driver. - Eventually, this AMD firmware can probably live inside kernel-firmware once it is split out. * Wed Sep 30 2009 Dave Jones - Update to microcode-20090927.dat * Fri Sep 11 2009 Dave Jones - Remove some unnecessary code from the init script. * Sat Jul 25 2009 Fedora Release Engineering - 1:1.17-1.52.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Jun 25 2009 Dave Jones - Shorten sleep time during init. This really needs to be replaced with proper udev hooks, but this is a quick interim fix. * Wed Jun 03 2009 Kyle McMartin 1:1.17-1.50 - Change ExclusiveArch to i586 instead of i386. Resolves rhbz#497711. * Wed May 13 2009 Dave Jones - update to microcode 20090330 * Wed Feb 25 2009 Fedora Release Engineering - 1:1.17-1.46.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Sep 12 2008 Dave Jones - update to microcode 20080910 * Tue Apr 01 2008 Jarod Wilson - Update to microcode 20080401 * Sat Mar 29 2008 Dave Jones - Update to microcode 20080220 - Fix rpmlint warnings in specfile. * Mon Mar 17 2008 Dave Jones - specfile cleanups. * Fri Feb 22 2008 Jarod Wilson - Use /lib/firmware instead of /etc/firmware * Wed Feb 13 2008 Jarod Wilson - Fix permissions on microcode.dat * Thu Feb 07 2008 Jarod Wilson - Spec cleanup and macro standardization. - Update license - Update microcode data file to 20080131 revision. * Mon Jul 2 2007 Dave Jones - Update to upstream 1.17 * Thu Oct 12 2006 Jon Masters - BZ209455 fixes. * Mon Jul 17 2006 Jesse Keating - rebuild * Fri Jun 16 2006 Bill Nottingham - remove kudzu requirement - add prereq for coreutils, awk, grep * Thu Feb 09 2006 Dave Jones - rebuild. * Fri Jan 27 2006 Dave Jones - Update to upstream 1.13 * Fri Dec 16 2005 Jesse Keating - rebuilt for new gcj * Fri Dec 09 2005 Jesse Keating - rebuilt * Mon Nov 14 2005 Dave Jones - initscript tweaks. * Tue Sep 13 2005 Dave Jones - Update to upstream 1.12 * Wed Aug 17 2005 Dave Jones - Check for device node *after* loading the module. (#157672) * Tue Mar 1 2005 Dave Jones - Rebuild for gcc4 * Thu Feb 17 2005 Dave Jones - s/Serial/Epoch/ * Tue Jan 25 2005 Dave Jones - Drop the node creation/deletion change from previous release. It'll cause grief with selinux, and was a hack to get around a udev shortcoming that should be fixed properly. * Fri Jan 21 2005 Dave Jones - Create/remove the /dev/cpu/microcode dev node as needed. - Use correct path again for the microcode.dat. - Remove some no longer needed tests in the init script. * Fri Jan 14 2005 Dave Jones - Only enable microcode_ctl service if the CPU is capable. - Prevent microcode_ctl getting restarted multiple times on initlevel change (#141581) - Make restart/reload work properly - Do nothing if not started by root. * Wed Jan 12 2005 Dave Jones - Adjust dev node location. (#144963) * Tue Jan 11 2005 Dave Jones - Load/Remove microcode module in initscript. * Mon Jan 10 2005 Dave Jones - Update to upstream 1.11 release. * Sat Dec 18 2004 Dave Jones - Initial packaging, based upon kernel-utils.