[openwrt/openwrt] firmware: intel-microcode: update to 20200616

LEDE Commits lede-commits at lists.infradead.org
Fri Sep 18 16:41:51 EDT 2020


hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/e826e007658911df91385935e74621889abbda24

commit e826e007658911df91385935e74621889abbda24
Author: Tan Zien <nabsdh9 at gmail.com>
AuthorDate: Tue Sep 8 23:52:23 2020 +0800

    firmware: intel-microcode: update to 20200616
    
    intel-microcode (3.20200616.1)
    
      * New upstream microcode datafile 20200616
        + Downgraded microcodes (to a previously shipped revision):
          sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
          sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
      * This update *removes* the SRBDS mitigations from the above processors
      * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
    
    intel-microcode (3.20200609.2)
    
      * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
        * Microcode rollbacks (closes: LP#1883002)
          sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
        * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
        * Avoid hangs on boot on (some?) Skylake-U/Y processors,
      * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
        just in case.  Note that Debian does not do late loading by itself.
        Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
    
    intel-microcode (3.20200609.1)
    
      * SECURITY UPDATE
        * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
          on the processor model
        * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
          L1DCES mitigations, plus mitigations described in the changelog entry
          for package release 3.20191112.1.
        * Expect some performance impact, the mitigations are enabled by
          default.  A Linux kernel update will be issued that allows one to
          selectively disable the mitigations.
      * New upstream microcode datafile 20200609
        * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
          Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
        * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
          (VRDS), INTEL-SA-00329
        * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
          (L1DCES), INTEL-SA-00329
        * Known to fix the regression introduced in release 2019-11-12 (sig
          0x50564, rev. 0x2000065), which would cause several systems with
          Skylake Xeon, Skylake HEDT processors to hang while rebooting
        * Updated Microcodes:
          sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
          sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
          sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
          sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
          sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
          sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
          sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
          sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
          sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
          sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
          sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
          sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
          sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
          sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
          sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
          sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
          sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
          sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
          sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
          sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
          sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
      * Restores the microcode-level fixes that were reverted by release
        3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
    
    intel-microcode (3.20200520.1)
    
      * New upstream microcode datafile 20200520
        + Updated Microcodes:
          sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
          sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
    
    intel-microcode (3.20200508.1)
    
      * New upstream microcode datafile 20200508
        + Updated Microcodes:
          sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
        * Likely fixes several critical errata on IceLake-U/Y causing system
          hangs
    
    intel-microcode (3.20191115.2)
    
      * Microcode rollbacks (closes: #946515, LP#1854764):
        sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
      * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
        Xeon processors with signature 0x50654.
    
    intel-microcode (3.20191115.1)
    
      * New upstream microcode datafile 20191115
        + Updated Microcodes:
          sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
          sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
          sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
          sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
          sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
          sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
          sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
          sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
          sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
          sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
          sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
          sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
          sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
    
    intel-microcode (3.20191113.1)
    
      * New upstream microcode datafile 20191113
        + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
          Adds microcode update for CFL-S (Coffe Lake Desktop)
          INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
        + Updated Microcodes (previously removed):
          sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    
    intel-microcode (3.20191112.1)
    
      * New upstream microcode datafile 20191112
        + SECURITY UPDATE
          - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
          - Implements TA Indirect Sharing mitigation, and improves the
            MDS mitigation (VERW)
          - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
            CVE-2019-11139
          - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
        + CRITICAL ERRATA FIXES
          - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
            Ice Lake), causes a 0-3% typical perforance hit (can be as bad
            as 10%).  But ensures the processor will actually jump where it
            should, so don't even *dream* of not applying this fix.
          - Fixes AVX SHUF* instruction implementation flaw erratum
        + Removed Microcodes:
          sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
        + New Microcodes:
          sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
          sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
          sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
          sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
          sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
          sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
        + Updated Microcodes:
          sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
          sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
          sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
          sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
          sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
          sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
          sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
          sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
          sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
          sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
          sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
          sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
          sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
          sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
        + Updated Microcodes (previously removed):
          sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
    
    Signed-off-by: Tan Zien <nabsdh9 at gmail.com>
---
 package/firmware/intel-microcode/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/firmware/intel-microcode/Makefile b/package/firmware/intel-microcode/Makefile
index de501622de..b3c3674f87 100644
--- a/package/firmware/intel-microcode/Makefile
+++ b/package/firmware/intel-microcode/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=intel-microcode
-PKG_VERSION:=20190918
+PKG_VERSION:=20200616
 PKG_RELEASE:=1
 
 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
-PKG_HASH:=b7ecb5dd30d71e9b3c2ab184693a876171392e0d80d138c3560c662e5f2a2247
+PKG_HASH:=bcc3b81c452fe4649a948c022475d76c1cdfbb730f36749a082f412f1406a3b9
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
 
 PKG_BUILD_DEPENDS:=iucode-tool/host



More information about the lede-commits mailing list