[openwrt/openwrt] firmware: intel-microcode: update to 20200616
LEDE Commits
lede-commits at lists.infradead.org
Fri Sep 18 16:41:51 EDT 2020
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/e826e007658911df91385935e74621889abbda24
commit e826e007658911df91385935e74621889abbda24
Author: Tan Zien <nabsdh9 at gmail.com>
AuthorDate: Tue Sep 8 23:52:23 2020 +0800
firmware: intel-microcode: update to 20200616
intel-microcode (3.20200616.1)
* New upstream microcode datafile 20200616
+ Downgraded microcodes (to a previously shipped revision):
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
* Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
* This update *removes* the SRBDS mitigations from the above processors
* Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
intel-microcode (3.20200609.2)
* REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
* Microcode rollbacks (closes: LP#1883002)
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
* THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
* Avoid hangs on boot on (some?) Skylake-U/Y processors,
* ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
just in case. Note that Debian does not do late loading by itself.
Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
intel-microcode (3.20200609.1)
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
intel-microcode (3.20200520.1)
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
intel-microcode (3.20200508.1)
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
intel-microcode (3.20191115.2)
* Microcode rollbacks (closes: #946515, LP#1854764):
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
* Avoids hangs on warm reboots (cold boots work fine) on HEDT and
Xeon processors with signature 0x50654.
intel-microcode (3.20191115.1)
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
intel-microcode (3.20191113.1)
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
intel-microcode (3.20191112.1)
* New upstream microcode datafile 20191112
+ SECURITY UPDATE
- Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
- Implements TA Indirect Sharing mitigation, and improves the
MDS mitigation (VERW)
- Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
CVE-2019-11139
- Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+ CRITICAL ERRATA FIXES
- Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
Ice Lake), causes a 0-3% typical perforance hit (can be as bad
as 10%). But ensures the processor will actually jump where it
should, so don't even *dream* of not applying this fix.
- Fixes AVX SHUF* instruction implementation flaw erratum
+ Removed Microcodes:
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ New Microcodes:
sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ Updated Microcodes (previously removed):
sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
Signed-off-by: Tan Zien <nabsdh9 at gmail.com>
---
package/firmware/intel-microcode/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/firmware/intel-microcode/Makefile b/package/firmware/intel-microcode/Makefile
index de501622de..b3c3674f87 100644
--- a/package/firmware/intel-microcode/Makefile
+++ b/package/firmware/intel-microcode/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=intel-microcode
-PKG_VERSION:=20190918
+PKG_VERSION:=20200616
PKG_RELEASE:=1
PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
-PKG_HASH:=b7ecb5dd30d71e9b3c2ab184693a876171392e0d80d138c3560c662e5f2a2247
+PKG_HASH:=bcc3b81c452fe4649a948c022475d76c1cdfbb730f36749a082f412f1406a3b9
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
PKG_BUILD_DEPENDS:=iucode-tool/host
More information about the lede-commits
mailing list