[openwrt/openwrt] firmware: intel-microcode: update to 20210608
LEDE Commits
lede-commits at lists.infradead.org
Fri Dec 3 15:37:56 PST 2021
chunkeey pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/1add2c0d95efb970ab18485e570b146610740bf2
commit 1add2c0d95efb970ab18485e570b146610740bf2
Author: Tan Zien <nabsdh9 at gmail.com>
AuthorDate: Fri Aug 27 21:27:11 2021 +0800
firmware: intel-microcode: update to 20210608
intel-microcode (3.20210608.2)
* Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
debian/changelog (3.20210608.1).
intel-microcode (3.20210608.1)
* New upstream microcode datafile 20210608 (closes: #989615)
* Implements mitigations for CVE-2020-24511 CVE-2020-24512
(INTEL-SA-00464), information leakage through shared resources,
and timing discrepancy sidechannels
* Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
Domain-bypass transient execution vulnerability in some Intel Atom
Processors, affects Intel SGX.
* Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
VT-d privilege escalation
* Fixes critical errata on several processors
* New Microcodes:
sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
* Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
* source: update symlinks to reflect id of the latest release, 20210608
intel-microcode (3.20210216.1)
* New upstream microcode datafile 20210216
* Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
and Cascade Lake Server (B0/B1) when using an active JTAG
agent like In Target Probe (ITP), Direct Connect Interface
(DCI) or a Baseboard Management Controller (BMC) to take the
CPU JTAG/TAP out of reset and then returning it to reset.
* This issue is related to the INTEL-SA-00381 mitigation.
* Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
* source: update symlinks to reflect id of the latest release, 20210216
intel-microcode (3.20201118.1)
* New upstream microcode datafile 20201118
* Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
processors. Note that Debian already had removed this specific falty
microcode update on the 3.20201110.1 release
* Add a microcode update for the Pentium Silver N/J5xxx and Celeron
N/J4xxx which didn't make it to release 20201110, fixing security issues
(INTEL-SA-00381, INTEL-SA-00389)
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
* Removed Microcodes:
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
intel-microcode (3.20201110.1)
* New upstream microcode datafile 20201110 (closes: #974533)
* Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
aka INTEL-SA-00381: AVX register information leakage;
Fast-Forward store predictor information leakage
* Implements mitigation for CVE-2020-8695, Intel SGX information
disclosure via RAPL, aka INTEL-SA-00389
* Fixes critical errata on several processor models
* Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
for Skylake-U/Y, Skylake Xeon E3
* New Microcodes
sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
* Updated Microcodes
sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
* 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your
system vendor for a firmware update, or wait fo a possible fix in a future
Intel microcode release.
* source: update symlinks to reflect id of the latest release, 20201110
* source: ship new upstream documentation (security.md, releasenote.md)
Signed-off-by: Tan Zien <nabsdh9 at gmail.com>
[used different .tar.xz source, but with the same content]
Signed-off-by: Christian Lamparter <chunkeey at gmail.com>
---
package/firmware/intel-microcode/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/firmware/intel-microcode/Makefile b/package/firmware/intel-microcode/Makefile
index d2f61e9bf0..7f8d5adf7c 100644
--- a/package/firmware/intel-microcode/Makefile
+++ b/package/firmware/intel-microcode/Makefile
@@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=intel-microcode
-PKG_VERSION:=20200616
+PKG_VERSION:=20210608
PKG_RELEASE:=1
-PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
+PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).2.tar.xz
PKG_SOURCE_URL:=@DEBIAN/pool/non-free/i/intel-microcode/
-PKG_HASH:=bcc3b81c452fe4649a948c022475d76c1cdfbb730f36749a082f412f1406a3b9
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
+PKG_HASH:=fbf82688ffd0d87b352a35c57bd097ea014f0ad32c9c8f9629725c1b43d1c84d
+PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).2
PKG_BUILD_DEPENDS:=iucode-tool/host
More information about the lede-commits
mailing list