|
1 | 1 | %define orig_name intel-microcode |
2 | | -%define orig_timestamp 20210608 |
| 2 | +%define orig_timestamp 20220207 |
3 | 3 | %define orig_rev %nil |
4 | 4 |
|
5 | 5 | Name: firmware-intel-ucode |
6 | | -Version: 16 |
| 6 | +Version: 17 |
7 | 7 | Release: alt1.%{orig_timestamp}%{?orig_rev} |
8 | 8 | Epoch: 2 |
9 | 9 |
|
@@ -50,6 +50,84 @@ mv ${UCODE}.bin %buildroot/lib/firmware/intel-ucode/%{orig_name}.bin |
50 | 50 | /lib/firmware/intel-ucode/* |
51 | 51 |
|
52 | 52 | %changelog |
| 53 | +* Mon Mar 21 2022 L.A. Kostis <[email protected]> 2:17-alt1.20220207 |
| 54 | +- Sync with Debian 3.20220207: |
| 55 | + + new upstream datafile 20220207 |
| 56 | + + Mitigates (*only* when loaded from UEFI firmware through the FIT) |
| 57 | + CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through |
| 58 | + debug port, on Pentium, Celeron and Atom processors with signatures |
| 59 | + 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8 |
| 60 | + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145 |
| 61 | + + Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint |
| 62 | + may cause a system hang, on many processors. |
| 63 | + + Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due |
| 64 | + to improper sanitization of shared resources (fast-store forward |
| 65 | + predictor), on many processors. |
| 66 | + + Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some |
| 67 | + Atom Processors may allow information disclosure or denial of service |
| 68 | + via network access. |
| 69 | + + Fixes critical errata (functional issues) on many processors |
| 70 | + + Adds a MSR switch to enable RAPL filtering (default off, once enabled |
| 71 | + it can only be disabled by poweroff or reboot). Useful to protect |
| 72 | + SGX and other threads from side-channel info leak. Improves the |
| 73 | + mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many |
| 74 | + processors. |
| 75 | + + Disables TSX in more processor models. |
| 76 | + + Fixes issue with WBINDV on multi-socket (server) systems which could |
| 77 | + cause resets and unpredictable system behavior. |
| 78 | + + Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket |
| 79 | + Lake) processors, to control a fix for (hopefully rare) unpredictable |
| 80 | + processor behavior when HyperThreading is enabled. This MSR switch |
| 81 | + is enabled by default on *server* processors. On other processors, |
| 82 | + it needs to be explicitly enabled by an updated UEFI/BIOS (with added |
| 83 | + configuration logic). An updated operating system kernel might also |
| 84 | + be able to enable it. When enabled, this fix can impact performance. |
| 85 | + * Updated Microcodes: |
| 86 | + sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912 |
| 87 | + sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552 |
| 88 | + sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472 |
| 89 | + sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816 |
| 90 | + sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008 |
| 91 | + sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840 |
| 92 | + sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864 |
| 93 | + sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672 |
| 94 | + sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672 |
| 95 | + sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648 |
| 96 | + sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552 |
| 97 | + sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408 |
| 98 | + sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384 |
| 99 | + sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544 |
| 100 | + sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264 |
| 101 | + sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 |
| 102 | + sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752 |
| 103 | + sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776 |
| 104 | + sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592 |
| 105 | + sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816 |
| 106 | + sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568 |
| 107 | + sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256 |
| 108 | + sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376 |
| 109 | + sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448 |
| 110 | + sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448 |
| 111 | + sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424 |
| 112 | + sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448 |
| 113 | + sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448 |
| 114 | + sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480 |
| 115 | + sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480 |
| 116 | + sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496 |
| 117 | + sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400 |
| 118 | + sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448 |
| 119 | + sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 |
| 120 | + sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424 |
| 121 | + sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184 |
| 122 | + sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208 |
| 123 | + sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208 |
| 124 | + sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208 |
| 125 | + sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184 |
| 126 | + sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400 |
| 127 | + + Removed Microcodes: |
| 128 | + sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 |
| 129 | + sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 |
| 130 | + |
53 | 131 | * Mon Jun 14 2021 L.A. Kostis <[email protected]> 2:16-alt1.20210608 |
54 | 132 | - Sync with Debian 3.20210608.1: |
55 | 133 | + New upstream microcode datafile 20210608: |
|
0 commit comments