diff --git a/.gitignore b/.gitignore index 69e7a11..721e69f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ SOURCES/hfi1-fw-git44d8e8d.tar.gz SOURCES/linux-firmware-20170606.tar.gz -SOURCES/microcode_amd_fam17h.bin diff --git a/.linux-firmware.metadata b/.linux-firmware.metadata index 6ffb40d..156c35d 100644 --- a/.linux-firmware.metadata +++ b/.linux-firmware.metadata @@ -1,3 +1,2 @@ 7c598272a756a563e716560f185bbf04aed06f5e SOURCES/hfi1-fw-git44d8e8d.tar.gz 1b5325e3d5a2e6903c837315a285f6ecfd93d1af SOURCES/linux-firmware-20170606.tar.gz -f94ccd286b9b062c7a40f87a94bffc70b6246443 SOURCES/microcode_amd_fam17h.bin diff --git a/SOURCES/REDHAT-DISCLAIMER b/SOURCES/REDHAT-DISCLAIMER new file mode 100644 index 0000000..a42d5a1 --- /dev/null +++ b/SOURCES/REDHAT-DISCLAIMER @@ -0,0 +1,13 @@ + + This update supersedes microcode provided by Red Hat with the CVE-2017-5715 (“Spectre”) + CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated + microcode, developed by our microprocessor partners, as a customer convenience.) Further + testing has uncovered problems with the microcode provided along with the “Spectre” mitigation + that could lead to system instabilities. As a result, Red Hat is providing an microcode update + that reverts to the last known good microcode version dated before 03 January 2018. + Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates. + + IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and + install updated microcode from their hardware vendor immediately. The "Spectre" mitigation requires + both an updated kernel from Red Hat and updated microcode from your hardware vendor. + diff --git a/SPECS/linux-firmware.spec b/SPECS/linux-firmware.spec index 9f06dfe..4057f47 100644 --- a/SPECS/linux-firmware.spec +++ b/SPECS/linux-firmware.spec @@ -1,5 +1,5 @@ %global checkout c990aae -%global firmware_release 57 +%global firmware_release 58 Name: linux-firmware Version: 20170606 @@ -38,8 +38,8 @@ Obsoletes: libertas-usb8388-olpc-firmware Source1: hfi1-fw-git44d8e8d.tar.gz Patch0: 0001-Revert-Update-Intel-OPA-hfi1-firmware.patch -# AMD fam17h u-code -Source2: microcode_amd_fam17h.bin +# REDHAT-DISCLAIMER on u-code updates (rhbz 1533989) +Source2: REDHAT-DISCLAIMER %description Kernel-firmware includes firmware files required for some devices to @@ -267,9 +267,8 @@ rm -rf vxge # Remove the check_whence.py file rm -f check_whence.py -# Introduce AMD fam17h u-code blob -install %{SOURCE2} amd-ucode/ - +# REDHAT-DISCLAIMER on u-code updates (rhbz 1533989) +install %{SOURCE2} ./ %install rm -rf $RPM_BUILD_ROOT @@ -293,6 +292,18 @@ sed -e 's/^/%%dir /' linux-firmware.dirs >> linux-firmware.files %clean rm -rf $RPM_BUILD_ROOT +%post +# REDHAT-DISCLAIMER on u-code updates +# send the message to syslog, so it gets recorded on /var/log +if [ -e /usr/bin/logger ]; then + /usr/bin/logger -p syslog.notice -t DISCLAIMER -f %{fwdir}/REDHAT-DISCLAIMER +fi +# also paste it over dmesg (some customers drop dmesg messages while +# others keep them into /var/log for the later case, we'll have the +# disclaimer recorded twice into system logs. +cat %{fwdir}/REDHAT-DISCLAIMER > /dev/kmsg + + %files -n iwl100-firmware %defattr(-,root,root,-) %doc WHENCE LICENCE.iwlwifi_firmware @@ -390,6 +401,10 @@ rm -rf $RPM_BUILD_ROOT %doc WHENCE LICENCE.* LICENSE.* %changelog +* Sat Jan 13 2018 Rafael Aquini - 20170606-58.gitc990aae +- Revert amd-ucode for fam17h +- Add disclaimer message on current u-code updates + * Wed Dec 27 2017 Rafael Aquini - 20170606-57.gitc990aae - Add amd-ucode for fam17h