Blame SOURCES/06-55-04_readme

81200a
Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT
81200a
(Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports
81200a
of system hangs on reboot when revision 0x2000065 of microcode, that was included
81200a
from microcode-20191112 update up to microcode-20200520 update, was applied[1].
81200a
In order to address this, microcode update to the newer revision had been
81200a
disabled by default on these systems, and the previously published microcode
81200a
revision 0x2000064 is used by default for the OS-driven microcode update.
81200a
81200a
Since revision 0x2006906 (included with the microcode-20200609 release)
81200a
it is reported that the issue is no longer present, so the newer microcode
81200a
revision is enabled by default now (but can be disabled explicitly; see below).
81200a
81200a
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
078ac8
078ac8
For the reference, SHA1 checksums of 06-55-04 microcode files containing
078ac8
microcode revisions in question are listed below:
078ac8
 * 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a
078ac8
 * 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
81200a
 * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
078ac8
078ac8
Please contact your system vendor for a BIOS/firmware update that contains
078ac8
the latest microcode version.  For the information regarding microcode versions
078ac8
required for mitigating specific side-channel cache attacks, please refer
078ac8
to the following knowledge base articles:
078ac8
 * CVE-2017-5715 ("Spectre"):
078ac8
   https://access.redhat.com/articles/3436091
078ac8
 * CVE-2018-3639 ("Speculative Store Bypass"):
078ac8
   https://access.redhat.com/articles/3540901
078ac8
 * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
078ac8
   https://access.redhat.com/articles/3562741
078ac8
 * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
078ac8
   ("Microarchitectural Data Sampling"):
078ac8
   https://access.redhat.com/articles/4138151
078ac8
 * CVE-2019-0117 (Intel SGX Information Leak),
078ac8
   CVE-2019-0123 (Intel SGX Privilege Escalation),
078ac8
   CVE-2019-11135 (TSX Asynchronous Abort),
078ac8
   CVE-2019-11139 (Voltage Setting Modulation):
078ac8
   https://access.redhat.com/solutions/2019-microcode-nov
81200a
 * CVE-2020-0543 (Special Register Buffer Data Sampling),
81200a
   CVE-2020-0548 (Vector Register Data Sampling),
81200a
   CVE-2020-0549 (L1D Cache Eviction Sampling):
81200a
   https://access.redhat.com/solutions/5142751
078ac8
81200a
The information regarding disabling microcode update is provided below.
078ac8
81200a
To disable usage of the newer microcode revision for a specific kernel
81200a
version, please create a file "disallow-intel-06-55-04" inside
078ac8
/lib/firmware/<kernel_version> directory, run
81200a
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directory
81200a
used for late microcode updates, and run "dracut -f --kver <kernel_version>"
81200a
so initramfs for this kernel version is regenerated, for example:
078ac8
81200a
    touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04
078ac8
    /usr/libexec/microcode_ctl/update_ucode
078ac8
    dracut -f --kver 3.10.0-862.9.1
078ac8
81200a
To disable usage of the newer microcode revision for all kernels, please create
81200a
file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run
81200a
"/usr/libexec/microcode_ctl/update_ucode" to update firmware directories
81200a
used for late microcode updates, and run "dracut -f --regenerate-all"
81200a
so initramfs images get regenerated, for example:
078ac8
078ac8
    mkdir -p /etc/microcode_ctl/ucode_with_caveats
81200a
    touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04
078ac8
    /usr/libexec/microcode_ctl/update_ucode
078ac8
    dracut -f --regenerate-all
078ac8
078ac8
Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
078ac8
information.