Blame SOURCES/README.caveats

62b1c6
The microcode_ctl package contains microcode files (vendor-provided binary data
62b1c6
and/or code in proprietary format that affects behaviour of a device) for Intel
62b1c6
CPUs that may be loaded into the CPU during boot.
62b1c6
62b1c6
The microcode_ctl package contains provisions for some issues related
62b1c6
to microcode loading.  While those provisions are expected to suit most users,
62b1c6
several knobs are available in order to provide ability to override the default
62b1c6
behaviour.
b24a43
b24a43
b24a43
General behaviour
b24a43
=================
b24a43
In RHEL 8 (as well as RHEL 7 before it), there are currently two main handlers
b24a43
for CPU microcode update:
b24a43
 * Early microcode update. It uses GenuineIntel.bin or AuthenticAMD.bin file
b24a43
   placed at the beginning of an initramfs image
b24a43
   (/boot/initramfs-KERNEL_VERSION.img, where "KERNEL_VERSION" is a kernel
b24a43
   version in the same format as provided by "uname -r") as a source
b24a43
   of microcode data, and is performed very early during the boot process
b24a43
   (if the relevant microcode file is available in the aforementioned file).
b24a43
 * On-demand (late) microcode update. It can be triggered by writing "1" to
b24a43
   /sys/devices/system/cpu/microcode/reload file (provided my the "microcode"
b24a43
   module). It relies on request_firmware infrastructure, which searches (and
b24a43
   loads, if found) microcode from a file present in one of the following
b24a43
   directories (in the search order):
b24a43
       /lib/firmware/updates/KERNEL_VERSION/
b24a43
       /lib/firmware/updates/
b24a43
       /lib/firmware/KERNEL_VERSION/
b24a43
       /lib/firmware/
b24a43
  (there is also an additional directory that can be configured via the
b24a43
  "fw_path_para" module option of the "firmware_class" module; as this module
b24a43
  is built-in in RHEL kernel, a boot parameter "firmware_class.fw_path_para"
b24a43
  should be used for that purpose; this is out of the document's scope, however)
b24a43
b24a43
The firmware for Intel CPUs is searched in "intel-ucode" subdirectory, and for
b24a43
AMD CPUs, a file under "amd-ucode" is searched.
b24a43
b24a43
For Intel CPUs, the name of the specific microcode file the kernel tries to load
b24a43
has the format "FF-MM-SS", where "FF" is the family number, "MM" is the model
b24a43
number, and "SS" is the stepping. All those numbers are zero-filled to two digits
b24a43
and are written in hexadecimal (letters are in the lower case).  For AMD CPUs,
b24a43
the file name has the format "microcode_amd_famFFh.bin", where "FF" is the
b24a43
family number, written in hexadecimal, letters are in the lower case, not
b24a43
zero-filled.
b24a43
b24a43
The early microcode is placed into initramfs image by the "dracut" script, which
b24a43
scans the aforementioned subdirectories of the configured list of firmware
b24a43
directories (by default, the list consists of two directories in RHEL 8,
b24a43
"/lib/firmware/updates" and "/lib/firmware").
b24a43
b24a43
In RHEL 8, AMD CPU microcode is shipped as a part of the linux-firmware package,
b24a43
and Intel microcode is shipped as a part of the microcode_ctl package.
b24a43
b24a43
The microcode_ctl package currently includes the following:
b24a43
 * Intel CPU microcode files, placed in /usr/share/microcode_ctl/intel-ucode
b24a43
   directory (currently there are none);
b24a43
 * A dracut module, /usr/lib/dracut/modules.d/99microcode_ctl-fw_dir_override,
b24a43
   that controls which additional firmware directories will be added to dracut's
b24a43
   default configuration;
b24a43
 * A dracut configuration file, /usr/lib/dracut/dracut.conf.d/01-microcode.conf,
b24a43
   that enables inclusion of early microcode to the generated initramfs
b24a43
   in dracut;
b24a43
 * A dracut configuration file,
b24a43
   /usr/lib/dracut/dracut.conf.d/99-microcode-override.conf, that provides a way
b24a43
   to quickly disable 99microcode_ctl-fw_dir-override dracut module;
b24a43
 * A systemd service file, microcode.service, that triggers microcode reload
b24a43
   late during boot;
b24a43
 * A set of directories in /usr/share/microcode_ctl/ucode_with_caveats, each
b24a43
   of which contains configuration and related data for various caveats related
b24a43
   to microcode:
b24a43
   * readme - description of caveat and related information,
b24a43
   * config - caveat configuration file, with syntax as described in "Caveat
b24a43
     configuration" section below,
b24a43
   * intel-ucode - directory containing microcode files related to the caveat;
b24a43
 * A set of support scripts, placed in /usr/libexec/microcode_ctl:
b24a43
   * "check_caveats" is an utility script that performs checks of the target
b24a43
     kernel (and running CPU) in accordance with caveat configuration files
b24a43
     in ucode_with_caveats directory and reports whether it passes them or not,
b24a43
   * "reload_microcode" is a script that is called by microcode.service and
b24a43
     triggers microcode reloading (by writing "1" to
b24a43
     /sys/devices/system/cpu/microcode/reload) if the running kernel passes
b24a43
     check_caveats checks,
b24a43
   * "update_ucode" is a script that populates symlinks to microcode files
b24a43
     in /lib/firmware, so it can be picked up by relevant kernels for the late
b24a43
     microcode loading.
b24a43
b24a43
Also, microcode_ctl RPM includes triggers that run update_ucode script on every
b24a43
installation or removal of a kernel RPM in order to provide microcode files
b24a43
for newly installed kernels and cleanup symlinks for the uninstalled ones.
b24a43
b24a43
b24a43
Caveat configuration
b24a43
--------------------
b24a43
There is a directory for each caveat under
b24a43
/usr/share/microcode_ctl/ucode_with_caveats, containing the following files:
b24a43
 * "config", a configuration file for the caveat;
b24a43
 * "readme", that contains description of the caveat;
b24a43
 * set of related associated microcode files.
b24a43
b24a43
"config" file is a set of lines each containing option name and its value,
b24a43
separated by white space.  Currently, the following options are supported:
b24a43
 * "model" option, which has format "VENDOR_ID FF-MM-SS", that specifies
b24a43
   to which CPU model the caveat is applicable (check_caveats ignores caveats
b24a43
   with non-matching models if "-m" option is passed to it). Can be set
b24a43
   in the configuration file only once (the last provided value is used).
b24a43
 * "vendor" option specifies CPUs of which vendor (as provided
b24a43
   in the /proc/cpuinfo file) the caveat is applicable to (check_caveats
b24a43
   ignores caveats with non-matching models when it is invoked with "-m"
b24a43
   option). Can be set in the configuration file only once.
b24a43
 * "path" is a glob pattern that specifies set of microcode files associated
b24a43
   with the caveat as a relative path to the caveat directory. This option
b24a43
   is used for populating files in /lib/firmware by update_ucode script and
b24a43
   for matching microcode file when dracut is run in host-only mode
b24a43
   (as in that case it uses only the first directory in firmware directory list
b24a43
   to look for the microcode file applicable to the host CPU).  Can be set
b24a43
   in the configuration file multiple times.
b24a43
 * "kernel" is a minimal kernel version that supports proper handling
b24a43
   of the related microcode files during late microcode load.  It may be
b24a43
   provided in one of the following formats that affect the way it is compared
b24a43
   to the running kernel version:
b24a43
    * A.B.C (where A, B, and C are decimal numbers), "upstream version". In this
b24a43
      case, simple version comparison against the respective part of the running
b24a43
      kernel version is used, and the running kernel version should be greater
b24a43
      or equal than the version provided in the configuration option in order
b24a43
      for comparison to succeed (that is, the first part, major version number,
b24a43
      of the running kernel version should be greater than the value provided
b24a43
      in the configuration option, or those should be equal and the second part,
b24a43
      minor version number, should be greater than the minor version number
b24a43
      of the kernel version provided in the configuration option, or the first
b24a43
      two parts should be equal and the third part, patch level, should
b24a43
      be greater or equal the patch level of the version in the configuration
b24a43
      option).
b24a43
    * A.B.C-Y (where A, B, C, and Y are decimal numbers), "Y-stream version".
b24a43
      In this case, A.B.C part should be equal, and Y part of the running kernel
b24a43
      version should be greater or equal than the Y part of the configuration
b24a43
      option version in order to satisfy the comparison requirement.
b24a43
    * A.B.C-Y.Z1.Z2 (where A, B, C, Y, Z1, and Z2 are decimal numbers),
b24a43
      "Z-stream version". In this case, A.B.C-Y part should be equal and Z1.Z2
b24a43
      part of the running kernel should be greater or equal than the respective
b24a43
      part of the configuration option version (when compared as a version)
b24a43
      for comparison to succeed.
b24a43
   Kernel version check passed if at least one comparison of the running kernel
b24a43
   version against a kernel version provided in a configuration option
b24a43
   succeeded.  The "kernel" configuration option can be provided
b24a43
   in the configuration file multiple times.
b24a43
 * "kernel_early" is a minimal kernel version that supports proper handling
b24a43
   of the related microcode during early microcode load. The format of the
b24a43
   option and its semantics is similar to the "kernel" configuration options.
b24a43
   This option can be provided multiple times as well.
b24a43
 * "mc_min_ver_late" is the minimal version of the currently loaded microcode
b24a43
   on the CPU (as reported in /proc/cpuinfo) that supports late microcode
b24a43
   update.  Microcode update will be attempted only if the currently loaded
b24a43
   microcode version is greater or equal the microcode version provided
b24a43
   in the configuration option. Can be set in the configuration file only once.
b24a43
 * "disable" is a way to disable a specific caveat from inside its
b24a43
   configuration. Argument for the argument is a list of stages ("early",
b24a43
   "late") for which the caveat should be disable. The configuration option
b24a43
   can be provided multiple times in a configuration file.
b24a43
 * "blacklist" is a marker for a start of list of blacklisted model names,
b24a43
   one model name per line. The model name of the running CPU (as reported
b24a43
   in /proc/cpuinfo) is compared against the names in the provided list, and,
b24a43
   if there is a match, caveat check fails.
494736
 * "pci_config_val" performs check for specific values in selected parts
494736
   of configuration space of specified PCI devices.  If "-m" option
494736
   is not specified, then the actual check is skipped, and the check returns
494736
   result in accordance with the provided "mode" option (se below).  Check
494736
   arguments are a white-space-separated list of "key=value" pairs.
494736
   The following keys are supported:
494736
    * "domain" - PCI domain number, or "*" (an asterisk) for any domain.
494736
      Default is "*".
494736
    * "bus" - PCI bus number, or "*" (an asterisk) for any bus.  Default is "*".
494736
    * "device" - PCI device number, or "*" (an asterisk) for any device.
494736
      Default is "*".
494736
    * "function" - PCI function number, or "*" (an asterisk) for any function.
494736
      Default is "*".
494736
    * "vid" - PCI vendor ID, or empty string for any vendor ID.  Default
494736
      is empty string.
494736
    * "did" - PCI device ID, or empty string for any device ID.  Default
494736
      is empty string.
494736
    * "offset" - offset in device's configuration space where the value resides.
494736
      Default is 0.
494736
    * "size" - field size.  Possible values are 1, 2, 4, or 8.  Default is 4.
494736
    * "mask" - mask applied to the values during the check.  Default is 0.
494736
    * "val" - comma-separated list of matching values.  Default is 0.
494736
    * "mode" - check mode, the way matches are interpreted:
494736
       * "success-any" - check succeeds if there was at least one match,
494736
         otherwise it fails.
494736
       * "success-all" - check succeeds if there was at least one device checked
494736
         and all the checked devices have matches, otherwise the check fails.
494736
       * "fail-any" - check fails if there was at least one match, otherwise
494736
         it succeeds.
494736
       * "fail-all" - check fails if there was at least one device checked
494736
         and all the checked devices have matches, otherwise the check succeeds.
a5370a
      Default is "success-any".
494736
   An example of a check:
494736
       pci_config_val mode=success-all device=30 function=3 vid=0x8086 did=0x2083 offset=0x84 size=4 mask=0x38 val=0x38,0x18,0x8
494736
   It interprets 4 bytes at offset 0x84 of special files "config" under
494736
   directories that match glob pattern "/sys/bus/pci/devices/*:*:1e.3"
494736
   as an unsigned integer value, applies mask 0x38 (thus selecting bit 5..3
494736
   of it) and checks whether it is one of the values 0x38, 0x18, or 0x8 (0b111,
494736
   0b011, or 0b001 in bits 5..3, respectively); if there are such files,
494736
   and all the checked values in every checked file has matched at least one
494736
   of the aforementioned value, then the check is successful, otherwise
494736
   it fails (in accordance with "mode=success-all" semantics).  This check fails
494736
   if "-m" option is not specified.
a5370a
 * "dmi" performs checks for specific values available in DMI sysfs files
a5370a
   (present under /sys/devices/virtual/dmi/id/).  The check fails if file
a5370a
   is not readable.  If "-m" option is specified, then the actual check
a5370a
   is skipped, and the check returns value in accordance with "no-model-mode"
a5370a
   parameter value (see below).  Check arguments are a white-space-separated
a5370a
   list of "key=value" pairs.  The following keys are supported:
a5370a
    * "key" - DMI file to check. Value can be one of the following: bios_date,
a5370a
      bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
a5370a
      board_vendor, board_version, chassis_asset_tag, chassis_serial,
a5370a
      chassis_type, chassis_vendor, chassis_version, product_family,
a5370a
      product_name, product_serial, product_uuid, product_version, sys_vendor.
a5370a
      Default is empty string.
a5370a
    * "val" - a string to match DMI data against.  Can be enclosed in single
a5370a
      or double quotes.  Default is empty string.
a5370a
    * "mode" - check mode, the way matches are interpreted:
a5370a
       * "success-equal" - returns 0 if the value present in the file
a5370a
         with the name supplied via the "key" parameter file under
a5370a
	 /sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
a5370a
	 of "val" parameter, otherwise 1.
a5370a
       * "success-equal" - returns 1 if the value present in the file
a5370a
         with the name supplied via the "key" parameter file under
a5370a
	 /sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
a5370a
	 of "val" parameter, otherwise 0.
a5370a
      Default is "success-any".
a5370a
    * "no-model-mode" - return value if model filter ("-m" option)
a5370a
      is not enabled:
a5370a
       * "success" - return 0.
a5370a
       * "fail" - return 1.
a5370a
      Default is "success".
a5370a
   An example of a check:
a5370a
       dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
a5370a
   It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
a5370a
   content is "Dell Inc." (without quotes).  It succeeds if "-m" option
a5370a
   is not enabled.
b24a43
b24a43
b24a43
check_caveats script
b24a43
--------------------
b24a43
"check_caveats" is an utility script (called by update_ucode, reload_microcode,
b24a43
dracut module) that performs checks of the target kernel (and running CPU)
b24a43
in accordance with caveat configuration files in directory
b24a43
"/usr/share/microcode_ctl/ucode_with_caveats", and returns information, whether
b24a43
the system passes the checks, or not.
b24a43
b24a43
Usage:
b24a43
    check_caveats [-e] [-k TARGET_KVER] [-c CONFIG]* [-m] [-v]'
b24a43
b24a43
Options:
b24a43
  -e - check for early microcode load possibility (instead of late microcode
b24a43
       load). "kernel_early" caveat configuration options are used for checking
b24a43
       instead of "kernel", and "mc_min_ver_late" is not checked.
b24a43
  -k - target kernel version to check against, $(uname -r) is used otherwise.
b24a43
  -c - caveat(s) to check, all caveat configurations found inside
b24a43
       $MC_CAVEATS_DATA_DIR are checked otherwise.
b24a43
  -m - ignore caveats that do not apply to the current CPU model.
b24a43
  -v - verbose output.
b24a43
b24a43
Environment:
b24a43
  MC_CAVEATS_DATA_DIR - directory that contains caveats configurations,
b24a43
                        "/usr/share/microcode_ctl/ucode_with_caveats"
b24a43
			by default.
b24a43
  FW_DIR - directory containing firmware files (per-kernel configuration
b24a43
           overrides are checked there), "/lib/firmware" by default.
b24a43
  CFG_DIR - directory containing global caveats overrides,
b24a43
            "/etc/microcode_ctl/ucode_with_caveats" by default.
b24a43
b24a43
Output:
b24a43
  Script returns information about caveats check results. Output has a format
b24a43
  of "KEY VALUE1 VALUE2 ..." with KEY defining the semantics of the VALUEs.
b24a43
  Currently, the following data is issued:
b24a43
   - "cfgs" - list of caveats that have been processed (and not skipped
b24a43
      due to missing "config", "readme", or a disallow-* override described
b24a43
      below);
b24a43
   - "skip_cfgs" - list of caveats that have been skipped (due to missing
b24a43
     config/readme file, or because of overrides);
b24a43
   - "paths" - list of glob patterns matching files associated with caveats
b24a43
     that have been processed;
b24a43
   - "ok_cfgs" - list of caveat configurations that have all the checks passed
b24a43
     (or have enforced by one of force-* overrides described below);
b24a43
   - "ok_paths" - list of glob patterns associated with caveat files from
b24a43
     the "ok_cfgs" list;
b24a43
   - "fail_cfgs" - list of caveats that have one of the checks failed.
b24a43
   - "fail_paths" - list of glob patterns associated with caveats from the
b24a43
     "fail_cfgs" list.
b24a43
b24a43
Return value:
b24a43
  - 0 in case caveats check has passed, 1 otherwise.
b24a43
  - In "-d" mode, 0 is always returned.
b24a43
b24a43
Overrides:
b24a43
b24a43
When check_caveats perform its checks, it also checks for presence of files
b24a43
in specific places, and, if they exist, check_caveats skips a caveat or ignores
b24a43
its checks; that mechanism allows overriding the information provided
b24a43
in configuration on local systems and affect the behaviour of the microcode
b24a43
update process.
b24a43
b24a43
Current list of overrides (where $FW_DIR and $CFG_DIR are the environment
b24a43
options described earlier; $kver - the currently processed kernel version,
b24a43
$s is the requested stage ("early" or "late"), $cfg is the caveat directory
b24a43
name):
b24a43
    $FW_DIR/$kver/disallow-$s-$cfg - skip a caveat for the requested stage for
b24a43
                                     a specific kernel version..
b24a43
    $FW_DIR/$kver/force-$s-$cfg - apply a specific caveat file for a specific
b24a43
                                  kernel version for the requested stage without
b24a43
				  performing any checks.
b24a43
    $FW_DIR/$kver/disallow-$cfg - skip a caveat for any stage for a specific
b24a43
                                  kernel version.
b24a43
    $FW_DIR/$kver/force-$cfg - apply a specific caveat for any stage
b24a43
                               for a specific kernel version without checks.
b24a43
    $FW_DIR/$kver/disallow-$s - skip all caveats for a specific stage
b24a43
                                for a specific kernel version.
b24a43
    $CFG_DIR/disallow-$s-$cfg - skip a caveat for a specific stage for all
b24a43
                                kernel versions.
b24a43
    $FW_DIR/$kver/force-$s - apply all caveats for a specific stage
b24a43
                             for a specific kernel version without checks.
b24a43
    $CFG_DIR/force-$s-$cfg - apply a specific caveat for a specific stage for
b24a43
                             all kernel versions without checks.
b24a43
    $FW_DIR/$kver/disallow - skip all caveats for all stages for a specific
b24a43
                             kernel version.
b24a43
    $CFG_DIR/disallow-$cfg - skip a caveat for all stages for all kernel
b24a43
                             versions.
b24a43
    $FW_DIR/$kver/force - apply all caveats for all stages for a specific kernel
b24a43
                          version without checks.
b24a43
    $CFG_DIR/force-$cfg - apply a caveat for all stages for all kernel versions
b24a43
                          without checks.
b24a43
    $CFG_DIR/disallow-$s - skip all caveat for all kernel versions
b24a43
                           for a specific stage.
b24a43
    $CFG_DIR/force-$s - apply all caveats for all kernel versions for  specific
b24a43
                        stage without checks.
b24a43
    $CFG_DIR/disallow - skip all caveats for all stages for all kernel versions
b24a43
                        (disable everything).
b24a43
    $CFG_DIR/force - force all caveats for all stages for all kernel versions
b24a43
                     (enable everything).
b24a43
b24a43
The "apply" action above means creating symlinks in /lib/firmware by
b24a43
update_ucode in case of the "late" stage and adding caveat directory to the list
b24a43
of firmware directories by dracut plugin in case of the "early" stage.
b24a43
b24a43
The files are checked for existence until the first match, so more specific
b24a43
overrides can override more broad ones.
b24a43
b24a43
Also, a caveat is ignored if it lacks either config or readme file.
b24a43
b24a43
b24a43
update_ucode script
b24a43
-------------------
b24a43
"update_ucode" populates symlinks to microcode files in accordance with caveats
b24a43
configuration.  It enables late microcode loading that is invoked by triggering
b24a43
/sys/devices/system/cpu/microcode/reload file.  Since caveats depend
b24a43
on the kernel version, symlinks are populated inside
b24a43
"/lib/firmware/KERNEL_VERSION" directory for each installed kernel.
b24a43
As a consequence, this script is triggered upon each kernel package installation
b24a43
and removal.
b24a43
b24a43
The script has two parts: common and kernel-version-specific.
b24a43
b24a43
During the common part, files are populated from
b24a43
/usr/share/microcode_ctl/intel-ucode in /lib/firmware/intel-ucode. There are
b24a43
several possibilities to affect the process:
b24a43
 * Presence of "/etc/microcode_ctl/intel-ucode-disallow" file leads to skipping
b24a43
   the common part of the script.
b24a43
 * The same for "/lib/firmware/intel-ucode-disallow".
b24a43
b24a43
During the kernel-version-specific part, each caveat is checked against every
b24a43
kernel version, and those combinations, for which caveat check succeeds,
b24a43
gets the symlinks to the associated microcode files populated.
b24a43
 * Absence of "/lib/firmware/KERNEL_VERSION/readme-CAVEAT" prevents update_ucode
b24a43
   from removing symlinks related to the caveat for specific kernel version.
b24a43
 * Since the check is being done by check_caveats, all the overrides that
b24a43
   described there also stay.
b24a43
b24a43
Usage:
b24a43
    update_ucode [--action {add|remove|refresh|list}] [--kernel KERNELVER]*
b24a43
                 [--verbose] [--dry-run] [--cleanup intel_ucode caveats_ucode]
b24a43
                 [--skip-common] [--skip-kernel-specific]
b24a43
b24a43
Options:
b24a43
  --action - action to perform. Currently, the following actions are supported:
b24a43
              * "add" - create new symlinks.
b24a43
              * "remove" - remove old symlinks that are no longer needed.
b24a43
              * "refresh" - re-populate symlinks.
b24a43
              * "list" - list files under control of update_ucode.
b24a43
             By default, "refresh" action is executed.
b24a43
  --kernel - kernel version to process. By default, list of kernel versions
b24a43
             is formed based on contents of /lib/firmware and /lib/modules
b24a43
             directories.
b24a43
  --verbose - verbose output.
b24a43
  --dry-run - do not call commands, just print the invocation lines.
b24a43
  --cleanup - cleanup mode. Used by post-uninstall script during package
b24a43
              upgrades. Removes excess files in accordance to the contents
b24a43
              of the files provided in the arguments to the option.
b24a43
  --skip-common - do not process /lib/firmware directory.
b24a43
  --skip-kernel-specific - do not process /lib/firmware/KERNEL_VERSION
b24a43
                           directories.
b24a43
b24a43
Return value:
b24a43
  0 on success, 1 on error.
b24a43
b24a43
b24a43
reload_microcode script
b24a43
-----------------------
b24a43
"reload_microcode" is a script that is called by microcode.service and
b24a43
triggers late microcode reloading (by writing "1" to
b24a43
/sys/devices/system/cpu/microcode/reload) if the following check are passed:
b24a43
 * the microcode update performed not in a virtualised environment;
b24a43
 * running kernel passes "check_caveats" checks that applicable to the current
b24a43
   CPU model.
b24a43
b24a43
For a virtualised environment check, the script searches the "/proc/cpuinfo"
b24a43
file for presence of the "hypervisor" flag among CPU features (it corresponds
b24a43
to a CPUID feature bit set by hypervisors in order to inform that the kernel
b24a43
operates inside a virtual machine).  This check can be overridden and skipped
b24a43
by creation of a file "/etc/microcode_ctl/ignore-hypervisor-flag".
b24a43
b24a43
The script has no options and always returns 0.
b24a43
b24a43
b24a43
99microcode_ctl-fw_dir_override dracut module
b24a43
---------------------------------------------
b24a43
This dracut module injects directories with microcode files for caveats
b24a43
that pass "early" check_caveats check (with "-e" flag). In addition
b24a43
to "check_caveats" overrides, the following abilities to control module's
b24a43
behaviour are present:
b24a43
 * Presence of one of the following files:
b24a43
   - /etc/microcode_ctl/ucode_with_caveats/skip-host-only-check
b24a43
   - /etc/microcode_ctl/ucode_with_caveats/skip-host-only-check-$cfg
b24a43
   - /lib/firmware/$kver/skip-host-only-check
b24a43
   - /lib/firmware/$kver/skip-host-only-check-$cfg
b24a43
   (where "$kver" is the kernel version in question and "$cfg" is the caveat
b24a43
   directory name) allows skipping matching of microcode file name when dracut's
b24a43
   Host-Only mode is enabled.
b24a43
b24a43
When caveats_check succeeds, caveats directory (not its possibly populated
b24a43
version for late microcode update: "/lib/firmware/KERNEL_VERSION";
b24a43
it is done so in order
b24a43
to have ability to configure list of caveats enabled for early and late
b24a43
microcode update, independently) is added to dracut's list of firmware search
b24a43
directories.
b24a43
b24a43
The module can be disabled by running dracut with
b24a43
"-o microcode_ctl-fw_dir_override" (for one-time exclusion), or it can
b24a43
be disabled permanently by uncommenting string
b24a43
"omit_dracutmodules+=' microcode_ctl-fw_dir_override '" in
b24a43
/usr/lib/dracut/dracut.conf.d/99-microcode-override.conf configuration file.
b24a43
b24a43
See dracut(8), section "Omitting dracut Modules", and dracut.conf(5), variable
b24a43
"omit_dracutmodules" for additional information.
b24a43
b24a43
b24a43
Caveats
b24a43
=======
b24a43
b24a43
Intel Broadwell-EP/EX ("BDX-ML B/M/R0") caveat
b24a43
----------------------------------------------
b24a43
Microcode update process on Intel Broadwell-EP/EX CPUs (BDX-ML B/M/R0,
b24a43
family 6, model 79, stepping 1) has issues that lead to system instability.
b24a43
A series of changes for the Linux kernel has been developed in order to work
b24a43
around those issues; however, as it turned out, some systems have issues even
b24a43
when a microcode update performed on a kernel that contains those changes.
b24a43
As a result, microcode update for this CPU model is disabled by default;
b24a43
the microcode file, however, is still shipped as a part of microcode_ctl
b24a43
package and can be used for performing a microcode update if it is enforced
175f9a
via the aforementioned overrides. (See the sections "check_caveats script"
5ebb7f
and "reload_microcode script" for details.)
b24a43
175f9a
Caveat name: intel-06-4f-01
175f9a
b24a43
Affected microcode: intel-ucode/06-4f-01.
b24a43
62b1c6
Mitigation: microcode loading is disabled for the affected CPU model.
b24a43
b24a43
Minimum versions of the kernel package that contain the aforementioned patch
b24a43
series:
b24a43
 - Upstream/RHEL 8: 4.17.0
c08efc
 - RHEL 7.6 onwards:  3.10.0-894
b24a43
 - RHEL 7.5:  3.10.0-862.6.1
b24a43
 - RHEL 7.4:  3.10.0-693.35.1
b24a43
 - RHEL 7.3:  3.10.0-514.52.1
b24a43
 - RHEL 7.2:  3.10.0-327.70.1
b24a43
 - RHEL 6.10: 2.6.32-754.1.1
b24a43
 - RHEL 6.7:  2.6.32-573.58.1
b24a43
 - RHEL 6.6:  2.6.32-504.71.1
b24a43
 - RHEL 6.5:  2.6.32-431.90.1
b24a43
 - RHEL 6.4:  2.6.32-358.90.1
b24a43
b24a43
b24a43
Early microcode load inside a virtual machine
b24a43
---------------------------------------------
c08efc
RHEL 8 kernel supports performing microcode update during early boot stage
c08efc
from a cpio archive placed at the beginning of the initramfs image.  However,
c08efc
when an early microcode update is attempted inside some virtualised
c08efc
environments, that may result in unexpected system behaviour.
b24a43
175f9a
Caveat name: intel
175f9a
b24a43
Affected microcode: all.
b24a43
175f9a
Mitigation: early microcode loading is disabled for all CPU models on kernels
175f9a
without the fix.
b24a43
62b1c6
Minimum versions of the kernel package that contain the fix:
b24a43
 - Upstream/RHEL 8: 4.10.0
c08efc
 - RHEL 7.6 onwards: 3.10.0-930
b24a43
 - RHEL 7.5: 3.10.0-862.14.1
b24a43
 - RHEL 7.4: 3.10.0-693.38.1
b24a43
 - RHEL 7.3: 3.10.0-514.57.1
62b1c6
 - RHEL 7.2: 3.10.0-327.73.1
b24a43
b24a43
5ebb7f
Intel Sandy Bridge-E/EN/EP caveat
5ebb7f
---------------------------------
27aa66
Microcode revision 0x718 for Intel Sandy Bridge-E/EN/EP (SNB-EP, family 6,
27aa66
model 45, stepping 7), that was released to address MDS vulnerability,
27aa66
and was available from microcode-20190618 up to microcode-20190508 release)
27aa66
could lead to system instability[1][2].  In order to address this,
27aa66
this microcode update was not used and the previous microcode revision
27aa66
was provided instead by default; the microcode file, however, was still shipped
27aa66
as part of microcode_ctl package and could be used for performing a microcode
27aa66
update if it is enforced via the aforementioned overrides.  With the release
27aa66
of 0x71a revision of the microcode (as art of microcode-20200520 release)
27aa66
that aims at fixing the aforementioned stability issue, the latest microcode
27aa66
revision is again used by default; it is still provided via the caveat
27aa66
mechanism, hovewer, in order to enable ability to disable it in case such
27aa66
a need arises.  (See the sections "check_caveats script" and "reload_microcode
27aa66
script" for details regarding caveats mechanism operation.)
175f9a
494736
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15
494736
[2] https://access.redhat.com/solutions/4593951
494736
175f9a
Caveat name: intel-06-2d-07
5ebb7f
5ebb7f
Affected microcode: intel-ucode/06-2d-07.
5ebb7f
27aa66
Mitigation: None; the latest revision of the microcode file is used by default;
27aa66
previously published microcode revision 0x714 is still available as a fallback
27aa66
as part of "intel" caveat.
5ebb7f
5ebb7f
175f9a
Intel Skylake-SP/W/X caveat
175f9a
---------------------------
27aa66
Microcode revision 0x2000065 (that was provided with microcode releases
27aa66
microcode-20191112 up to microcode-20200520) for some CPU models that belong
27aa66
to Intel Skylake Scalable Platform (SKL-W/X, family 6, model 85, stepping 4,
27aa66
Workstation/HEDT segments) could lead to hangs during reboot[1].  In order
27aa66
to address this, by default this microcode update was disabled by default and
27aa66
and the previous 0x2000064 microcode revision was used instead; the microcode
27aa66
file with, however, is still shipped as part of microcode_ctl package and can
27aa66
be used for performing a microcode update if it is enforced
27aa66
via the aforementioned overrides. With the availability of 0x2006906 revision
27aa66
of the microcode (in the microcode-20200609 release) that fixes
27aa66
the aforementioned issue, the latest microcode revision is again used
27aa66
by default; it is still provided via caveat mechanism, hovewer, in order
27aa66
to enable ability to disable it in case such a need arises.  (See the sections
27aa66
"check_caveats script" and "reload_microcode script" for details regarding
27aa66
caveats mechanism operation.)
494736
494736
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
175f9a
175f9a
Caveat name: intel-06-55-04
175f9a
175f9a
Affected microcode: intel-ucode/06-55-04.
175f9a
27aa66
Mitigation: None; the latest revision of the microcode file is used by default;
27aa66
previously published microcode revision 0x2000064 is still available
27aa66
as a fallback as part of "intel" caveat.
27aa66
27aa66
27aa66
Intel Skylake-U/Y/H/S/Xeon E3 v5 caveats
27aa66
----------------------------------------
27aa66
Some Intel Skylake CPU models (SKL-U/Y, family 6, model 78, stepping 3;
27aa66
and SKL-H/S/Xeon E3 v5, family 6, model 94, stepping 3) have reports of system
27aa66
hangs when revision 0xdc of microcode, that is included in microcode-20200609
27aa66
update to address CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549,
27aa66
is applied[1][2].  In order to address this, microcode update to the newer
27aa66
revision has been disabled by default on these systems, and the previously
27aa66
published microcode revision 0xd6 is used instead; the newer microcode files,
27aa66
however, are still shipped as part of microcode_ctl package and can be used
27aa66
for performing a microcode update if they are enforced via the aforementioned
27aa66
overrides.  (See the sections "check_caveats script" and "reload_microcode
27aa66
script" for details.)
27aa66
27aa66
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
27aa66
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31#issuecomment-644885826
27aa66
27aa66
Caveat names: intel-06-4e-03, intel-06-5e-03
27aa66
27aa66
Affected microcode: intel-ucode/06-4e-03, intel-ucode/06-5e-03.
27aa66
27aa66
Mitigation: previously published microcode revision 0xd6 is used by default.
175f9a
175f9a
a5370a
Dell caveats
a5370a
------------
a5370a
Some Dell systems that use some models of Intel CPUs are susceptible to hangs
a5370a
and system instability during or after microcode update to revision 0xc6/0xca
a5370a
(included as part of microcode-20191113/microcode-20191115 update that addressed
a5370a
CVE-2019-0117, CVE-2019-0123, CVE-2019-11135, and CVE-2019-11139)
a5370a
and/or revision 0xd6 (included as part of microcode-20200609 update
a5370a
that addressed CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549)
a5370a
[1][2][3][4][5][6].  In order to address this, microcode update to the newer
a5370a
revision has been disabled by default on these systems, and the previously
a5370a
published microcode revisions 0xae/0xb4/0xb8 are used by default
a5370a
for the OS-driven microcode update.
a5370a
a5370a
[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/23
a5370a
[2] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/24
a5370a
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/33
a5370a
[4] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/34
a5370a
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/35
a5370a
[6] https://bugzilla.redhat.com/show_bug.cgi?id=1846097
a5370a
a5370a
Caveat names: intel-06-8e-9e-0x-dell, intel-06-8e-9e-0x-0xca
a5370a
a5370a
Affected microcode: intel-ucode/06-8e-09, intel-ucode/06-8e-0a,
a5370a
                    intel-ucode/06-8e-0b, intel-ucode/06-8e-0c,
a5370a
                    intel-ucode/06-9e-09, intel-ucode/06-9e-0a,
a5370a
                    intel-ucode/06-9e-0b, intel-ucode/06-9e-0c,
a5370a
                    intel-ucode/06-9e-0d.
a5370a
a5370a
Mitigation: previously published microcode revision 0xac/0xb4/0xb8 is used
a5370a
            by default if /sys/devices/virtual/dmi/id/bios_vendor reports
a5370a
	    "Dell Inc."; otherwise, the latest microcode revision is used.
a5370a
	    Caveat with revision 0xca of microcode files is provided
a5370a
	    as a convenience for the cases where it was working well before.
a5370a
a5370a
5ebb7f
b24a43
Additional information
b24a43
======================
5ebb7f
Red Hat provides updated microcode, developed by its microprocessor partners,
5ebb7f
as a customer convenience.  Please contact your hardware vendor to determine
5ebb7f
whether more recent BIOS/firmware updates are recommended because additional
5ebb7f
improvements may be available.
62b1c6
62b1c6
Information regarding microcode revisions required for mitigating specific
175f9a
Intel CPU vulnerabilities is available in the following knowledge base articles:
b24a43
 * CVE-2017-5715 ("Spectre"):
b24a43
   https://access.redhat.com/articles/3436091
b24a43
 * CVE-2018-3639 ("Speculative Store Bypass"):
b24a43
   https://access.redhat.com/articles/3540901
c08efc
 * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
b24a43
   https://access.redhat.com/articles/3562741
62b1c6
 * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091
62b1c6
   ("Microarchitectural Data Sampling"):
62b1c6
   https://access.redhat.com/articles/4138151
175f9a
 * CVE-2019-0117 (Intel SGX Information Leak),
175f9a
   CVE-2019-0123 (Intel SGX Privilege Escalation),
175f9a
   CVE-2019-11135 (TSX Asynchronous Abort),
175f9a
   CVE-2019-11139 (Voltage Setting Modulation):
175f9a
   https://access.redhat.com/solutions/2019-microcode-nov
27aa66
 * CVE-2020-0543 (Special Register Buffer Data Sampling),
27aa66
   CVE-2020-0548 (Vector Register Data Sampling),
27aa66
   CVE-2020-0549 (L1D Cache Eviction Sampling):
27aa66
   https://access.redhat.com/solutions/5142751