From ee041ca5b24edcf56273355634d46264cb8d84aa Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 16 2019 08:25:43 +0000 Subject: import microcode_ctl-2.1-53.2.el7_7 --- diff --git a/.gitignore b/.gitignore index baf20c5..3a2ce50 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -SOURCES/microcode-20190618.tar.gz +SOURCES/06-2d-07 +SOURCES/microcode-20190918.tar.gz SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 299691c..f237f59 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -1,2 +1,3 @@ -8484c44d39a2700fb568ccc67a8e1ed8877878a5 SOURCES/microcode-20190618.tar.gz +bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 +bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz 3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/SOURCES/06-2d-07_config b/SOURCES/06-2d-07_config new file mode 100644 index 0000000..23e1d08 --- /dev/null +++ b/SOURCES/06-2d-07_config @@ -0,0 +1,3 @@ +model GenuineIntel 06-2d-07 +path intel-ucode/06-2d-07 +disable early late diff --git a/SOURCES/06-2d-07_disclaimer b/SOURCES/06-2d-07_disclaimer new file mode 100644 index 0000000..b61889e --- /dev/null +++ b/SOURCES/06-2d-07_disclaimer @@ -0,0 +1,4 @@ +MDS-related microcode update for some Intel Sandy Bridge-E/EN/EP (family 6, +model 45, stepping 7; CPUID 0x206d7) CPUs is disabled as it may cause system +hangs. Please refer to /usr/share/doc/microcode_ctl/caveats/06-2d-07_readme +and /usr/share/doc/microcode_ctl/README.caveats for details. diff --git a/SOURCES/06-2d-07_readme b/SOURCES/06-2d-07_readme new file mode 100644 index 0000000..bfb8743 --- /dev/null +++ b/SOURCES/06-2d-07_readme @@ -0,0 +1,55 @@ +Intel Sandy Bridge-E/EN/EP (SNB-EP, family 6, model 45, stepping 7) has issues +with MDS-related microcode update that may lead to a system hang after +a microcode update. In order to address this, microcode update +to the MDS-related revision 0x718 has been disabled, and the previously +published microcode revision 0x714 is used by default for the OS-driven +microcode update. + +For the reference, SHA1 checksums of 06-2d-07 microcode files containing +microcode revisions in question are listed below: + * 06-2d-07, revision 0x714: bcf2173cd3dd499c37defbc2533703cfa6ec2430 + * 06-2d-07, revision 0x718: 837cfebbfc09b911151dfd179082ad99cf87e85d + +Please contact your system vendor for a BIOS/firmware update that contains +the latest microcode version. For the information regarding microcode versions +required for mitigating specific side-channel cache attacks, please refer +to the following knowledge base articles: + * CVE-2017-5715 ("Spectre"): + https://access.redhat.com/articles/3436091 + * CVE-2018-3639 ("Speculative Store Bypass"): + https://access.redhat.com/articles/3540901 + * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"): + https://access.redhat.com/articles/3562741 + * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 + ("Microarchitectural Data Sampling"): + https://access.redhat.com/articles/4138151 + +The information regarding enforcing microcode load is provided below. + +To enforce usage of this microcode revision, please create a file +"force-intel-06-2d-07" inside /lib/firmware/ directory, +run "/usr/libexec/microcode_ctl/update_ucode" to add it to firmware +directory where microcode will be available for late microcode update, +and run "dracut -f --kver 3.10.0-862.9.1", so initramfs for this version +is regenerated and the microcode can be loaded early: + + touch /lib/firmware/3.10.0-862.9.1/force-intel-06-2d-07 + /usr/libexec/microcode_ctl/update_ucode + dracut -f --kver 3.10.0-862.9.1 + +After that, it is possible to perform a late microcode update by executing +"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to +"/sys/devices/system/cpu/microcode/reload" directly. + +To enforce addition of this microcode for all kernels, please create a file +"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07", run +"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates, +and "dracut -f --regenerate-all" for enabling early microcode updates: + + mkdir -p /etc/microcode_ctl/ucode_with_caveats + touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-2d-07 + /usr/libexec/microcode_ctl/update_ucode + dracut -f --regenerate-all + +Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional +information. diff --git a/SOURCES/06-4f-01_disclaimer b/SOURCES/06-4f-01_disclaimer new file mode 100644 index 0000000..d5bc60d --- /dev/null +++ b/SOURCES/06-4f-01_disclaimer @@ -0,0 +1,4 @@ +microcode update for Intel Broadwell-EP/EX (BDX-ML B/M/R0; family 6, model 79, +stepping 1; CPUID 0x406f1) CPUs is disabled as it may cause system instability. +Please refer to /usr/share/doc/microcode_ctl/caveats/06-4f-01_readme +and /usr/share/doc/microcode_ctl/README.caveats for details. diff --git a/SOURCES/06-4f-01_readme b/SOURCES/06-4f-01_readme index 740ad18..962c7a6 100644 --- a/SOURCES/06-4f-01_readme +++ b/SOURCES/06-4f-01_readme @@ -49,6 +49,7 @@ kernels, please create a file "/etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01" and run "/usr/libexec/microcode_ctl/update_ucode": + mkdir -p /etc/microcode_ctl/ucode_with_caveats touch /etc/microcode_ctl/ucode_with_caveats/force-late-intel-06-4f-01 /usr/libexec/microcode_ctl/update_ucode @@ -64,10 +65,11 @@ For enforcing early load of this microcode for all kernels, please create a file "/etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01" and run dracut -f --regenerate-all: + mkdir -p /etc/microcode_ctl/ucode_with_caveats touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel-06-4f-01 dracut -f --regenerate-all -If you want avoid removal of the microcode file during cleanup performed by +If you want to avoid removal of the microcode file during cleanup performed by /usr/libexec/microcode_ctl/update_ucode, please remove the corresponding readme file (/lib/firmware//readme-intel-06-4f-01). diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats index e56aefe..97ae7bc 100644 --- a/SOURCES/README.caveats +++ b/SOURCES/README.caveats @@ -392,8 +392,8 @@ when a microcode update performed on a kernel that contains those changes. As a result, microcode update for this CPU model is disabled by default; the microcode file, however, is still shipped as a part of microcode_ctl package and can be used for performing a microcode update if it is enforced -via the aforementioned overridden. (See sections "check_caveats script" -and "reload_microcode script" for details). +via the aforementioned overriddes. (See sections "check_caveats script" +and "reload_microcode script" for details.) Affected microcode: intel-ucode/06-4f-01. @@ -434,12 +434,28 @@ Minimum versions of the kernel package that contain the fix: - RHEL 7.2: 3.10.0-327.73.1 +Intel Sandy Bridge-E/EN/EP caveat +--------------------------------- +MDS-related microcode revision 0x718 for Intel Sandy Bridge-E/EN/EP +(SNB-EP, family 6, model 45, stepping 7) may lead to system instability. +In order to address this, this microcode update is not used and the previous +microcode revision is provided instead by default; the microcode file, however, +is still shipped as part of microcode_ctl package and can be used for performing +a microcode update if it is enforced via the aforementioned overriddes. (See +sections "check_caveats script" and "reload_microcode script" for details.) + +Affected microcode: intel-ucode/06-2d-07. + +Mitigation: previously published microcode revision 0x714 is used by default. + + + Additional information ====================== -Red Hat provides updated microcode, developed by our microprocessor -partners, as a customer convenience. Please contact your hardware vendor -to determine whether more recent BIOS/firmware updates are recommended -because additional improvements may be available. +Red Hat provides updated microcode, developed by its microprocessor partners, +as a customer convenience. Please contact your hardware vendor to determine +whether more recent BIOS/firmware updates are recommended because additional +improvements may be available. Information regarding microcode revisions required for mitigating specific microarchitectural side-channel attacks is available in the following diff --git a/SOURCES/check_caveats b/SOURCES/check_caveats index 93c7406..462d541 100755 --- a/SOURCES/check_caveats +++ b/SOURCES/check_caveats @@ -10,8 +10,10 @@ : ${CFG_DIR=/etc/microcode_ctl/ucode_with_caveats} usage() { - echo 'Usage: check_caveats [-e] [-k TARGET_KVER] [-c CONFIG] [-m] [-v]' + echo 'Usage: check_caveats [-d] [-e] [-k TARGET_KVER] [-c CONFIG]' + echo ' [-m] [-v]' echo + echo ' -d - enables disclaimer printing mode' echo ' -e - check for early microcode load possibility (instead of' echo ' late microcode load)' echo ' -k - target version to check against, $(uname -r) is used' @@ -178,6 +180,9 @@ fail() fail_cfgs="$fail_cfgs $cfg" fail_paths="$fail_paths $cfg_path" + + [ 0 -eq "$print_disclaimers" ] || [ ! -e "${dir}/disclaimer" ] \ + || cat "${dir}/disclaimer" } #check_kver "$@" @@ -188,11 +193,16 @@ configs= kver=$(/bin/uname -r) verbose=0 early_check=0 +print_disclaimers=0 ret=0 -while getopts "ek:c:mv" opt; do +while getopts "dek:c:mv" opt; do case "${opt}" in + d) + print_disclaimers=1 + early_check=2 + ;; e) early_check=1 ;; @@ -472,6 +482,8 @@ for cfg in $(echo "${configs}"); do ok_paths="$ok_paths $cfg_path" done +[ 0 -eq "$print_disclaimers" ] || exit 0 + echo "cfgs$ret_cfgs" echo "skip_cfgs$skip_cfgs" echo "paths$ret_paths" diff --git a/SOURCES/intel_disclaimer b/SOURCES/intel_disclaimer new file mode 100644 index 0000000..c4669ba --- /dev/null +++ b/SOURCES/intel_disclaimer @@ -0,0 +1,10 @@ +This kernel doesn't handle early microcode load properly (it tries to load +microcode even in virtualised environment, which may lead to a panic on some +hypervisors), thus the microcode files have not been added to the initramfs +image. Please update your kernel to one of the following: + RHEL 7.5: kernel-3.10.0-862.14.1 or newer; + RHEL 7.4: kernel-3.10.0-693.38.1 or newer; + RHEL 7.3: kernel-3.10.0-514.57.1 or newer; + RHEL 7.2: kernel-3.10.0-327.73.1 or newer. +Please refer to /usr/share/doc/microcode_ctl/caveats/intel_readme +and /usr/share/doc/microcode_ctl/README.caveats for details. diff --git a/SOURCES/intel_readme b/SOURCES/intel_readme index fcdf4bb..32be52f 100644 --- a/SOURCES/intel_readme +++ b/SOURCES/intel_readme @@ -17,8 +17,7 @@ If you want to avoid early load of microcode for a specific kernel, please create "disallow-early-intel" file inside /lib/firmware/ directory and run dracut -f --kver "": - touch /lib/firmware/3.10.0-862.9.1/disallow-intel - /usr/libexec/microcode_ctl/update_ucode + touch /lib/firmware/3.10.0-862.9.1/disallow-early-intel dracut -f --kver 3.10.0-862.9.1 If you want to avoid early load of microcode for all kernels, please create @@ -26,14 +25,13 @@ If you want to avoid early load of microcode for all kernels, please create directory and run dracut -f --regenerate-all: mkdir -p /etc/microcode_ctl/ucode_with_caveats - touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel - dracut -f --kver 3.10.0-862.9.1 + touch /etc/microcode_ctl/ucode_with_caveats/disallow-early-intel + dracut -f --regenerate-all If you want to enforce early load of microcode for a specific kernel, please create "force-early-intel" file inside /lib/firmware/ directory and run dracut -f --kver "": - modir -p/lib/firmware/3.10.0-862.9.1/ touch /lib/firmware/3.10.0-862.9.1/force-early-intel dracut -f --kver 3.10.0-862.9.1 @@ -45,8 +43,9 @@ directory and run dracut -f --kver "": touch /etc/microcode_ctl/ucode_with_caveats/force-early-intel dracut -f --regenerate-all -In order to override late load behaviour, the "early" part of file names should -be replaced with "late" (and there is no need to call dracut in that case). +In order to override the late load behaviour, the "early" part of file names +should be replaced with "late" (and there is no need to call dracut +in that case). Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional diff --git a/SOURCES/microcode_ctl-use-microcode-20190618-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20190618-tgz.patch deleted file mode 100644 index bf47edf..0000000 --- a/SOURCES/microcode_ctl-use-microcode-20190618-tgz.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: microcode_ctl-2.1-18/Makefile -=================================================================== ---- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200 -+++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200 -@@ -8,7 +8,7 @@ - # 2 of the License, or (at your option) any later version. - - PROGRAM = intel-microcode2ucode --MICROCODE_INTEL = microcode-20180703.tgz -+MICROCODE_INTEL = microcode-20190618.tar.gz - - INS = install - CC = gcc diff --git a/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch new file mode 100644 index 0000000..392e4f9 --- /dev/null +++ b/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch @@ -0,0 +1,13 @@ +Index: microcode_ctl-2.1-18/Makefile +=================================================================== +--- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200 ++++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200 +@@ -8,7 +8,7 @@ + # 2 of the License, or (at your option) any later version. + + PROGRAM = intel-microcode2ucode +-MICROCODE_INTEL = microcode-20180703.tgz ++MICROCODE_INTEL = microcode-20190918.tar.gz + + INS = install + CC = gcc diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 1696945..60f13f7 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,45 +1,80 @@ %define upstream_version 2.1-18 -%define intel_ucode_version 20190618 +%define intel_ucode_version 20190918 %define intel_ucode_file_id 28727 + +%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl + %define update_ucode %{microcode_ctl_libexec}/update_ucode %define check_caveats %{microcode_ctl_libexec}/check_caveats %define reload_microcode %{microcode_ctl_libexec}/reload_microcode + %define dracutlibdir %{_prefix}/lib/dracut + %define i_m2u_man intel-microcode2ucode.8 +# In microcode_ctl, documentation directory is unversioned historically. +# In RHEL 8 spec, %{_pkgdocdir} is used as installation destination; however, +# it is unversioned only since Fedora 20, per #986871, +# and not in Fedora 18/19-based RHEL 7. +%define _pkgdocdir %{_docdir}/%{name} + Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 -Release: 53%{?dist} +Release: 53.2%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted URL: https://pagure.io/microcode_ctl Source0: https://releases.pagure.org/microcode_ctl/%{name}-%{upstream_version}.tar.xz Source1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz +# (Pre-MDS) revision 0x714 of 06-2d-07 microcode +Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 -Source2: microcode.service -Source3: 01-microcode.conf -Source4: dracut_99microcode_ctl-fw_dir_override_module_init.sh +# systemd unit +Source10: microcode.service -Source5: update_ucode -Source6: check_caveats -Source7: reload_microcode +# dracut-related stuff +Source20: 01-microcode.conf +Source21: 99-microcode-override.conf +Source22: dracut_99microcode_ctl-fw_dir_override_module_init.sh -Source9: 99-microcode-override.conf +# libexec +Source30: update_ucode +Source31: check_caveats +Source32: reload_microcode -Source10: 06-4f-01_readme -Source11: 06-4f-01_config +# docs +Source40: %{i_m2u_man}.in +Source41: README.caveats -Source20: intel_readme -Source21: intel_config +## Caveats +# BDW EP/EX +# https://bugzilla.redhat.com/show_bug.cgi?id=1622180 +# https://bugzilla.redhat.com/show_bug.cgi?id=1623630 +# https://bugzilla.redhat.com/show_bug.cgi?id=1646383 +Source100: 06-4f-01_readme +Source101: 06-4f-01_config +Source102: 06-4f-01_disclaimer -Source30: README.caveats -Source31: %{i_m2u_man}.in +# Unsafe early MC update inside VM: +# https://bugzilla.redhat.com/show_bug.cgi?id=1596627 +Source110: intel_readme +Source111: intel_config +Source112: intel_disclaimer -Source100: gen_provides.sh +# SNB-EP (CPUID 0x206d7) post-MDS hangs +# https://bugzilla.redhat.com/show_bug.cgi?id=1758382 +# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15 +Source120: 06-2d-07_readme +Source121: 06-2d-07_config +Source122: 06-2d-07_disclaimer + + +# "Provides:" RPM tags generator +Source200: gen_provides.sh Patch1: microcode_ctl-do-not-merge-ucode-with-caveats.patch Patch2: microcode_ctl-revert-intel-microcode2ucode-removal.patch @@ -57,7 +92,7 @@ Requires(postun): systemd Requires(posttrans): kernel %global _use_internal_dependency_generator 0 -%define __find_provides "%{SOURCE100}" +%define __find_provides "%{SOURCE200}" %description The microcode_ctl utility is a companion to the microcode driver written @@ -99,8 +134,12 @@ touch ghost_list tar xf "%{SOURCE1}" --wildcards --strip-components=1 \ \*/intel-ucode-with-caveats \*/license \*/releasenote +# replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version +mv intel-ucode/06-2d-07 intel-ucode-with-caveats/ +cp "%{SOURCE2}" intel-ucode/ + # man page -sed "%{SOURCE31}" \ +sed "%{SOURCE40}" \ -e "s/@DATE@/2019-05-09/g" \ -e "s/@VERSION@/%{version}-%{release}/g" \ -e "s|@MICROCODE_URL@|https://downloadcenter.intel.com/download/%{intel_ucode_file_id}|g" > "%{i_m2u_man}" @@ -109,59 +148,83 @@ sed "%{SOURCE31}" \ rm -rf %{buildroot} make DESTDIR=%{buildroot} PREFIX=%{_prefix} INSDIR=/usr/sbin MICDIR=/usr/share/microcode_ctl install clean -mkdir -p %{buildroot}%{dracutlibdir}/dracut.conf.d -mkdir -p %{buildroot}%{_unitdir} -install -m 644 %{SOURCE2} -t %{buildroot}%{_unitdir} -install -m 644 %{SOURCE3} %{SOURCE9} \ - -t %{buildroot}%{dracutlibdir}/dracut.conf.d +install -m 755 -d \ + "%{buildroot}/%{_datarootdir}/microcode_ctl/intel-ucode" \ + "%{buildroot}/%{caveat_dir}/" \ + "%{buildroot}/etc/microcode_ctl/ucode_with_caveats/" + +# systemd unit +install -m 755 -d "%{buildroot}/%{_unitdir}" +install -m 644 "%{SOURCE10}" -t "%{buildroot}/%{_unitdir}/" -mkdir -p "%{buildroot}%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override" -install -m 755 %{SOURCE4} \ - %{buildroot}%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override/module-setup.sh +# dracut +%define dracut_mod_dir "%{buildroot}/%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override" +install -m 755 -d \ + "%{dracut_mod_dir}" \ + "%{buildroot}/%{dracutlibdir}/dracut.conf.d/" +install -m 644 "%{SOURCE20}" "%{SOURCE21}" \ + -t "%{buildroot}/%{dracutlibdir}/dracut.conf.d/" +install -m 755 "%{SOURCE22}" "%{dracut_mod_dir}/module-setup.sh" # Internal helper scripts -mkdir -p %{buildroot}/%{microcode_ctl_libexec} -install -m 755 %{SOURCE5} %{buildroot}/%{update_ucode} -install -m 755 %{SOURCE6} %{buildroot}/%{check_caveats} -install -m 755 %{SOURCE7} %{buildroot}/%{reload_microcode} +install -m 755 -d "%{buildroot}/%{microcode_ctl_libexec}" +install "%{SOURCE30}" "%{SOURCE31}" "%{SOURCE32}" \ + -m 755 -t "%{buildroot}/%{microcode_ctl_libexec}" + + +## Documentation +install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats" # caveats readme -install -m 644 %{SOURCE30} -t %{buildroot}/usr/share/doc/microcode_ctl/ +install "%{SOURCE41}" \ + -m 644 -t "%{buildroot}/%{_pkgdocdir}/" # Provide Intel microcode license, as it requires so -install -m 644 license %{buildroot}/usr/share/doc/microcode_ctl/LICENSE.intel-ucode +install -m 644 license \ + "%{buildroot}/%{_pkgdocdir}/LICENSE.intel-ucode" # Provide release notes for Intel microcode -install -m 644 releasenote %{buildroot}/usr/share/doc/microcode_ctl/RELEASE_NOTES.intel-ucode - -# Handle ucode with caveats -mkdir -p "%{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/intel-ucode" -install -m 644 intel-ucode-with-caveats/06-4f-01 \ - -t %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/intel-ucode/ -install -m 644 %{SOURCE10} \ - %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/readme -install -m 644 %{SOURCE11} \ - %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel-06-4f-01/config - -mkdir -p "%{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel/intel-ucode" -install -m 644 intel-ucode/* \ - -t %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel/intel-ucode/ -install -m 644 %{SOURCE20} \ - %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel/readme -install -m 644 %{SOURCE21} \ - %{buildroot}/usr/share/microcode_ctl/ucode_with_caveats/intel/config - -# Install caveat readme files to doc -mkdir -p "%{buildroot}/usr/share/doc/microcode_ctl/caveats" -install -m 644 "%{SOURCE10}" "%{SOURCE20}" \ - -t "%{buildroot}/usr/share/doc/microcode_ctl/caveats/" +install -m 644 releasenote \ + "%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode" + +# caveats +install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" \ + -t "%{buildroot}/%{_pkgdocdir}/caveats/" # Man page install -m 755 -d %{buildroot}/%{_mandir}/man8/ install -m 644 "%{i_m2u_man}" -t %{buildroot}/%{_mandir}/man8/ + +## Caveat data + +# BDW caveat +%define bdw_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4f-01/ +install -m 755 -d "%{bdw_inst_dir}/intel-ucode" +install -m 644 intel-ucode-with-caveats/06-4f-01 -t "%{bdw_inst_dir}/intel-ucode/" +install -m 644 "%{SOURCE100}" "%{bdw_inst_dir}/readme" +install -m 644 "%{SOURCE101}" "%{bdw_inst_dir}/config" +install -m 644 "%{SOURCE102}" "%{bdw_inst_dir}/disclaimer" + +# Early update caveat +%define intel_inst_dir %{buildroot}/%{caveat_dir}/intel/ +install -m 755 -d "%{intel_inst_dir}/intel-ucode" +install -m 644 intel-ucode/* -t "%{intel_inst_dir}/intel-ucode/" +install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme" +install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config" +install -m 644 "%{SOURCE112}" "%{intel_inst_dir}/disclaimer" + +# SNB caveat +%define snb_inst_dir %{buildroot}/%{caveat_dir}/intel-06-2d-07/ +install -m 755 -d "%{snb_inst_dir}/intel-ucode" +install -m 644 intel-ucode-with-caveats/06-2d-07 -t "%{snb_inst_dir}/intel-ucode/" +install -m 644 "%{SOURCE120}" "%{snb_inst_dir}/readme" +install -m 644 "%{SOURCE121}" "%{snb_inst_dir}/config" +install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer" + # Cleanup rm -f intel-ucode-with-caveats/06-4f-01 +rm -f intel-ucode-with-caveats/06-2d-07 rmdir intel-ucode-with-caveats rm -rf intel-ucode @@ -170,6 +233,15 @@ rm -rf intel-ucode %{update_ucode} %{reload_microcode} +# send the message to syslog, so it gets recorded on /var/log +if [ -e /usr/bin/logger ]; then + %{check_caveats} -m -d | /usr/bin/logger -p syslog.notice -t DISCLAIMER +fi +# also paste it over dmesg (some customers drop dmesg messages while +# others keep them into /var/log for the later case, we'll have the +# disclaimer recorded twice into system logs. +%{check_caveats} -m -d > /dev/kmsg + exit 0 %posttrans @@ -270,14 +342,23 @@ rm -rf %{buildroot} /usr/sbin/intel-microcode2ucode %{microcode_ctl_libexec} /usr/share/microcode_ctl -%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override +%{dracutlibdir}/modules.d/* %config(noreplace) %{dracutlibdir}/dracut.conf.d/* %{_unitdir}/microcode.service -%doc /usr/share/doc/microcode_ctl/* +%doc %{_pkgdocdir} %{_mandir}/man8/* %changelog +* Sun Oct 06 2019 Eugene Syromiatnikov - 2:2.1-53.2 +- Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 + by default. + +* Thu Sep 19 2019 Eugene Syromiatnikov - 2:2.1-53.1 +- Intel CPU microcode update to 20190918. +- Add new disclaimer, generated based on relevant caveats. +- Resolves: #1758572. + * Wed Jun 19 2019 Eugene Syromiatnikov - 2:2.1-53 - Intel CPU microcode update to 20190618. - Resolves: #1717241.