diff --git a/.gitignore b/.gitignore
index 0a58551..6970c1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,5 @@ SOURCES/06-2d-07
SOURCES/06-4e-03
SOURCES/06-55-04
SOURCES/06-5e-03
-SOURCES/microcode-20201027.tar.gz
+SOURCES/microcode-20201112.tar.gz
SOURCES/microcode_ctl-2.1-18.tar.xz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 47b326f..fa82b90 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -2,5 +2,5 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
-8036bee2e4aa101bdb41a96ea051d91d357df514 SOURCES/microcode-20201027.tar.gz
+010507b8a7ca0b5c4a01cd1f8a6adae5f0fd316d SOURCES/microcode-20201112.tar.gz
3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz
diff --git a/SOURCES/06-4e-03_readme b/SOURCES/06-4e-03_readme
index 016364f..49373e2 100644
--- a/SOURCES/06-4e-03_readme
+++ b/SOURCES/06-4e-03_readme
@@ -36,6 +36,10 @@ to the following knowledge base articles:
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
+ * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
+ CVE-2020-8696 (Vector Register Leakage-Active),
+ CVE-2020-8698 (Fast Forward Store Predictor):
+ https://access.redhat.com/articles/5569051
The information regarding enforcing microcode update is provided below.
diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme
index 7b8051a..5df5775 100644
--- a/SOURCES/06-55-04_readme
+++ b/SOURCES/06-55-04_readme
@@ -41,6 +41,10 @@ to the following knowledge base articles:
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
+ * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
+ CVE-2020-8696 (Vector Register Leakage-Active),
+ CVE-2020-8698 (Fast Forward Store Predictor):
+ https://access.redhat.com/articles/5569051
The information regarding disabling microcode update is provided below.
diff --git a/SOURCES/06-5e-03_readme b/SOURCES/06-5e-03_readme
index 9255d3f..9e21ac0 100644
--- a/SOURCES/06-5e-03_readme
+++ b/SOURCES/06-5e-03_readme
@@ -36,6 +36,10 @@ to the following knowledge base articles:
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
+ * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
+ CVE-2020-8696 (Vector Register Leakage-Active),
+ CVE-2020-8698 (Fast Forward Store Predictor):
+ https://access.redhat.com/articles/5569051
The information regarding enforcing microcode update is provided below.
diff --git a/SOURCES/06-8c-01_config b/SOURCES/06-8c-01_config
new file mode 100644
index 0000000..c7c5d65
--- /dev/null
+++ b/SOURCES/06-8c-01_config
@@ -0,0 +1,3 @@
+model GenuineIntel 06-8c-01
+path intel-ucode/06-8c-01
+disable early late
diff --git a/SOURCES/06-8c-01_disclaimer b/SOURCES/06-8c-01_disclaimer
new file mode 100644
index 0000000..6e02fa6
--- /dev/null
+++ b/SOURCES/06-8c-01_disclaimer
@@ -0,0 +1,4 @@
+Microcode updates for Intel Tiger Lake-UP3/UP4 (family 6, model 140, stepping 1;
+CPUID 0x806c1) are disabled as they may cause system instability.
+Please refer to /usr/share/doc/microcode_ctl/caveats/06-8c-01_readme
+and /usr/share/doc/microcode_ctl/README.caveats for details.
diff --git a/SOURCES/06-8c-01_readme b/SOURCES/06-8c-01_readme
new file mode 100644
index 0000000..16afb9b
--- /dev/null
+++ b/SOURCES/06-8c-01_readme
@@ -0,0 +1,40 @@
+Some Intel Tiger Lake-UP3/UP4 CPU models (TGL, family 6, model 140, stepping 1)
+have reports of system hangs when a microcode update, that is included
+since microcode-20201110 update, is applied[1]. In order to address this,
+microcode update has been disabled by default on these systems.
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
+
+Please contact your system vendor for a BIOS/firmware update that contains
+the latest microcode version.
+
+The information regarding enforcing microcode update is provided below.
+
+To enforce usage of the latest 06-8c-01 microcode revision for a specific kernel
+version, please create a file "force-intel-06-8c-01" inside
+/lib/firmware/<kernel_version> directory, run
+"/usr/libexec/microcode_ctl/update_ucode" to add it to firmware directory
+where microcode will be available for late microcode update, and run
+"dracut -f --kver <kernel_version>", so initramfs for this kernel version
+is regenerated and the microcode can be loaded early, for example:
+
+ touch /lib/firmware/3.10.0-862.9.1/force-intel-06-8c-01
+ /usr/libexec/microcode_ctl/update_ucode
+ dracut -f --kver 3.10.0-862.9.1
+
+After that, it is possible to perform a late microcode update by executing
+"/usr/libexec/microcode_ctl/reload_microcode" or by writing value "1" to
+"/sys/devices/system/cpu/microcode/reload" directly.
+
+To enforce addition of this microcode for all kernels, please create file
+"/etc/microcode_ctl/ucode_with_caveats/force-intel-06-8c-01", run
+"/usr/libexec/microcode_ctl/update_ucode" for enabling late microcode updates,
+and "dracut -f --regenerate-all" for enabling early microcode updates:
+
+ mkdir -p /etc/microcode_ctl/ucode_with_caveats
+ touch /etc/microcode_ctl/ucode_with_caveats/force-intel-06-8c-01
+ /usr/libexec/microcode_ctl/update_ucode
+ dracut -f --regenerate-all
+
+Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional
+information.
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index 4e1c53b..6d7cc84 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -560,6 +560,26 @@ Affected microcode: intel-ucode/06-4e-03, intel-ucode/06-5e-03.
Mitigation: previously published microcode revision 0xd6 is used by default.
+Intel Tiger Lake-UP3/UP4 caveat
+-------------------------------
+Some systems with Intel Tiger Lake-UP3/UP4 CPUs (TGL, family 6, model 140,
+stepping 1) have reports of system hangs when a microcode update,
+that is included since microcode-20201110 release, is applied[1].
+In order to address this, microcode update to a newer revision has been disabled
+by default on these systems; the newer microcode file, however, is still shipped
+as a part of microcode_ctl package and can be used for performing a microcode
+update if it is enforced via the aforementioned overrides. (See the sections
+"check_caveats script" and "reload_microcode script" for details.)
+
+[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
+
+Caveat names: intel-06-8c-01
+
+Affected microcode: intel-ucode/06-8c-01.
+
+Mitigation: microcode loading is disabled for the affected CPU model.
+
+
Additional information
======================
@@ -588,3 +608,7 @@ Intel CPU vulnerabilities is available in the following knowledge base articles:
CVE-2020-0548 (Vector Register Data Sampling),
CVE-2020-0549 (L1D Cache Eviction Sampling):
https://access.redhat.com/solutions/5142751
+ * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface),
+ CVE-2020-8696 (Vector Register Leakage-Active),
+ CVE-2020-8698 (Fast Forward Store Predictor):
+ https://access.redhat.com/articles/5569051
diff --git a/SOURCES/codenames.list b/SOURCES/codenames.list
index 502fc92..be1f3d2 100644
--- a/SOURCES/codenames.list
+++ b/SOURCES/codenames.list
@@ -297,6 +297,7 @@ Desktop;;Comet Lake;G1;22;a0653;CML;S 6+2;Core Gen10 Desktop;
Desktop;;Comet Lake;Q0;22;a0655;CML;S 10+2;Core Gen10 Desktop;
Mobile;;Comet Lake;A0;80;a0660;CML;U 6+2;Core Gen10 Mobile;
Mobile;;Comet Lake;K0;80;a0661;CML;U 6+2 v2;Core Gen10 Mobile;
+SOC;;Lakefield;B2,B3;10;806a1;LKF;;Core w/Hybrid Technology;
# sources:
# https://en.wikichip.org/wiki/intel/cpuid
diff --git a/SOURCES/microcode_ctl-use-microcode-20201027-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20201027-tgz.patch
deleted file mode 100644
index f7badfa..0000000
--- a/SOURCES/microcode_ctl-use-microcode-20201027-tgz.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: microcode_ctl-2.1-18/Makefile
-===================================================================
---- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200
-+++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200
-@@ -8,7 +8,7 @@
- # 2 of the License, or (at your option) any later version.
-
- PROGRAM = intel-microcode2ucode
--MICROCODE_INTEL = microcode-20180703.tgz
-+MICROCODE_INTEL = microcode-20201027.tar.gz
-
- INS = install
- CC = gcc
diff --git a/SOURCES/microcode_ctl-use-microcode-20201112-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20201112-tgz.patch
new file mode 100644
index 0000000..134c303
--- /dev/null
+++ b/SOURCES/microcode_ctl-use-microcode-20201112-tgz.patch
@@ -0,0 +1,13 @@
+Index: microcode_ctl-2.1-18/Makefile
+===================================================================
+--- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200
++++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200
+@@ -8,7 +8,7 @@
+ # 2 of the License, or (at your option) any later version.
+
+ PROGRAM = intel-microcode2ucode
+-MICROCODE_INTEL = microcode-20180703.tgz
++MICROCODE_INTEL = microcode-20201112.tar.gz
+
+ INS = install
+ CC = gcc
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 804775e..489a8ec 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,5 +1,5 @@
%define upstream_version 2.1-18
-%define intel_ucode_version 20201027
+%define intel_ucode_version 20201112
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
%define microcode_ctl_libexec %{_libexecdir}/microcode_ctl
@@ -21,14 +21,13 @@
Summary: Tool to transform and deploy CPU microcode update for x86.
Name: microcode_ctl
Version: 2.1
-Release: 73.2%{?dist}
+Release: 73.4%{?dist}
Epoch: 2
Group: System Environment/Base
License: GPLv2+ and Redistributable, no modification permitted
URL: https://pagure.io/microcode_ctl
Source0: https://releases.pagure.org/microcode_ctl/%{name}-%{upstream_version}.tar.xz
-#Source1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
-Source1: microcode-%{intel_ucode_version}.tar.gz
+Source1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
# (Pre-MDS) revision 0x714 of 06-2d-07 microcode
Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07
@@ -98,6 +97,11 @@ Source150: 06-5e-03_readme
Source151: 06-5e-03_config
Source152: 06-5e-03_disclaimer
+# TGL-UP3/UP4 (CPUID 06-8c-01) hangs
+Source180: 06-8c-01_readme
+Source181: 06-8c-01_config
+Source182: 06-8c-01_disclaimer
+
# "Provides:" RPM tags generator
Source200: gen_provides.sh
@@ -183,6 +187,9 @@ cp "%{SOURCE4}" intel-ucode/
mv intel-ucode/06-5e-03 intel-ucode-with-caveats/
cp "%{SOURCE5}" intel-ucode/
+# Moving 06-8c-01 microcode to intel-ucode-with-caveats
+mv intel-ucode/06-8c-01 intel-ucode-with-caveats/
+
# man page
sed "%{SOURCE40}" \
-e "s/@DATE@/2019-05-09/g" \
@@ -239,6 +246,7 @@ install -m 644 releasenote.md \
# caveats
install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" "%{SOURCE130}" \
"%{SOURCE140}" "%{SOURCE150}" \
+ "%{SOURCE180}" \
-t "%{buildroot}/%{_pkgdocdir}/caveats/"
# Man page
@@ -296,6 +304,14 @@ install -m 644 "%{SOURCE150}" "%{skl_hs_inst_dir}/readme"
install -m 644 "%{SOURCE151}" "%{skl_hs_inst_dir}/config"
install -m 644 "%{SOURCE152}" "%{skl_hs_inst_dir}/disclaimer"
+# TGL caveat
+%define tgl_inst_dir %{buildroot}/%{caveat_dir}/intel-06-8c-01/
+install -m 755 -d "%{tgl_inst_dir}/intel-ucode"
+install -m 644 intel-ucode-with-caveats/06-8c-01 -t "%{tgl_inst_dir}/intel-ucode/"
+install -m 644 "%{SOURCE180}" "%{tgl_inst_dir}/readme"
+install -m 644 "%{SOURCE181}" "%{tgl_inst_dir}/config"
+install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
+
# SUMMARY.intel-ucode generation
# It is to be done only after file population, so, it is here,
# at the end of the install stage
@@ -309,6 +325,7 @@ rm -f intel-ucode-with-caveats/06-4e-03
rm -f intel-ucode-with-caveats/06-4f-01
rm -f intel-ucode-with-caveats/06-55-04
rm -f intel-ucode-with-caveats/06-5e-03
+rm -f intel-ucode-with-caveats/06-8c-01
rmdir intel-ucode-with-caveats
rm -rf intel-ucode
@@ -534,6 +551,16 @@ rm -rf %{buildroot}
%changelog
+* Fri Nov 13 2020 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.4
+- Update Intel CPU microcode to microcode-20201112 release:
+ - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;
+ - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up
+ to 0x34;
+ - Updated releasenote file.
+
+* Fri Nov 13 2020 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.3
+- Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.
+
* Fri Oct 30 2020 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.2
- Update Intel CPU microcode to microcode-20201027 release, addresses
CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698