diff --git a/.gitignore b/.gitignore
index 6970c1d..c7900a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,6 @@ SOURCES/06-2d-07
SOURCES/06-4e-03
SOURCES/06-55-04
SOURCES/06-5e-03
-SOURCES/microcode-20201112.tar.gz
+SOURCES/06-8c-01
+SOURCES/microcode-20210216.tar.gz
SOURCES/microcode_ctl-2.1-18.tar.xz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index fa82b90..f15499c 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -2,5 +2,6 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
06432a25053c823b0e2a6b8e84e2e2023ee3d43e SOURCES/06-4e-03
2e405644a145de0f55517b6a9de118eec8ec1e5a SOURCES/06-55-04
86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
-010507b8a7ca0b5c4a01cd1f8a6adae5f0fd316d SOURCES/microcode-20201112.tar.gz
+2204a6dee1688980cd228268fdf4b6ed5904fe04 SOURCES/06-8c-01
+26608161d98c3d0c965fc41856520434b14c000d SOURCES/microcode-20210216.tar.gz
3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz
diff --git a/SOURCES/06-55-04_readme b/SOURCES/06-55-04_readme
index 5df5775..cdec2c2 100644
--- a/SOURCES/06-55-04_readme
+++ b/SOURCES/06-55-04_readme
@@ -18,6 +18,7 @@ microcode revisions in question are listed below:
* 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23
* 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967
* 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212
+ * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462
Please contact your system vendor for a BIOS/firmware update that contains
the latest microcode version. For the information regarding microcode versions
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index 6d7cc84..91a58b8 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -201,7 +201,40 @@ separated by white space. Currently, the following options are supported:
of the aforementioned value, then the check is successful, otherwise
it fails (in accordance with "mode=success-all" semantics). This check fails
if "-m" option is not specified.
-
+ * "dmi" performs checks for specific values available in DMI sysfs files
+ (present under /sys/devices/virtual/dmi/id/). The check fails if file
+ is not readable. If "-m" option is specified, then the actual check
+ is skipped, and the check returns value in accordance with "no-model-mode"
+ parameter value (see below). Check arguments are a white-space-separated
+ list of "key=value" pairs. The following keys are supported:
+ * "key" - DMI file to check. Value can be one of the following: bios_date,
+ bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
+ board_vendor, board_version, chassis_asset_tag, chassis_serial,
+ chassis_type, chassis_vendor, chassis_version, product_family,
+ product_name, product_serial, product_uuid, product_version, sys_vendor.
+ Default is empty string.
+ * "val" - a string to match DMI data against. Can be enclosed in single
+ or double quotes. Default is empty string.
+ * "mode" - check mode, the way matches are interpreted:
+ * "success-equal" - returns 0 if the value present in the file
+ with the name supplied via the "key" parameter file under
+ /sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
+ of "val" parameter, otherwise 1.
+ * "success-equal" - returns 1 if the value present in the file
+ with the name supplied via the "key" parameter file under
+ /sys/devices/virtual/dmi/id/ is equal to the value supplied as a value
+ of "val" parameter, otherwise 0.
+ Default is "success-any".
+ * "no-model-mode" - return value if model filter ("-m" option)
+ is not enabled:
+ * "success" - return 0.
+ * "fail" - return 1.
+ Default is "success".
+ An example of a check:
+ dmi mode=fail-equal no-model-mode=success key=bios_vendor val="Dell Inc."
+ It checks file /sys/devices/virtual/dmi/id/bios_vendor and fails if its
+ content is "Dell Inc." (without quotes). It succeeds if "-m" option
+ is not enabled.
check_caveats script
diff --git a/SOURCES/check_caveats b/SOURCES/check_caveats
index f43fb4a..ee8db57 100755
--- a/SOURCES/check_caveats
+++ b/SOURCES/check_caveats
@@ -138,7 +138,7 @@ check_kver()
# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
# [2] https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-scalable-spec-update.pdf#page=13
#
-# $1 - params in config file, space-spearated, in key=value form:
+# $1 - params in config file, space-separated, in key=value form:
# domain=* - PCI domain, '*' or number
# bus=* - PCI bus, '*' or number
# device=* - PCI device, '*' or number
@@ -258,6 +258,100 @@ check_pci_config_val()
)
}
+# It is needed for filtering by BIOS vendor name that is available in DMI data
+#
+# $1 - params in config file, space-separated, in key=value form:
+# key= - DMI value to check. Can be one of the following: bios_date,
+# bios_vendor, bios_version, board_asset_tag, board_name, board_serial,
+# board_vendor, board_version, chassis_asset_tag, chassis_serial,
+# chassis_type, chassis_vendor, chassis_version, product_family,
+# product_name, product_serial, product_uuid, product_version,
+# sys_vendor.
+# val= - a string to match DMI data against. Can be enclosed in single
+# or double quotes.
+# mode=success-equal [ success-equal, fail-equal ] - matching mode:
+# success-equal: Returns 0 if the value present in the corresponding file
+# under /sys/devices/virtual/dmi/id/<key> is equal
+# to the value supplied as a value of "val" parameter,
+# otherwise 1.
+# fail-equal: Returns 1 if the value present in the corresponding file
+# under /sys/devices/virtual/dmi/id/<key> is equal
+# to the value supplied as a value of "val" parameter,
+# otherwise 0.
+# no-model-mode=success [ success, fail ] - return value if model filter
+# is not enabled:
+# success: Return 0.
+# fail: Return 1.
+# $2 - whether model filter is engaged (if it is not '1', just return the result
+# based on "mode" value that assumes that the check has failed).
+check_dmi_val()
+{
+ local key= val= mode='success-equal' nm_mode='success'
+ local opts="${1:-}" opt= opt_=
+ local match_model="${2:0}"
+
+ local valid_keys=" bios_date bios_vendor bios_version board_asset_tag board_name board_serial board_vendor board_version chassis_asset_tag chassis_serial chassis_type chassis_vendor chassis_version product_family product_name product_serial product_uuid product_version sys_vendor "
+ local success=1
+
+ while [ -n "$opts" ]; do
+ opt="${opts%%[ ]*}"
+ [ -n "${opt}" ] || { opts="${opts#[ ]}"; continue; }
+
+ [ "x${opt#key=}" = "x${opt}" ] || key="${opt#key=}"
+ [ "x${opt#mode=}" = "x${opt}" ] || mode="${opt#mode=}"
+ [ "x${opt#no-model-mode=}" = "x${opt}" ] || \
+ nm_mode="${opt#no-model-mode=}"
+
+ # Handle possible quoting
+ [ "x${opt#val=}" = "x${opt}" ] || {
+ case "${opt#val=}" in
+ [']*) opt_="${opts#val=\'}"; val="${opt_%%\'*}"; opt="val=\'${val}\'" ;;
+ ["]*) opt_="${opts#val=\"}"; val="${opt_%%\"*}"; opt="val=\"${val}\"" ;;
+ *) val="${opt#val=}" ;;
+ esac
+ }
+
+ opts="${opts#"${opt}"}"
+ continue
+ done
+
+ # Check key for validity
+ [ "x${valid_keys#* ${key} *}" != "x${valid_keys}" ] || {
+ debug "Invalid \"key\" parameter value: \"${key}\""
+ echo 2
+ exit
+ }
+
+ [ 1 = "$match_model" ] || {
+ case "$nm_mode" in
+ success) echo 0 ;;
+ fail) echo 1 ;;
+ *)
+ debug "Invalid no-model-mode value: \"${nm_mode}\""
+ echo 2
+ ;;
+ esac
+
+ exit
+ }
+
+ [ -r "/sys/devices/virtual/dmi/id/${key}" ] || {
+ debug "Can't access /sys/devices/virtual/dmi/id/${key}"
+ echo 3
+ exit
+ }
+
+ file_val="$(cat "/sys/devices/virtual/dmi/id/${key}")"
+
+ [ "x${val}" = "x${file_val}" ] || success=0
+
+ case "$mode" in
+ success-equal) echo "$((1 - $success))" ;;
+ fail-equal) echo "${success}" ;;
+ *) debug "Invalid mode value: \"${nm_mode}\""; echo 2 ;;
+ esac
+}
+
# Provides model in format "VENDOR_ID FAMILY-MODEL-STEPPING"
#
# We check only the first processor as we don't expect non-symmetrical setups
@@ -400,6 +494,7 @@ for cfg in $(echo "${configs}"); do
cfg_mc_min_ver_late=
cfg_disable=
cfg_pci=
+ cfg_dmi=
while read -r key value; do
case "$key" in
@@ -426,11 +521,19 @@ for cfg in $(echo "${configs}"); do
;;
blacklist)
cfg_blacklist=1
+ # "blacklist" is special: it stops entity parsing,
+ # and the rest of file is a list of blacklisted model
+ # names.
+ break
;;
pci_config_val)
cfg_pci="$cfg_pci
$value"
;;
+ dmi)
+ cfg_dmi="$cfg_dmi
+ $value"
+ ;;
'#'*|'')
continue
;;
@@ -525,10 +628,9 @@ for cfg in $(echo "${configs}"); do
cfg_mc_present=0
for p in $(printf "%s" "$cfg_path"); do
- { /usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \
- -path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0;
- /bin/true; } \
- | /bin/grep -zFxq "$cpu_mc_path" \
+ /usr/bin/find "$MC_CAVEATS_DATA_DIR/$cfg" \
+ -path "$MC_CAVEATS_DATA_DIR/$cfg/$p" -print0 \
+ | /bin/grep -zFxc "$cpu_mc_path" > /dev/null \
|| continue
cfg_mc_present=1
@@ -639,6 +741,29 @@ for cfg in $(echo "${configs}"); do
}
fi
+ # Check DMI data if model filter is enabled
+ # Note that the model filter check is done inside check_pci_config_val
+ # based on the 'mode=' parameter.
+ if [ -n "$cfg_dmi" ]; then
+ dmi_line="$(printf "%s\n" "$cfg_dmi" | while read -r dmi_line
+ do
+ [ -n "$dmi_line" ] || continue
+ dmi_res=$(check_dmi_val "$dmi_line" \
+ "$match_model")
+ [ 0 != "$dmi_res" ] || continue
+ echo "$dmi_res $dmi_line"
+ break
+ done
+ echo "0 ")"
+
+ [ -z "${dmi_line#* }" ] || {
+ debug "DMI data check '${dmi_line#* }'" \
+ "failed (with return code ${dmi_line%% *})"
+ fail
+ continue
+ }
+ fi
+
ok_cfgs="$ok_cfgs $cfg"
ok_paths="$ok_paths $cfg_path"
done
diff --git a/SOURCES/microcode_ctl-use-microcode-20201112-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20201112-tgz.patch
deleted file mode 100644
index 134c303..0000000
--- a/SOURCES/microcode_ctl-use-microcode-20201112-tgz.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: microcode_ctl-2.1-18/Makefile
-===================================================================
---- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200
-+++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200
-@@ -8,7 +8,7 @@
- # 2 of the License, or (at your option) any later version.
-
- PROGRAM = intel-microcode2ucode
--MICROCODE_INTEL = microcode-20180703.tgz
-+MICROCODE_INTEL = microcode-20201112.tar.gz
-
- INS = install
- CC = gcc
diff --git a/SOURCES/microcode_ctl-use-microcode-20210216-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20210216-tgz.patch
new file mode 100644
index 0000000..05e2f9d
--- /dev/null
+++ b/SOURCES/microcode_ctl-use-microcode-20210216-tgz.patch
@@ -0,0 +1,13 @@
+Index: microcode_ctl-2.1-18/Makefile
+===================================================================
+--- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200
++++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200
+@@ -8,7 +8,7 @@
+ # 2 of the License, or (at your option) any later version.
+
+ PROGRAM = intel-microcode2ucode
+-MICROCODE_INTEL = microcode-20180703.tgz
++MICROCODE_INTEL = microcode-20210216.tar.gz
+
+ INS = install
+ CC = gcc
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 489a8ec..7857408 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,5 +1,5 @@
%define upstream_version 2.1-18
-%define intel_ucode_version 20201112
+%define intel_ucode_version 20210216
%define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
%define microcode_ctl_libexec %{_libexecdir}/microcode_ctl
@@ -21,7 +21,7 @@
Summary: Tool to transform and deploy CPU microcode update for x86.
Name: microcode_ctl
Version: 2.1
-Release: 73.4%{?dist}
+Release: 73.8%{?dist}
Epoch: 2
Group: System Environment/Base
License: GPLv2+ and Redistributable, no modification permitted
@@ -38,6 +38,12 @@ Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Fi
Source4: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-4e-03
Source5: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20200520/intel-ucode/06-5e-03
+# microcode-20201118 has removed 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode update
+# at revision 0x68; it is, however, may still be useful for some[1], so it is
+# to be preserved in a caveat.
+# [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/39
+Source8: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20201112/intel-ucode/06-8c-01
+
# systemd unit
Source10: microcode.service
@@ -104,9 +110,9 @@ Source182: 06-8c-01_disclaimer
# "Provides:" RPM tags generator
-Source200: gen_provides.sh
-Source201: codenames.list
-Source202: gen_updates2.py
+Source1000: gen_provides.sh
+Source1001: codenames.list
+Source1002: gen_updates2.py
Patch1: microcode_ctl-do-not-merge-ucode-with-caveats.patch
Patch2: microcode_ctl-revert-intel-microcode2ucode-removal.patch
@@ -127,7 +133,7 @@ Requires(postun): systemd coreutils
Requires(posttrans): dracut coreutils
%global _use_internal_dependency_generator 0
-%define __find_provides "%{SOURCE200}" "%{SOURCE201}"
+%define __find_provides "%{SOURCE1000}" "%{SOURCE1001}"
%description
The microcode_ctl utility is a companion to the microcode driver written
@@ -188,7 +194,7 @@ mv intel-ucode/06-5e-03 intel-ucode-with-caveats/
cp "%{SOURCE5}" intel-ucode/
# Moving 06-8c-01 microcode to intel-ucode-with-caveats
-mv intel-ucode/06-8c-01 intel-ucode-with-caveats/
+cp "%{SOURCE8}" intel-ucode-with-caveats/
# man page
sed "%{SOURCE40}" \
@@ -315,7 +321,7 @@ install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
# SUMMARY.intel-ucode generation
# It is to be done only after file population, so, it is here,
# at the end of the install stage
-/usr/bin/python "%{SOURCE202}" -C "%{SOURCE201}" \
+/usr/bin/python "%{SOURCE1002}" -C "%{SOURCE1001}" \
summary -A "%{buildroot}" \
> "%{buildroot}/%{_pkgdocdir}/SUMMARY.intel-ucode"
@@ -551,6 +557,27 @@ rm -rf %{buildroot}
%changelog
+* Wed Feb 17 2021 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.8
+- Update Intel CPU microcode to microcode-20210216 release (#1905111):
+ - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
+ intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006a08 up
+ to 0x2006a0a;
+ - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003003
+ up to 0x4003006;
+ - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
+ 0x5003003 up to 0x5003006.
+
+* Wed Feb 17 2021 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.7
+- Remove 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats.
+
+* Thu Feb 11 2021 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.6
+- Backport check_dmi_val to check_caveats from RHEL 8.
+
+* Fri Dec 11 2020 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.5
+- Do not use "grep -q" in a pipe in check_caveats.
+- Add 06-55-04/06-55-06/06-55-07 (SKX-SP/CLX-SP) microcode-20201110 caveats
+ (#1905111).
+
* Fri Nov 13 2020 Eugene Syromiatnikov <esyr@redhat.com> - 2:2.1-73.4
- Update Intel CPU microcode to microcode-20201112 release:
- Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;