%define intel_ucode_version 20190918 %define intel_ucode_file_id 28727 %global debug_package %{nil} %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl %define update_ucode %{microcode_ctl_libexec}/update_ucode %define check_caveats %{microcode_ctl_libexec}/check_caveats %define reload_microcode %{microcode_ctl_libexec}/reload_microcode %define dracutlibdir %{_prefix}/lib/dracut Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl Version: 20190618 Release: 1.%{intel_ucode_version}.2%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://downloadcenter.intel.com/download/%{intel_ucode_file_id}/Linux-Processor-Microcode-Data-File Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz # (Pre-MDS) revision 0x714 of 06-2d-07 microcode Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 # systemd unit Source10: microcode.service # dracut-related stuff Source20: 01-microcode.conf Source21: 99-microcode-override.conf Source22: dracut_99microcode_ctl-fw_dir_override_module_init.sh # libexec Source30: update_ucode Source31: check_caveats Source32: reload_microcode # docs Source41: README.caveats ## Caveats # BDW EP/EX # https://bugzilla.redhat.com/show_bug.cgi?id=1622180 # https://bugzilla.redhat.com/show_bug.cgi?id=1623630 # https://bugzilla.redhat.com/show_bug.cgi?id=1646383 Source100: 06-4f-01_readme Source101: 06-4f-01_config Source102: 06-4f-01_disclaimer # Unsafe early MC update inside VM: # https://bugzilla.redhat.com/show_bug.cgi?id=1596627 Source110: intel_readme Source111: intel_config Source112: intel_disclaimer # SNB-EP (CPUID 0x206d7) post-MDS hangs # https://bugzilla.redhat.com/show_bug.cgi?id=1758382 # https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/15 Source120: 06-2d-07_readme Source121: 06-2d-07_config Source122: 06-2d-07_disclaimer # "Provides:" RPM tags generator Source200: gen_provides.sh ExclusiveArch: %{ix86} x86_64 BuildRequires: systemd-units Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Requires(posttrans): kernel %global _use_internal_dependency_generator 0 %define __find_provides "%{SOURCE200}" %description This package provides microcode update files for Intel x86 and x86_64 CPUs. The microcode update is volatile and needs to be uploaded on each system boot i.e. it isn't stored on a CPU permanently; reboot and it reverts back to the old microcode. Package name "microcode_ctl" is historical, as the binary with the same name is no longer used for microcode upload and, as a result, no longer provided. %prep %setup -n "Intel-Linux-Processor-Microcode-Data-Files-microcode-%{intel_ucode_version}" %build # replacing SNB-EP (CPUID 0x206d7) microcode with pre-MDS version mv intel-ucode/06-2d-07 intel-ucode-with-caveats/ cp "%{SOURCE2}" intel-ucode/ : %install install -m 755 -d \ "%{buildroot}/%{_datarootdir}/microcode_ctl/intel-ucode" \ "%{buildroot}/%{caveat_dir}/" \ "%{buildroot}/etc/microcode_ctl/ucode_with_caveats/" # systemd unit install -m 755 -d "%{buildroot}/%{_unitdir}" install -m 644 "%{SOURCE10}" -t "%{buildroot}/%{_unitdir}/" # dracut %define dracut_mod_dir "%{buildroot}/%{dracutlibdir}/modules.d/99microcode_ctl-fw_dir_override" install -m 755 -d \ "%{dracut_mod_dir}" \ "%{buildroot}/%{dracutlibdir}/dracut.conf.d/" install -m 644 "%{SOURCE20}" "%{SOURCE21}" \ -t "%{buildroot}/%{dracutlibdir}/dracut.conf.d/" install -m 755 "%{SOURCE22}" "%{dracut_mod_dir}/module-setup.sh" # Internal helper scripts install -m 755 -d "%{buildroot}/%{microcode_ctl_libexec}" install "%{SOURCE30}" "%{SOURCE31}" "%{SOURCE32}" \ -m 755 -t "%{buildroot}/%{microcode_ctl_libexec}" ## Documentation install -m 755 -d "%{buildroot}/%{_pkgdocdir}/caveats" # caveats readme install "%{SOURCE41}" \ -m 644 -t "%{buildroot}/%{_pkgdocdir}/" # Provide Intel microcode license, as it requires so install -m 644 license \ "%{buildroot}/%{_pkgdocdir}/LICENSE.intel-ucode" # Provide release notes for Intel microcode install -m 644 releasenote \ "%{buildroot}/%{_pkgdocdir}/RELEASE_NOTES.intel-ucode" # caveats install -m 644 "%{SOURCE100}" "%{SOURCE110}" "%{SOURCE120}" \ -t "%{buildroot}/%{_pkgdocdir}/caveats/" ## Caveat data # BDW caveat %define bdw_inst_dir %{buildroot}/%{caveat_dir}/intel-06-4f-01/ install -m 755 -d "%{bdw_inst_dir}/intel-ucode" install -m 644 intel-ucode-with-caveats/06-4f-01 -t "%{bdw_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE100}" "%{bdw_inst_dir}/readme" install -m 644 "%{SOURCE101}" "%{bdw_inst_dir}/config" install -m 644 "%{SOURCE102}" "%{bdw_inst_dir}/disclaimer" # Early update caveat %define intel_inst_dir %{buildroot}/%{caveat_dir}/intel/ install -m 755 -d "%{intel_inst_dir}/intel-ucode" install -m 644 intel-ucode/* -t "%{intel_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE110}" "%{intel_inst_dir}/readme" install -m 644 "%{SOURCE111}" "%{intel_inst_dir}/config" install -m 644 "%{SOURCE112}" "%{intel_inst_dir}/disclaimer" # SNB caveat %define snb_inst_dir %{buildroot}/%{caveat_dir}/intel-06-2d-07/ install -m 755 -d "%{snb_inst_dir}/intel-ucode" install -m 644 intel-ucode-with-caveats/06-2d-07 -t "%{snb_inst_dir}/intel-ucode/" install -m 644 "%{SOURCE120}" "%{snb_inst_dir}/readme" install -m 644 "%{SOURCE121}" "%{snb_inst_dir}/config" install -m 644 "%{SOURCE122}" "%{snb_inst_dir}/disclaimer" %post %systemd_post microcode.service %{update_ucode} %{reload_microcode} # send the message to syslog, so it gets recorded on /var/log if [ -e /usr/bin/logger ]; then %{check_caveats} -m -d | /usr/bin/logger -p syslog.notice -t DISCLAIMER fi # also paste it over dmesg (some customers drop dmesg messages while # others keep them into /var/log for the later case, we'll have the # disclaimer recorded twice into system logs. %{check_caveats} -m -d > /dev/kmsg exit 0 %posttrans # We only want to regenerate the initramfs for a fully booted # system; if this package happened to e.g. be pulled in as a build # dependency, it is pointless at best to regenerate the initramfs, # and also does not work with rpm-ostree: # https://bugzilla.redhat.com/show_bug.cgi?id=1199582 # # Also check that the running kernel is actually installed: # https://bugzilla.redhat.com/show_bug.cgi?id=1591664 # We use the presence of symvers file as an indicator, the check similar # to what weak-modules script does. # # Now that /boot/symvers-KVER.gz population is now relies on some shell scripts # that are triggered by other shell scripts (kernel-install, which is a part # of systemd) that called by RPM scripts, and systemd is not inclined to fix # https://bugzilla.redhat.com/show_bug.cgi?id=1609698 # https://bugzilla.redhat.com/show_bug.cgi?id=1609696 # So, we check for symvers file inside /lib/modules. if [ -d /run/systemd/system -a -e "/lib/modules/$(uname -r)/symvers.gz" ]; then dracut -f fi %global rpm_state_dir %{_localstatedir}/lib/rpm-state %preun %systemd_preun microcode.service # Storing ucode list before uninstall ls /usr/share/microcode_ctl/intel-ucode | sort > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode" ls /usr/share/microcode_ctl/ucode_with_caveats | sort > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" %{update_ucode} --action list --skip-common | sort > "%{rpm_state_dir}/microcode_ctl_un_file_list" %postun %systemd_postun microcode.service ls /usr/share/microcode_ctl/intel-ucode 2> /dev/null | sort > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" comm -23 \ "%{rpm_state_dir}/microcode_ctl_un_intel-ucode" \ "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" \ > "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" if [ -e "%{update_ucode}" ]; then ls /usr/share/microcode_ctl/ucode_with_caveats 2> /dev/null | sort > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" comm -23 \ "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" \ "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" \ > "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" %{update_ucode} --action remove --cleanup \ "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" \ "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" || : rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_after" rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats_diff" else while read -r f; do [ -L "/lib/firmware/intel-ucode/$f" ] || continue rm -f "/lib/firmware/intel-ucode/$f" done < "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" rmdir "/lib/firmware/intel-ucode" 2>/dev/null || : # We presume that if we don't have update_ucode script, we can remove # all the caveats-related files. while read -r f; do if [ -L "$f" ] || [ "${f%%readme-*}" != "$f" ]; then rm -f "$f" rmdir -p $(dirname "$f") 2>/dev/null || : fi done < "%{rpm_state_dir}/microcode_ctl_un_file_list" fi rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode" rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_after" rm -f "%{rpm_state_dir}/microcode_ctl_un_intel-ucode_diff" rm -f "%{rpm_state_dir}/microcode_ctl_un_ucode_caveats" rm -f "%{rpm_state_dir}/microcode_ctl_un_file_list" exit 0 %triggerin -- kernel-core %{update_ucode} %triggerpostun -- kernel-core %{update_ucode} %clean rm -rf %{buildroot} %files %ghost %attr(0755, root, root) /lib/firmware/intel-ucode %{microcode_ctl_libexec} /usr/share/microcode_ctl /etc/microcode_ctl %{dracutlibdir}/modules.d/* %config(noreplace) %{dracutlibdir}/dracut.conf.d/* %{_unitdir}/microcode.service %doc %{_pkgdocdir} %changelog * Sun Oct 06 2019 Eugene Syromiatnikov - 4:20190618-1.20190918.2 - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 by default. * Thu Sep 19 2019 Eugene Syromiatnikov - 4:20190618-1.20190918.1 - Intel CPU microcode update to 20190918 (#1758538). - Add new disclaimer, generated based on relevant caveats. * Wed Jun 19 2019 Eugene Syromiatnikov - 4:20190618-1 - Intel CPU microcode update to 20190618 (#1717240). * Sun Jun 02 2019 Eugene Syromiatnikov - 4:20190514a-2 - Remove disclaimer, as it is not as important now to justify kmsg/log pollution; its contents are partially adopted in README.caveats. * Mon May 20 2019 Eugene Syromiatnikov - 4:20190514a-1 - Intel CPU microcode update to 20190514a (#1711940). * Thu May 09 2019 Eugene Syromiatnikov - 4:20190507-1 - Intel CPU microcode update to 20190507 (#1697901). * Mon Apr 15 2019 Eugene Syromiatnikov 4:20190312-1 - Intel CPU microcode update to 20190312 (#1660320). - Add "Provides:" tags generation. * Tue Nov 06 2018 Eugene Syromiatnikov 4:20180807a-2 - Do not exit with error in %postin if disclaimer printing returned an error (#1647083). * Wed Oct 17 2018 Eugene Syromiatnikov 4:20180807a-1 - Use the tar ball distributed by Intel directly, sync up with RHEL 7.6. * Fri Aug 24 2018 Eugene Syromiatnikov 3:2.1-27 - Bump epoch in order to ensure upgrade from RHEL 7 (#1622131). * Mon Aug 13 2018 Anton Arapov 2:2.1-26 - Update to upstream 2.1-19. 20180807 * Fri Jul 13 2018 Fedora Release Engineering - 2:2.1-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Jul 09 2018 Anton Arapov 2:2.1-24 - Update to upstream 2.1-18. 20180703 * Wed May 16 2018 Anton Arapov 2:2.1-23 - Update to upstream 2.1-17. 20180425 * Thu Mar 15 2018 Anton Arapov 2:2.1-22 - Update to upstream 2.1-16. 20180312 * Thu Feb 08 2018 Fedora Release Engineering - 2:2.1-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Tue Jan 09 2018 Anton Arapov 2:2.1-20 - Update to upstream 2.1-15. 20180108 * Tue Nov 21 2017 Anton Arapov 2:2.1-19 - Update to upstream 2.1-14. 20171117 * Thu Aug 03 2017 Fedora Release Engineering - 2:2.1-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering - 2:2.1-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Wed Jul 12 2017 Anton Arapov 2:2.1-16 - Update to upstream 2.1-13. 20170707 * Tue May 23 2017 Anton Arapov 2:2.1-15 - Update to upstream 2.1-12. 20170511 * Fri Feb 10 2017 Fedora Release Engineering - 2:2.1-14.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Dec 02 2016 Anton Arapov 2.1-13.1 - Update to upstream 2.1-11. 20161104 * Thu Jul 21 2016 Anton Arapov 2.1-13 - Update to upstream 2.1-10. 20160714 - Fixes rhbz#1353103 * Fri Jun 24 2016 Anton Arapov 2.1-12 - Update to upstream 2.1-9. 20160607 * Thu Feb 04 2016 Fedora Release Engineering - 2:2.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Tue Jan 12 2016 Anton Arapov 2.1-10 - Update to upstream 2.1-8. 20151106 * Wed Jun 17 2015 Fedora Release Engineering - 2:2.1-9.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Tue Feb 03 2015 Anton Arapov 2.1-8.1 - Update to upstream 2.1-7. 20150121 * Sun Sep 21 2014 Anton Arapov 2.1-8 - Update to upstream 2.1-6. 20140913 * Sun Aug 17 2014 Fedora Release Engineering - 2:2.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Jul 08 2014 Anton Arapov 2.1-6 - Update to upstream 2.1-5. 20140624 * Sat Jun 07 2014 Fedora Release Engineering - 2:2.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 01 2014 Anton Arapov 2.1-4 - Update to upstream 2.1-4. * Fri Jan 24 2014 Anton Arapov 2.1-3 - Update to upstream 2.1-3. * Mon Sep 09 2013 Anton Arapov 2.1-2 - Update to upstream 2.1-2. * Wed Aug 14 2013 Anton Arapov 2.1-1 - Update to upstream 2.1-1. * Sat Jul 27 2013 Anton Arapov 2.1-0 - Update to upstream 2.1. AMD microcode has been removed, find it in linux-firmware. * Wed Apr 03 2013 Anton Arapov 2.0-3.1 - Update to upstream 2.0-3 * Thu Feb 14 2013 Fedora Release Engineering - 2:2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Oct 17 2012 Anton Arapov 2.0-2 - Update to upstream 2.0-2 * Tue Oct 02 2012 Anton Arapov 2.0-1 - Update to upstream 2.0-1 * Mon Aug 06 2012 Anton Arapov 2.0 - Update to upstream 2.0 * Wed Jul 25 2012 Anton Arapov 1.18-1 - Update to upstream 1.18 * Fri Jul 20 2012 Fedora Release Engineering - 1:1.17-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jun 07 2012 Anton Arapov 1.17-25 - Update to microcode-20120606.dat * Tue Feb 07 2012 Anton Arapov 1.17-24 - Update to amd-ucode-2012-01-17.tar * Fri Jan 13 2012 Fedora Release Engineering - 1:1.17-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Dec 22 2011 Anton Arapov 1.17-21 - Fix a segfault that may be triggered by very long parameter [#768803] * Tue Dec 13 2011 Anton Arapov 1.17-20 - Update to microcode-20111110.dat * Tue Sep 27 2011 Anton Arapov 1.17-19 - Update to microcode-20110915.dat * Thu Aug 04 2011 Anton Arapov 1.17-18 - Ship splitted microcode for Intel CPUs [#690930] - Include tool for splitting microcode for Intl CPUs (Kay Sievers ) * Thu Jun 30 2011 Anton Arapov 1.17-17 - Fix udev rules (Dave Jones ) [#690930] * Thu May 12 2011 Anton Arapov 1.17-14 - Update to microcode-20110428.dat * Thu Mar 24 2011 Anton Arapov 1.17-13 - fix memory leak. * Mon Mar 07 2011 Anton Arapov 1.17-12 - Update to amd-ucode-2011-01-11.tar * Tue Feb 08 2011 Fedora Release Engineering - 1:1.17-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Wed Jan 19 2011 Anton Arapov 1.17-10 - manpage fix (John Bradshaw ) [#670879] * Wed Jan 05 2011 Anton Arapov 1.17-9 - Update to microcode-20101123.dat * Mon Nov 01 2010 Anton Arapov 1.17-8 - Update to microcode-20100914.dat * Wed Sep 29 2010 jkeating - 1:1.17-7 - Rebuilt for gcc bug 634757 * Wed Sep 15 2010 Anton Arapov 1.17-6 - Update to microcode-20100826.dat * Tue Sep 07 2010 Toshio Kuratomi 1.17-5 - Fix license tag: bz#450491 * Fri Aug 27 2010 Dave Jones 1.17-4 - Update to microcode-20100826.dat * Tue Mar 23 2010 Anton Arapov 1.17-3 - Fix the udev rules (Harald Hoyer ) * Mon Mar 22 2010 Anton Arapov 1.17-2 - Make microcode_ctl event driven (Bill Nottingham ) [#479898] * Thu Feb 11 2010 Dave Jones 1.17-1.58 - Update to microcode-20100209.dat * Fri Dec 04 2009 Kyle McMartin 1.17-1.57 - Fix duplicate message pointed out by Edward Sheldrake. * Wed Dec 02 2009 Kyle McMartin 1.17-1.56 - Add AMD x86/x86-64 microcode. (Dated: 2009-10-09) Doesn't need microcode_ctl modifications as it's loaded by request_firmware() like any other sensible driver. - Eventually, this AMD firmware can probably live inside kernel-firmware once it is split out. * Wed Sep 30 2009 Dave Jones - Update to microcode-20090927.dat * Fri Sep 11 2009 Dave Jones - Remove some unnecessary code from the init script. * Sat Jul 25 2009 Fedora Release Engineering - 1:1.17-1.52.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Jun 25 2009 Dave Jones - Shorten sleep time during init. This really needs to be replaced with proper udev hooks, but this is a quick interim fix. * Wed Jun 03 2009 Kyle McMartin 1:1.17-1.50 - Change ExclusiveArch to i586 instead of i386. Resolves rhbz#497711. * Wed May 13 2009 Dave Jones - update to microcode 20090330 * Wed Feb 25 2009 Fedora Release Engineering - 1:1.17-1.46.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Fri Sep 12 2008 Dave Jones - update to microcode 20080910 * Tue Apr 01 2008 Jarod Wilson - Update to microcode 20080401 * Sat Mar 29 2008 Dave Jones - Update to microcode 20080220 - Fix rpmlint warnings in specfile. * Mon Mar 17 2008 Dave Jones - specfile cleanups. * Fri Feb 22 2008 Jarod Wilson - Use /lib/firmware instead of /etc/firmware * Wed Feb 13 2008 Jarod Wilson - Fix permissions on microcode.dat * Thu Feb 07 2008 Jarod Wilson - Spec cleanup and macro standardization. - Update license - Update microcode data file to 20080131 revision. * Mon Jul 2 2007 Dave Jones - Update to upstream 1.17 * Thu Oct 12 2006 Jon Masters - BZ209455 fixes. * Mon Jul 17 2006 Jesse Keating - rebuild * Fri Jun 16 2006 Bill Nottingham - remove kudzu requirement - add prereq for coreutils, awk, grep * Thu Feb 09 2006 Dave Jones - rebuild. * Fri Jan 27 2006 Dave Jones - Update to upstream 1.13 * Fri Dec 16 2005 Jesse Keating - rebuilt for new gcj * Fri Dec 09 2005 Jesse Keating - rebuilt * Mon Nov 14 2005 Dave Jones - initscript tweaks. * Tue Sep 13 2005 Dave Jones - Update to upstream 1.12 * Wed Aug 17 2005 Dave Jones - Check for device node *after* loading the module. (#157672) * Tue Mar 1 2005 Dave Jones - Rebuild for gcc4 * Thu Feb 17 2005 Dave Jones - s/Serial/Epoch/ * Tue Jan 25 2005 Dave Jones - Drop the node creation/deletion change from previous release. It'll cause grief with selinux, and was a hack to get around a udev shortcoming that should be fixed properly. * Fri Jan 21 2005 Dave Jones - Create/remove the /dev/cpu/microcode dev node as needed. - Use correct path again for the microcode.dat. - Remove some no longer needed tests in the init script. * Fri Jan 14 2005 Dave Jones - Only enable microcode_ctl service if the CPU is capable. - Prevent microcode_ctl getting restarted multiple times on initlevel change (#141581) - Make restart/reload work properly - Do nothing if not started by root. * Wed Jan 12 2005 Dave Jones - Adjust dev node location. (#144963) * Tue Jan 11 2005 Dave Jones - Load/Remove microcode module in initscript. * Mon Jan 10 2005 Dave Jones - Update to upstream 1.11 release. * Sat Dec 18 2004 Dave Jones - Initial packaging, based upon kernel-utils.