Index: postlfs/config/firmware.xml
===================================================================
--- postlfs/config/firmware.xml (revision 81a73ed8b21c5f733cb11a2b10421c74d79b5c77)
+++ postlfs/config/firmware.xml (revision 83d1722ced2200420455dfbb410fe07e957d1f6f)
@@ -25,9 +25,4 @@
class="directory">/lib/firmware, where the kernel or kernel
drivers look for firmware images.
-
-
-
- Preparing firmware for multiple different machines, as a distro would
- do, is outside the scope of this book.
@@ -129,6 +124,8 @@
- Intel provide updates of their microcode for SandyBridge and later
- processors as new vulnerabilities come to light. New versions of AMD
+ Intel provide updates of their microcode for Haswell and later
+ processors as new vulnerabilities come to light, and have in the past
+ provided updates for processors from SandyBridge onwards, although those
+ are no-longer supported for new fixes. New versions of AMD
firmware are rare and usually only apply to a few models, although
motherboard manufacturers get extra updates which maybe update microcode
@@ -166,4 +163,13 @@
+
+ If you are creating an initrd to update firmware for different machines,
+ as a distro would do, go down to 'Early loading of microcode' and cat all
+ the Intel blobs to GenuineIntel.bin or cat all the AMD blobs to
+ AuthenticAMD.bin. This creates a larger initrd - for all Intel machines in
+ the 20200609 update the size is 3.0 MB compared to typically 24 KB for one
+ machine.
+
+
Intel Microcode for the CPU
@@ -174,5 +180,5 @@
'https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/'/>
and downloading the latest file there. As of this writing the most
- recent version of the microcode is microcode-20191115. Extract this
+ recent version of the microcode is microcode-20200609. Extract this
file in the normal way, the microcode is in the intel-ucode
directory, containing various blobs with names in the form
@@ -196,7 +202,7 @@
- To be able to use this latest microcode to provide mitigation on all
- the affected processors, the kernel version needs to be at least 5.3.11
- (or 4.19.84 if you are using the 4.19 long term support series).
+ The documentation on the latest SRBDS (Special Register Buffer Data
+ Sampling) vulnerabilities/fixes will be documented in kernels 5.4.46,
+ 5.6.18, 5.7.2, 5.8.0 and later.
@@ -245,4 +251,6 @@
Then use the following command to see if anything was loaded:
+ (N.B. the dates when microcode was created may be months ahead of when
+ it was released.)
@@ -250,5 +258,6 @@
- This reformatted example was created by temporarily booting without
+ This reformatted example for an old (20191115) verison of the microcode
+ was created by temporarily booting without
microcode, to show the current Firmware Bug message, then the late load
shows it being updated to revision 0xd6.
@@ -417,13 +426,13 @@
The places and times where early loading happens are very different
- in AMD and Intel machines. First, an Intel example with early loading:
-
-
-[ 0.000000] microcode: microcode updated early to revision 0xd6, date = 2019-10-03
-[ 0.000000] Linux version 5.4.6 (ken@leshp) (gcc version 9.2.0 (GCC))i
- #4 SMP PREEMPT Sat Dec 21 21:41:03 GMT 2019
-[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.4.6-sda11 root=/dev/sda11 ro resume=/dev/sda10
-[ 0.579936] microcode: sig=0x506e3, pf=0x2, revision=0xd6
-[ 0.579961] microcode: Microcode Update Driver: v2.2.
+ in AMD and Intel machines. First, an Intel (Haswell) example with early loading:
+
+
+[ 0.000000] microcode: microcode updated early to revision 0x28, date = 2019-11-12
+[ 0.000000] Linux version 5.6.2 (ken@plexi) (gcc version 9.2.0 (GCC)) #2 SMP PREEMPT Tue Apr 7 21:34:32 BST 2020
+[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.6.2-sda10 root=/dev/sda10 ro resume=/dev/sdb1
+[ 0.371462] microcode: sig=0x306c3, pf=0x2, revision=0x28
+[ 0.371491] microcode: Microcode Update Driver: v2.2.
+