Changeset bd78d011
- Timestamp:
- 11/17/2020 03:01:43 AM (3 years ago)
- Branches:
- 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fdc0a6e6
- Parents:
- 6ff5b0b7
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
introduction/welcome/changelog.xml
r6ff5b0b7 rbd78d011 46 46 <itemizedlist> 47 47 <listitem> 48 <para>[ken] - Update firmware page for intel microcode-20201112. Fixes 49 <ulink url="&blfs-ticket-root;14233">#14233</ulink>.</para> 50 </listitem> 51 <listitem> 48 52 <para>[renodr] - Update to NSS-3.59. Fixes 49 53 <ulink url="&blfs-ticket-root;14244">#14244</ulink>.</para> -
postlfs/config/firmware.xml
r6ff5b0b7 rbd78d011 152 152 153 153 <para> 154 Intel provide updates of their microcode for Haswelland later154 Intel provide updates of their microcode for Skylake and later 155 155 processors as new vulnerabilities come to light, and have in the past 156 156 provided updates for processors from SandyBridge onwards, although those … … 209 209 and downloading the latest file there. As of this writing the most 210 210 secure version of the microcode, for those machines which can boot it, 211 is microcode-2020 0609.If you have a Skylake machine, please read the212 Caution in the 'Early loading of microcode' section below. Extract this211 is microcode-20201112.<!-- If you have a Skylake machine, please read the 212 Caution in the 'Early loading of microcode' section below.--> Extract this 213 213 file in the normal way, the microcode is in the <filename>intel-ucode 214 214 </filename> directory, containing various blobs with names in the form … … 231 231 </para> 232 232 233 <!-- commented, I don't think there is a new listed item for 2011-11 vulns 234 (platypus etc : intel-sa-00381 and 0389) 235 and anyway the very latest stable releases have backports : ken 233 236 <para> 234 237 The documentation on the latest SRBDS (Special Register Buffer Data 235 238 Sampling) vulnerabilities/fixes will be documented in kernels 5.4.46, 236 239 5.6.18, 5.7.2, 5.8.0 and later. 237 </para> 240 </para>--> 238 241 239 242 <para> … … 288 291 289 292 <para> 290 This reformatted example for a n old (20191115) verison of the microcode293 This reformatted example for a machine with old microcode in its BIOS 291 294 was created by temporarily booting without 292 microcode, to show the current Firmware Bug message, then the late load 293 shows it being updated to revision 0xd6. 294 </para> 295 296 <screen><literal>[ 0.000000] Linux version 5.4.2 (lfs@leshp) (gcc version 9.2.0 (GCC)) 297 #1 SMP PREEMPT Wed Dec 18 11:52:13 GMT 2019 298 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.4.2-sda11 root=/dev/sda11 ro 299 [ 0.020218] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode 300 to version: 0xb2 (or later) 301 [ 0.153861] MDS: Vulnerable: Clear CPU buffers attempted, no microcode 302 [ 0.550009] microcode: sig=0x506e3, pf=0x2, revision=0x74 303 [ 0.550036] microcode: Microcode Update Driver: v2.2. 304 [ 277.673064] microcode: updated to revision 0xd6, date = 2019-10-03 305 [ 277.674231] x86/CPU: CPU features have changed after loading microcode, but might not take effect</literal></screen> 295 microcode, to show the current Firmware Bug messages, then the late load 296 shows it being updated to revision 0xec. 297 </para> 298 299 <screen><literal>[ 0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0, 300 GNU ld (GNU Binutils) 2.35) 301 #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020 302 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro 303 [ 0.028715] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; 304 please update microcode to version: 0xb2 (or later) 305 [ 0.111874] SRBDS: Vulnerable: No microcode 306 [ 0.111984] MDS: Vulnerable: Clear CPU buffers attempted, no microcode</literal></screen> 306 307 307 308 <para> … … 313 314 </sect3> 314 315 315 <sect3 id="a nd-microcode">316 <sect3 id="amd-microcode"> 316 317 <title>AMD Microcode for the CPU</title> 317 318 … … 411 412 <screen><userinput>cp -v /lib/firmware/intel-ucode/<XX-YY-ZZ> kernel/x86/microcode/GenuineIntel.bin</userinput></screen> 412 413 414 <!-- new version from 20201110 release onwards, assumed to work on all skylakes 415 But complaints about previous version took some days to appear, so keep as a comment for now. 413 416 <caution> 414 417 <para> … … 430 433 the machine usable, but without the SRBDS mitigations. 431 434 </para> 432 </caution> 435 </caution>--> 433 436 434 437 <para> … … 477 480 <para> 478 481 The places and times where early loading happens are very different 479 in AMD and Intel machines. First, an Intel (Haswell) example with early loading: 480 </para> 481 482 <screen><literal>[ 0.000000] microcode: microcode updated early to revision 0x28, date = 2019-11-12 483 [ 0.000000] Linux version 5.6.2 (ken@plexi) (gcc version 9.2.0 (GCC)) #2 SMP PREEMPT Tue Apr 7 21:34:32 BST 2020 484 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.6.2-sda10 root=/dev/sda10 ro resume=/dev/sdb1 485 [ 0.371462] microcode: sig=0x306c3, pf=0x2, revision=0x28 486 [ 0.371491] microcode: Microcode Update Driver: v2.2.</literal></screen> 482 in AMD and Intel machines. First, an Intel (Skylake) example with early loading: 483 </para> 484 485 <screen><literal>[ 0.000000] microcode: microcode updated early to revision 0xe2, date = 2020-07-14 486 [ 0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0, 487 GNU ld (GNU Binutils) 2.35) 488 #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020 489 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro 490 [ 0.378287] microcode: sig=0x506e3, pf=0x2, revision=0xe2 491 [ 0.378315] microcode: Microcode Update Driver: v2.2. 492 </literal></screen> 487 493 488 494
Note:
See TracChangeset
for help on using the changeset viewer.