Changeset bd78d011


Ignore:
Timestamp:
11/17/2020 03:01:43 AM (11 months ago)
Author:
Ken Moffat <ken@…>
Branches:
10.1, 11.0, ken/refactor-virt, lazarus, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
fdc0a6e6
Parents:
6ff5b0b7
Message:

Firmware - update details for intel microcode-20201112.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23910 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • introduction/welcome/changelog.xml

    r6ff5b0b7 rbd78d011  
    4646      <itemizedlist>
    4747        <listitem>
     48          <para>[ken] - Update firmware page for intel microcode-20201112. Fixes
     49          <ulink url="&blfs-ticket-root;14233">#14233</ulink>.</para>
     50        </listitem>
     51        <listitem>
    4852          <para>[renodr] - Update to NSS-3.59. Fixes
    4953          <ulink url="&blfs-ticket-root;14244">#14244</ulink>.</para>
  • postlfs/config/firmware.xml

    r6ff5b0b7 rbd78d011  
    152152
    153153    <para>
    154       Intel provide updates of their microcode for Haswell and later
     154      Intel provide updates of their microcode for Skylake and later
    155155      processors as new vulnerabilities come to light, and have in the past
    156156      provided updates for processors from SandyBridge onwards, although those
     
    209209        and downloading the latest file there.  As of this writing the most
    210210        secure version of the microcode, for those machines which can boot it,
    211         is microcode-20200609. If you have a Skylake machine, please read the
    212         Caution in the 'Early loading of microcode' section below.  Extract this
     211        is microcode-20201112.<!-- If you have a Skylake machine, please read the
     212        Caution in the 'Early loading of microcode' section below.-->  Extract this
    213213        file in the normal way, the microcode is in the <filename>intel-ucode
    214214        </filename> directory, containing various blobs with names in the form
     
    231231      </para>
    232232
     233      <!-- commented, I don't think there is a new listed item for 2011-11 vulns
     234          (platypus etc : intel-sa-00381 and 0389)
     235          and anyway the very latest stable releases have backports : ken
    233236      <para>
    234237        The documentation on the latest SRBDS (Special Register Buffer Data
    235238        Sampling) vulnerabilities/fixes will be documented in kernels 5.4.46,
    236239        5.6.18, 5.7.2, 5.8.0 and later.
    237       </para>
     240      </para>-->
    238241
    239242      <para>
     
    288291
    289292      <para>
    290         This reformatted example for an old (20191115) verison of the microcode
     293        This reformatted example for a machine with old microcode in its BIOS
    291294        was created by temporarily booting without
    292         microcode, to show the current Firmware Bug message, then the late load
    293         shows it being updated to revision 0xd6.
    294       </para>
    295 
    296 <screen><literal>[    0.000000] Linux version 5.4.2 (lfs@leshp) (gcc version 9.2.0 (GCC))
    297                #1 SMP PREEMPT Wed Dec 18 11:52:13 GMT 2019
    298 [    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.4.2-sda11 root=/dev/sda11 ro
    299 [    0.020218] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please update microcode
    300                to version: 0xb2 (or later)
    301 [    0.153861] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
    302 [    0.550009] microcode: sig=0x506e3, pf=0x2, revision=0x74
    303 [    0.550036] microcode: Microcode Update Driver: v2.2.
    304 [  277.673064] microcode: updated to revision 0xd6, date = 2019-10-03
    305 [  277.674231] x86/CPU: CPU features have changed after loading microcode, but might not take effect</literal></screen>
     295        microcode, to show the current Firmware Bug messages, then the late load
     296        shows it being updated to revision 0xec.
     297      </para>
     298
     299<screen><literal>[    0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0,
     300               GNU ld (GNU Binutils) 2.35)
     301               #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020
     302[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro
     303[    0.028715] [Firmware Bug]: TSC_DEADLINE disabled due to Errata;
     304               please update microcode to version: 0xb2 (or later)
     305[    0.111874] SRBDS: Vulnerable: No microcode
     306[    0.111984] MDS: Vulnerable: Clear CPU buffers attempted, no microcode</literal></screen>
    306307
    307308      <para>
     
    313314    </sect3>
    314315
    315     <sect3 id="and-microcode">
     316    <sect3 id="amd-microcode">
    316317      <title>AMD Microcode for the CPU</title>
    317318
     
    411412<screen><userinput>cp -v /lib/firmware/intel-ucode/&lt;XX-YY-ZZ&gt; kernel/x86/microcode/GenuineIntel.bin</userinput></screen>
    412413
     414<!-- new version from 20201110 release onwards, assumed to work on all skylakes
     415   But complaints about previous version took some days to appear, so keep as a comment for now.
    413416      <caution>
    414417        <para>
     
    430433          the machine usable, but without the SRBDS mitigations.
    431434        </para>
    432       </caution>
     435      </caution>-->
    433436
    434437      <para>
     
    477480      <para>
    478481        The places and times where early loading happens are very different
    479         in AMD and Intel machines. First, an Intel (Haswell) example with early loading:
    480       </para>
    481 
    482 <screen><literal>[    0.000000] microcode: microcode updated early to revision 0x28, date = 2019-11-12
    483 [    0.000000] Linux version 5.6.2 (ken@plexi) (gcc version 9.2.0 (GCC)) #2 SMP PREEMPT Tue Apr 7 21:34:32 BST 2020
    484 [    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.6.2-sda10 root=/dev/sda10 ro resume=/dev/sdb1
    485 [    0.371462] microcode: sig=0x306c3, pf=0x2, revision=0x28
    486 [    0.371491] microcode: Microcode Update Driver: v2.2.</literal></screen>
     482        in AMD and Intel machines. First, an Intel (Skylake) example with early loading:
     483      </para>
     484
     485<screen><literal>[    0.000000] microcode: microcode updated early to revision 0xe2, date = 2020-07-14
     486[    0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0,
     487               GNU ld (GNU Binutils) 2.35)
     488               #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020
     489[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro
     490[    0.378287] microcode: sig=0x506e3, pf=0x2, revision=0xe2
     491[    0.378315] microcode: Microcode Update Driver: v2.2.
     492</literal></screen>
    487493
    488494
Note: See TracChangeset for help on using the changeset viewer.