From e26d271f1161a9a7256a0eac6de26fdf4601066e Mon Sep 17 00:00:00 2001 From: Ovidiu Panait Date: Tue, 17 May 2022 13:51:05 +0300 Subject: intel-microcode: upgrade 20220419 -> 20220510 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit intel-microcode-20220510 includes fixes for CVE-2021-33117 and CVE-2022-21151. CVE-2021-33117: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html CVE-2022-21151: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html Signed-off-by: Ovidiu Panait Signed-off-by: Anuj Mittal --- recipes-core/microcode/intel-microcode_20220419.bb | 63 ---------------------- recipes-core/microcode/intel-microcode_20220510.bb | 63 ++++++++++++++++++++++ 2 files changed, 63 insertions(+), 63 deletions(-) delete mode 100644 recipes-core/microcode/intel-microcode_20220419.bb create mode 100644 recipes-core/microcode/intel-microcode_20220510.bb diff --git a/recipes-core/microcode/intel-microcode_20220419.bb b/recipes-core/microcode/intel-microcode_20220419.bb deleted file mode 100644 index 1281266e..00000000 --- a/recipes-core/microcode/intel-microcode_20220419.bb +++ /dev/null @@ -1,63 +0,0 @@ -SUMMARY = "Intel Processor Microcode Datafile for Linux" -HOMEPAGE = "http://www.intel.com/" -DESCRIPTION = "The microcode data file contains the latest microcode\ - definitions for all Intel processors. Intel releases microcode updates\ - to correct processor behavior as documented in the respective processor\ - specification updates. While the regular approach to getting this microcode\ - update is via a BIOS upgrade, Intel realizes that this can be an\ - administrative hassle. The Linux operating system and VMware ESX\ - products have a mechanism to update the microcode after booting.\ - For example, this file will be used by the operating system mechanism\ - if the file is placed in the /etc/firmware directory of the Linux system." - -LICENSE = "Intel-Microcode-License" -LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721" - -SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \ - " - -SRCREV = "686ce069071329fce724ce90bf5854a3b86e500a" - -DEPENDS = "iucode-tool-native" -S = "${WORKDIR}/git" - -COMPATIBLE_HOST = "(i.86|x86_64).*-linux" -PACKAGE_ARCH = "${MACHINE_ARCH}" - -inherit deploy - -# Use any of the iucode_tool parameters to filter specific microcodes from the data file -# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool -UCODE_FILTER_PARAMETERS ?= "" - -do_compile() { - ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ - ${UCODE_FILTER_PARAMETERS} \ - --overwrite \ - --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ - ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* -} - -do_install() { - install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/ - ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ - ${UCODE_FILTER_PARAMETERS} \ - --write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \ - ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* -} - -do_deploy() { - install -d ${DEPLOYDIR} - install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/ - cd ${DEPLOYDIR} - rm -f microcode.cpio - ln -sf microcode_${PV}.cpio microcode.cpio -} - -addtask deploy before do_build after do_compile - -PACKAGES = "${PN}" - -FILES:${PN} = "${nonarch_base_libdir}" - -UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P(\d+)[a-z]*)$" diff --git a/recipes-core/microcode/intel-microcode_20220510.bb b/recipes-core/microcode/intel-microcode_20220510.bb new file mode 100644 index 00000000..ce59ab0e --- /dev/null +++ b/recipes-core/microcode/intel-microcode_20220510.bb @@ -0,0 +1,63 @@ +SUMMARY = "Intel Processor Microcode Datafile for Linux" +HOMEPAGE = "http://www.intel.com/" +DESCRIPTION = "The microcode data file contains the latest microcode\ + definitions for all Intel processors. Intel releases microcode updates\ + to correct processor behavior as documented in the respective processor\ + specification updates. While the regular approach to getting this microcode\ + update is via a BIOS upgrade, Intel realizes that this can be an\ + administrative hassle. The Linux operating system and VMware ESX\ + products have a mechanism to update the microcode after booting.\ + For example, this file will be used by the operating system mechanism\ + if the file is placed in the /etc/firmware directory of the Linux system." + +LICENSE = "Intel-Microcode-License" +LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721" + +SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \ + " + +SRCREV = "6c0c4691e5bb446e0e428ebca595164709c59586" + +DEPENDS = "iucode-tool-native" +S = "${WORKDIR}/git" + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +# Use any of the iucode_tool parameters to filter specific microcodes from the data file +# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool +UCODE_FILTER_PARAMETERS ?= "" + +do_compile() { + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --overwrite \ + --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_install() { + install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/ + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_deploy() { + install -d ${DEPLOYDIR} + install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/ + cd ${DEPLOYDIR} + rm -f microcode.cpio + ln -sf microcode_${PV}.cpio microcode.cpio +} + +addtask deploy before do_build after do_compile + +PACKAGES = "${PN}" + +FILES:${PN} = "${nonarch_base_libdir}" + +UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P(\d+)[a-z]*)$" -- cgit v1.2.3-54-g00ecf