From bc8899d6c0321ab6e6b5738708b12442bd03f470 Mon Sep 17 00:00:00 2001 From: Ovidiu Panait Date: Tue, 17 May 2022 13:51:05 +0300 Subject: intel-microcode: upgrade 20220419 -> 20220510 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit intel-microcode-20220510 includes fixes for CVE-2021-33117 and CVE-2022-21151. CVE-2021-33117: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html CVE-2022-21151: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html Signed-off-by: Ovidiu Panait Signed-off-by: Anuj Mittal (cherry picked from commit e26d271f1161a9a7256a0eac6de26fdf4601066e) Signed-off-by: Anuj Mittal --- recipes-core/microcode/intel-microcode_20220510.bb | 63 ++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 recipes-core/microcode/intel-microcode_20220510.bb (limited to 'recipes-core/microcode/intel-microcode_20220510.bb') diff --git a/recipes-core/microcode/intel-microcode_20220510.bb b/recipes-core/microcode/intel-microcode_20220510.bb new file mode 100644 index 00000000..ce59ab0e --- /dev/null +++ b/recipes-core/microcode/intel-microcode_20220510.bb @@ -0,0 +1,63 @@ +SUMMARY = "Intel Processor Microcode Datafile for Linux" +HOMEPAGE = "http://www.intel.com/" +DESCRIPTION = "The microcode data file contains the latest microcode\ + definitions for all Intel processors. Intel releases microcode updates\ + to correct processor behavior as documented in the respective processor\ + specification updates. While the regular approach to getting this microcode\ + update is via a BIOS upgrade, Intel realizes that this can be an\ + administrative hassle. The Linux operating system and VMware ESX\ + products have a mechanism to update the microcode after booting.\ + For example, this file will be used by the operating system mechanism\ + if the file is placed in the /etc/firmware directory of the Linux system." + +LICENSE = "Intel-Microcode-License" +LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721" + +SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \ + " + +SRCREV = "6c0c4691e5bb446e0e428ebca595164709c59586" + +DEPENDS = "iucode-tool-native" +S = "${WORKDIR}/git" + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +# Use any of the iucode_tool parameters to filter specific microcodes from the data file +# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool +UCODE_FILTER_PARAMETERS ?= "" + +do_compile() { + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --overwrite \ + --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_install() { + install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/ + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_deploy() { + install -d ${DEPLOYDIR} + install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/ + cd ${DEPLOYDIR} + rm -f microcode.cpio + ln -sf microcode_${PV}.cpio microcode.cpio +} + +addtask deploy before do_build after do_compile + +PACKAGES = "${PN}" + +FILES:${PN} = "${nonarch_base_libdir}" + +UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P(\d+)[a-z]*)$" -- cgit v1.2.3-54-g00ecf