From 90fe9cf8b6dc9b387883e7bf89cde29533959a08 Mon Sep 17 00:00:00 2001 From: Naveen Saini Date: Thu, 28 Mar 2024 11:07:48 +0800 Subject: intel-microcode: upgrade 20231114 -> 20240312 Release notes: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 Fixes CVEs: CVE-2023-39368 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html] CVE-2023-38575 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html] CVE-2023-28746 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html] CVE-2023-22655 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html] CVE-2023-43490 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html] Signed-off-by: Naveen Saini Signed-off-by: Anuj Mittal --- recipes-core/microcode/intel-microcode_20240312.bb | 63 ++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 recipes-core/microcode/intel-microcode_20240312.bb (limited to 'recipes-core/microcode/intel-microcode_20240312.bb') diff --git a/recipes-core/microcode/intel-microcode_20240312.bb b/recipes-core/microcode/intel-microcode_20240312.bb new file mode 100644 index 00000000..00b18231 --- /dev/null +++ b/recipes-core/microcode/intel-microcode_20240312.bb @@ -0,0 +1,63 @@ +SUMMARY = "Intel Processor Microcode Datafile for Linux" +HOMEPAGE = "http://www.intel.com/" +DESCRIPTION = "The microcode data file contains the latest microcode\ + definitions for all Intel processors. Intel releases microcode updates\ + to correct processor behavior as documented in the respective processor\ + specification updates. While the regular approach to getting this microcode\ + update is via a BIOS upgrade, Intel realizes that this can be an\ + administrative hassle. The Linux operating system and VMware ESX\ + products have a mechanism to update the microcode after booting.\ + For example, this file will be used by the operating system mechanism\ + if the file is placed in the /etc/firmware directory of the Linux system." + +LICENSE = "Intel-Microcode-License" +LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721" + +SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \ + " + +SRCREV = "41af34500598418150aa298bb04e7edacc547897" + +DEPENDS = "iucode-tool-native" +S = "${WORKDIR}/git" + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +# Use any of the iucode_tool parameters to filter specific microcodes from the data file +# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool +UCODE_FILTER_PARAMETERS ?= "" + +do_compile() { + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --overwrite \ + --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_install() { + install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/ + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_deploy() { + install -d ${DEPLOYDIR} + install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/ + cd ${DEPLOYDIR} + rm -f microcode.cpio + ln -sf microcode_${PV}.cpio microcode.cpio +} + +addtask deploy before do_build after do_compile + +PACKAGES = "${PN}" + +FILES:${PN} = "${nonarch_base_libdir}" + +UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P(\d+)[a-z]*)$" -- cgit v1.2.3-54-g00ecf