Author: ken
Date: Mon Nov 16 19:01:43 2020
New Revision: 23910
Log:
Firmware - update details for intel microcode-20201112.
Modified:
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/config/firmware.xml
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Mon Nov 16 17:28:32
2020 (r23909)
+++ trunk/BOOK/introduction/welcome/changelog.xml Mon Nov 16 19:01:43
2020 (r23910)
@@ -45,6 +45,10 @@
<para>November 16th, 2020</para>
<itemizedlist>
<listitem>
+ <para>[ken] - Update firmware page for intel microcode-20201112.
Fixes
+ <ulink url="&blfs-ticket-root;14233">#14233</ulink>.</para>
+ </listitem>
+ <listitem>
<para>[renodr] - Update to NSS-3.59. Fixes
<ulink url="&blfs-ticket-root;14244">#14244</ulink>.</para>
</listitem>
Modified: trunk/BOOK/postlfs/config/firmware.xml
==============================================================================
--- trunk/BOOK/postlfs/config/firmware.xml Mon Nov 16 17:28:32 2020
(r23909)
+++ trunk/BOOK/postlfs/config/firmware.xml Mon Nov 16 19:01:43 2020
(r23910)
@@ -151,7 +151,7 @@
</para>
<para>
- Intel provide updates of their microcode for Haswell and later
+ Intel provide updates of their microcode for Skylake and later
processors as new vulnerabilities come to light, and have in the past
provided updates for processors from SandyBridge onwards, although those
are no-longer supported for new fixes. New versions of AMD
@@ -208,8 +208,8 @@
'https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/'/>
and downloading the latest file there. As of this writing the most
secure version of the microcode, for those machines which can boot it,
- is microcode-20200609. If you have a Skylake machine, please read the
- Caution in the 'Early loading of microcode' section below. Extract
this
+ is microcode-20201112.<!-- If you have a Skylake machine, please read
the
+ Caution in the 'Early loading of microcode' section below.--> Extract
this
file in the normal way, the microcode is in the <filename>intel-ucode
</filename> directory, containing various blobs with names in the form
XX-YY-ZZ. There are also various other files, and a releasenote.
@@ -230,11 +230,14 @@
'https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html'/>.
</para>
+ <!-- commented, I don't think there is a new listed item for 2011-11
vulns
+ (platypus etc : intel-sa-00381 and 0389)
+ and anyway the very latest stable releases have backports : ken
<para>
The documentation on the latest SRBDS (Special Register Buffer Data
Sampling) vulnerabilities/fixes will be documented in kernels 5.4.46,
5.6.18, 5.7.2, 5.8.0 and later.
- </para>
+ </para>-->
<para>
Now you need to determine your processor's identity to see if there
@@ -287,22 +290,20 @@
<screen><userinput>dmesg | grep -e 'microcode' -e 'Linux version' -e 'Command
line'</userinput></screen>
<para>
- This reformatted example for an old (20191115) verison of the microcode
+ This reformatted example for a machine with old microcode in its BIOS
was created by temporarily booting without
- microcode, to show the current Firmware Bug message, then the late load
- shows it being updated to revision 0xd6.
+ microcode, to show the current Firmware Bug messages, then the late
load
+ shows it being updated to revision 0xec.
</para>
-<screen><literal>[ 0.000000] Linux version 5.4.2 (lfs@leshp) (gcc version
9.2.0 (GCC))
- #1 SMP PREEMPT Wed Dec 18 11:52:13 GMT 2019
-[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.4.2-sda11 root=/dev/sda11 ro
-[ 0.020218] [Firmware Bug]: TSC_DEADLINE disabled due to Errata; please
update microcode
- to version: 0xb2 (or later)
-[ 0.153861] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
-[ 0.550009] microcode: sig=0x506e3, pf=0x2, revision=0x74
-[ 0.550036] microcode: Microcode Update Driver: v2.2.
-[ 277.673064] microcode: updated to revision 0xd6, date = 2019-10-03
-[ 277.674231] x86/CPU: CPU features have changed after loading microcode, but
might not take effect</literal></screen>
+<screen><literal>[ 0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC)
10.2.0,
+ GNU ld (GNU Binutils) 2.35)
+ #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020
+[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro
+[ 0.028715] [Firmware Bug]: TSC_DEADLINE disabled due to Errata;
+ please update microcode to version: 0xb2 (or later)
+[ 0.111874] SRBDS: Vulnerable: No microcode
+[ 0.111984] MDS: Vulnerable: Clear CPU buffers attempted, no
microcode</literal></screen>
<para>
If the microcode was not updated, there is no new microcode for this
@@ -312,7 +313,7 @@
</sect3>
- <sect3 id="and-microcode">
+ <sect3 id="amd-microcode">
<title>AMD Microcode for the CPU</title>
<para>
@@ -410,6 +411,8 @@
<screen><userinput>cp -v /lib/firmware/intel-ucode/<XX-YY-ZZ>
kernel/x86/microcode/GenuineIntel.bin</userinput></screen>
+<!-- new version from 20201110 release onwards, assumed to work on all skylakes
+ But complaints about previous version took some days to appear, so keep as
a comment for now.
<caution>
<para>
On some Skylake machines with hex Model Number '4e' (78 decimal) the
@@ -429,7 +432,7 @@
For a Skylake which does not boot with 0xdc, reverting to 0xd6 will
make
the machine usable, but without the SRBDS mitigations.
</para>
- </caution>
+ </caution>-->
<para>
Now prepare the initrd:
@@ -476,14 +479,17 @@
<para>
The places and times where early loading happens are very different
- in AMD and Intel machines. First, an Intel (Haswell) example with
early loading:
+ in AMD and Intel machines. First, an Intel (Skylake) example with
early loading:
</para>
-<screen><literal>[ 0.000000] microcode: microcode updated early to revision
0x28, date = 2019-11-12
-[ 0.000000] Linux version 5.6.2 (ken@plexi) (gcc version 9.2.0 (GCC)) #2
SMP PREEMPT Tue Apr 7 21:34:32 BST 2020
-[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.6.2-sda10 root=/dev/sda10
ro resume=/dev/sdb1
-[ 0.371462] microcode: sig=0x306c3, pf=0x2, revision=0x28
-[ 0.371491] microcode: Microcode Update Driver: v2.2.</literal></screen>
+<screen><literal>[ 0.000000] microcode: microcode updated early to revision
0xe2, date = 2020-07-14
+[ 0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0,
+ GNU ld (GNU Binutils) 2.35)
+ #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020
+[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro
+[ 0.378287] microcode: sig=0x506e3, pf=0x2, revision=0xe2
+[ 0.378315] microcode: Microcode Update Driver: v2.2.
+</literal></screen>
<para>
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
