CVS: cvs.openbsd.org: src

Mon, 24 Jul 2023 12:33:38 -0700 

CVSROOT:        /cvs
Module name:    src
Changes by:     bl...@cvs.openbsd.org   2023/07/24 13:33:26

Modified files:
        sys/arch/amd64/amd64: Tag: OPENBSD_7_2 cpu.c ucode.c 
        sys/arch/amd64/stand/boot: Tag: OPENBSD_7_2 conf.c 
        sys/arch/amd64/stand/cdboot: Tag: OPENBSD_7_2 conf.c 
        sys/arch/amd64/stand/efi32: Tag: OPENBSD_7_2 conf.c 
        sys/arch/amd64/stand/efi64: Tag: OPENBSD_7_2 conf.c 
        sys/arch/amd64/stand/efiboot: Tag: OPENBSD_7_2 conf.c 
                                      exec_i386.c 
        sys/arch/amd64/stand/libsa: Tag: OPENBSD_7_2 exec_i386.c 
        sys/arch/amd64/stand/pxeboot: Tag: OPENBSD_7_2 conf.c 
        sys/arch/i386/i386: Tag: OPENBSD_7_2 machdep.c ucode.c 
        sys/arch/i386/stand/boot: Tag: OPENBSD_7_2 conf.c 
        sys/arch/i386/stand/cdboot: Tag: OPENBSD_7_2 conf.c 
        sys/arch/i386/stand/libsa: Tag: OPENBSD_7_2 exec_i386.c 
                                   pciprobe.c 
        sys/arch/i386/stand/pxeboot: Tag: OPENBSD_7_2 conf.c 
        usr.sbin/fw_update: Tag: OPENBSD_7_2 patterns.c 

Log message:
BOOTARG_UCODE for AMD
from jsg@; ok deraadt@

update AMD CPU microcode if a newer patch is available
from jsg@; ok deraadt@

match AMD x86 CPUs in fw_update(8)
from jsg@; ok deraadt@

after the boot block changes on i386, sthen noticed a dmesg change
-pci0 at mainbus0 bus 0: configuration mode 1 (bios)
+pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
deraadt then spent many hours narrowing down the problem to the inline
assembly in pciprobe().
It tried to save the carry flag result of pci bios present.  But did so
after a shift which sets the carry flag.  Ask for CF in the output and
avoid the shift.
from jsg@; ok deraadt@ kettenis@

Set DE_CFG[9] -- a chickenbit which stops Zenbleed.  The chickenbit may
have other side-effects (not disclosed by AMD), and firmwares fixes may
be better (and have other side-effects, same story).  Newer processors
will probably be validated more carefully by AMD.
Issue found by Tavis Ormandy.
This is errata 7.2/033_amdcpu.patch.sig and 7.3/011_amdcpu.patch.sig
Zenbleed also blocked on select cpus by using errata
7.3/012_amdfirmware.patch.sig + 7.3/013_amdcpufirmware.patch /
7.2/034_amdfirmware.patch.sig + 7.2/035_amdcpufirmware.patch.sig
which load AMD cpu firmwares (firmware.openbsd.org is updated often to
contain the best firmwares)
from deraadt@; ok jsg

this is
errata/7.2/033_amdcpu.patch.sig
errata/7.2/034_amdfirmware.patch.sig
errata/7.2/035_amdcpufirmware.patch.sig

Reply via email to