From b0a1d38f71f27a55eb6c62e2adcfc06276e0df09 Mon Sep 17 00:00:00 2001 From: Zoltan HERPAI Date: Thu, 7 May 2020 12:12:02 +0200 Subject: [PATCH] firmware: intel-microcode: bump to 20191115 + SECURITY UPDATE - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135 - Implements TA Indirect Sharing mitigation, and improves the MDS mitigation (VERW) - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271, CVE-2019-11139 - Fixes SGX vulnerabilities and errata (including CVE-2019-0117) - Adds microcode update for CFL-S (Coffe Lake Desktop) INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117 + CRITICAL ERRATA FIXES - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except Ice Lake), causes a 0-3% typical perforance hit (can be as bad as 10%). But ensures the processor will actually jump where it should, so don't even *dream* of not applying this fix. - Fixes AVX SHUF* instruction implementation flaw erratum + New Microcodes: sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992 sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200 sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040 sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752 sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400 sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352 sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352 sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136 Signed-off-by: Zoltan HERPAI --- package/firmware/intel-microcode/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/firmware/intel-microcode/Makefile b/package/firmware/intel-microcode/Makefile index de501622de..1bda1bfa75 100644 --- a/package/firmware/intel-microcode/Makefile +++ b/package/firmware/intel-microcode/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=intel-microcode -PKG_VERSION:=20190918 -PKG_RELEASE:=1 +PKG_VERSION:=20191115 +PKG_RELEASE:=2 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/ -PKG_HASH:=b7ecb5dd30d71e9b3c2ab184693a876171392e0d80d138c3560c662e5f2a2247 +PKG_HASH:=d86bbd3d3a49f392c7a0fa13611d4ffd17843f0f851c88921ac2003fe59712d8 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE) PKG_BUILD_DEPENDS:=iucode-tool/host -- 2.30.2