From dc0948200594dacece4da91f4c501e9a9fb0394f Mon Sep 17 00:00:00 2001 From: Yogesh Tyagi Date: Fri, 14 Feb 2025 14:08:36 +0530 Subject: intel-microcode: upgrade 20241112 -> 20250211 Update for functional issues for different processors Fixes CVEs: CVE-2024-31068 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01166.html] CVE-2024-36293 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html] CVE-2023-43758 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html] CVE-2024-39355 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01228.html] CVE-2024-37020 [https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01194.html] Release notes: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211 Signed-off-by: Yogesh Tyagi Signed-off-by: Anuj Mittal --- recipes-core/microcode/intel-microcode_20241112.bb | 63 ---------------------- recipes-core/microcode/intel-microcode_20250211.bb | 63 ++++++++++++++++++++++ 2 files changed, 63 insertions(+), 63 deletions(-) delete mode 100644 recipes-core/microcode/intel-microcode_20241112.bb create mode 100644 recipes-core/microcode/intel-microcode_20250211.bb diff --git a/recipes-core/microcode/intel-microcode_20241112.bb b/recipes-core/microcode/intel-microcode_20241112.bb deleted file mode 100644 index 7e9fcaaf..00000000 --- a/recipes-core/microcode/intel-microcode_20241112.bb +++ /dev/null @@ -1,63 +0,0 @@ -SUMMARY = "Intel Processor Microcode Datafile for Linux" -HOMEPAGE = "http://www.intel.com/" -DESCRIPTION = "The microcode data file contains the latest microcode\ - definitions for all Intel processors. Intel releases microcode updates\ - to correct processor behavior as documented in the respective processor\ - specification updates. While the regular approach to getting this microcode\ - update is via a BIOS upgrade, Intel realizes that this can be an\ - administrative hassle. The Linux operating system and VMware ESX\ - products have a mechanism to update the microcode after booting.\ - For example, this file will be used by the operating system mechanism\ - if the file is placed in the /etc/firmware directory of the Linux system." - -LICENSE = "Intel-Microcode-License" -LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721" - -SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \ - " - -SRCREV = "8ac9378a84879e81c503e09f344560b3dd7f72df" - -DEPENDS = "iucode-tool-native" -S = "${WORKDIR}/git" - -COMPATIBLE_HOST = "(i.86|x86_64).*-linux" -PACKAGE_ARCH = "${MACHINE_ARCH}" - -inherit deploy - -# Use any of the iucode_tool parameters to filter specific microcodes from the data file -# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool -UCODE_FILTER_PARAMETERS ?= "" - -do_compile() { - ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ - ${UCODE_FILTER_PARAMETERS} \ - --overwrite \ - --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ - ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* -} - -do_install() { - install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/ - ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ - ${UCODE_FILTER_PARAMETERS} \ - --write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \ - ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* -} - -do_deploy() { - install -d ${DEPLOYDIR} - install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/ - cd ${DEPLOYDIR} - rm -f microcode.cpio - ln -sf microcode_${PV}.cpio microcode.cpio -} - -addtask deploy before do_build after do_compile - -PACKAGES = "${PN}" - -FILES:${PN} = "${nonarch_base_libdir}" - -UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P(\d+)[a-z]*)$" diff --git a/recipes-core/microcode/intel-microcode_20250211.bb b/recipes-core/microcode/intel-microcode_20250211.bb new file mode 100644 index 00000000..ee69a115 --- /dev/null +++ b/recipes-core/microcode/intel-microcode_20250211.bb @@ -0,0 +1,63 @@ +SUMMARY = "Intel Processor Microcode Datafile for Linux" +HOMEPAGE = "http://www.intel.com/" +DESCRIPTION = "The microcode data file contains the latest microcode\ + definitions for all Intel processors. Intel releases microcode updates\ + to correct processor behavior as documented in the respective processor\ + specification updates. While the regular approach to getting this microcode\ + update is via a BIOS upgrade, Intel realizes that this can be an\ + administrative hassle. The Linux operating system and VMware ESX\ + products have a mechanism to update the microcode after booting.\ + For example, this file will be used by the operating system mechanism\ + if the file is placed in the /etc/firmware directory of the Linux system." + +LICENSE = "Intel-Microcode-License" +LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721" + +SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \ + " + +SRCREV = "8a62de41c011615d749f8e72bb906dddc72e56a8" + +DEPENDS = "iucode-tool-native" +S = "${WORKDIR}/git" + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" +PACKAGE_ARCH = "${MACHINE_ARCH}" + +inherit deploy + +# Use any of the iucode_tool parameters to filter specific microcodes from the data file +# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool +UCODE_FILTER_PARAMETERS ?= "" + +do_compile() { + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --overwrite \ + --write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_install() { + install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/ + ${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \ + ${UCODE_FILTER_PARAMETERS} \ + --write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \ + ${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/* +} + +do_deploy() { + install -d ${DEPLOYDIR} + install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/ + cd ${DEPLOYDIR} + rm -f microcode.cpio + ln -sf microcode_${PV}.cpio microcode.cpio +} + +addtask deploy before do_build after do_compile + +PACKAGES = "${PN}" + +FILES:${PN} = "${nonarch_base_libdir}" + +UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P(\d+)[a-z]*)$" -- cgit v1.2.3-54-g00ecf