Update intel microcode to 20210608

Also refresh the example, including the omitted lines for the late reload - the claimed previous version (0xec) was a typo.
2025-02-03 14:47:17 +08:00 · 2021-06-08 20:34:53 +01:00 · 2021-06-08 20:34:53 +01:00 · 428cad4e55
commit 428cad4e55
parent 69e77f2de9
2 changed files with 27 additions and 17 deletions
--- a/introduction/welcome/changelog.xml
+++ b/introduction/welcome/changelog.xml
@ -45,6 +45,10 @@
    <listitem>
      <para>June 8th, 2021</para>
      <itemizedlist>
+        <listitem>
+          <para>[ken] - Update to Intel microcode-20210608 (security fix). Fixes
+          <ulink url="&blfs-ticket-root;15149">#15149</ulink>.</para>
+        </listitem>
        <listitem>
          <para>[renodr] - Update to nettle-3.7.3. Fixes
          <ulink url="&blfs-ticket-root;15143">#15143</ulink>.</para>
--- a/postlfs/config/firmware.xml
+++ b/postlfs/config/firmware.xml
@ -207,7 +207,7 @@
        'https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/'/>
        and downloading the latest file there.  As of this writing the most
        secure version of the microcode, for those machines which can boot it,
-        is microcode-20210216.<!-- If you have a Skylake machine, please read the
+        is microcode-20210608.<!-- If you have a Skylake machine, please read the
        Caution in the 'Early loading of microcode' section below.-->  Extract this
        file in the normal way, the microcode is in the <filename>intel-ucode
        </filename> directory, containing various blobs with names in the form
@ -292,17 +292,24 @@ Processor type and features  ---&gt;
        This reformatted example for a machine with old microcode in its BIOS
        was created by temporarily booting without
        microcode, to show the current Firmware Bug messages, then the late load
-        shows it being updated to revision 0xec.
+        shows it being updated to revision 0xea.
      </para>

-<screen><literal>[    0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0,
-               GNU ld (GNU Binutils) 2.35)
-               #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020
-[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro
-[    0.028715] [Firmware Bug]: TSC_DEADLINE disabled due to Errata;
+<screen><literal>[    0.000000] Linux version 5.12.8 (lfs@leshp) (gcc (GCC) 11.1.0,
+               GNU ld (GNU Binutils) 2.36.1)
+               #2 SMP PREEMPT Fri Jun 4 01:25:02 BST 2021
+[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.12.8-sda11 root=/dev/sda11 ro
+               resume=/dev/sda10
+[    0.028741] [Firmware Bug]: TSC_DEADLINE disabled due to Errata;
               please update microcode to version: 0xb2 (or later)
-[    0.111874] SRBDS: Vulnerable: No microcode
-[    0.111984] MDS: Vulnerable: Clear CPU buffers attempted, no microcode</literal></screen>
+[    0.115716] SRBDS: Vulnerable: No microcode
+[    0.115826] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
+[    0.389005] microcode: sig=0x506e3, pf=0x2, revision=0x74
+[    0.389030] microcode: Microcode Update Driver: v2.2.
+[   70.089502] microcode: updated to revision 0xea, date = 2021-01-25
+[   70.089528] x86/CPU: CPU features have changed after loading microcode,
+               but might not take effect.
+[   70.089530] microcode: Reload completed, microcode revision: 0xea</literal></screen>

      <para>
        If the microcode was not updated, there is no new microcode for this
@ -481,14 +488,13 @@ cd initrd</userinput></screen>
        in AMD and Intel machines. First, an Intel (Skylake) example with early loading:
      </para>

-<screen><literal>[    0.000000] microcode: microcode updated early to revision 0xe2, date = 2020-07-14
-[    0.000000] Linux version 5.9.8 (ken@leshp) (gcc (GCC) 10.2.0,
-               GNU ld (GNU Binutils) 2.35)
-               #1 SMP PREEMPT Mon Nov 16 20:42:42 GMT 2020
-[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.9.8-sda11 root=/dev/sda11 ro
-[    0.378287] microcode: sig=0x506e3, pf=0x2, revision=0xe2
-[    0.378315] microcode: Microcode Update Driver: v2.2.
-</literal></screen>
+<screen><literal>[    0.000000] microcode: microcode updated early to revision 0xea, date = 2021-01-25
+[    0.000000] Linux version 5.12.8 (lfs@leshp) (gcc (GCC) 11.1.0,
+               GNU ld (GNU Binutils) 2.36.1) #2 SMP PREEMPT Fri Jun 4 01:25:02 BST 2021
+[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.12.8-sda11 root=/dev/sda11 ro
+               resume=/dev/sda10
+[    0.381420] microcode: sig=0x506e3, pf=0x2, revision=0xea
+[    0.381479] microcode: Microcode Update Driver: v2.2.</literal></screen>


      <para>