--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package intel-microcode/3.20160714.1~deb8u1
- From: Henrique de Moraes Holschuh <hmh@debian.org>
- Date: Sat, 13 Aug 2016 18:27:05 -0300
- Message-id: <20160813212705.GA11082@khazad-dum.debian.net>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
I would like to update the intel-microcode packages in stable to address
several critical errata in newer Intel processors, as well as to
properly support the Linux kernel 4.4 and later.
The updated packages being proposed in this bug report are identical to
the ones in unstable/testing and jessie-backports, other than
debian/changelog and version numbering.
These changes have been tested in unstable since 2016-07-22 and in
testing and jessie-backports since 2016-07-28, without any issues being
reported.
This microcode update is very important to get Debian to run in a more
stable way on the newer processors that have TSX enabled, but as usual,
it also fixes other unspecified errata, so it is important even for
processors without TSX.
As usual, you will find attached the debdiff output with the changes in
the two microcode data files removed for brevity...
Diffstat below:
Makefile | 3
changelog | 23
debian/README.Debian | 237
debian/changelog | 140
debian/control | 2
debian/initramfs.hook | 22
microcode-20151106.dat |43449 -----------------------------------
microcode-20160714.dat |59389 +++++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 59733 insertions(+), 43532 deletions(-)
(diffstat of the abridged debdiff, for better resolution):
Makefile | 3
changelog | 23 ++++
debian/README.Debian | 237 ++++++++++++++++++++++++++++++++++----------------
debian/changelog | 140 +++++++++++++++++++++++++++++
debian/control | 2
debian/initramfs.hook | 22 +++-
6 files changed, 344 insertions(+), 83 deletions(-)
Thank you!
--
Henrique Holschuh
diff -Nru intel-microcode-3.20151106.1~deb8u1/changelog intel-microcode-3.20160714.1~deb8u1/changelog
--- intel-microcode-3.20151106.1~deb8u1/changelog 2015-12-28 11:54:52.000000000 -0200
+++ intel-microcode-3.20160714.1~deb8u1/changelog 2016-07-31 18:11:41.000000000 -0300
@@ -1,3 +1,26 @@
+2016-07-14:
+ * Updated Microcodes:
+ sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
+ sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
+ sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
+ sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
+
+2016-06-07:
+ * New Microcodes:
+ sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+ sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
+ sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
+ sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
+
+ * Updated Microcodes:
+ sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
+ sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
+ sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
+ sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
+ sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
+ sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
+ sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
+
2015-11-06:
* New Microcodes:
sig 0x000306f4, pf mask 0x80, 2015-07-17, rev 0x0009, size 14336
diff -Nru intel-microcode-3.20151106.1~deb8u1/debian/changelog intel-microcode-3.20160714.1~deb8u1/debian/changelog
--- intel-microcode-3.20151106.1~deb8u1/debian/changelog 2015-12-28 16:06:24.000000000 -0200
+++ intel-microcode-3.20160714.1~deb8u1/debian/changelog 2016-08-07 21:49:00.000000000 -0300
@@ -1,3 +1,141 @@
+intel-microcode (3.20160714.1~deb8u1) stable; urgency=medium
+
+ * Rebuild for Debian jessie stable update (no changes)
+ * STABLE RELEASE MANAGER INFORMATION:
+ + This is the same package which is in unstable since 2016-07-22,
+ and stretch (testing) and jessie-backports since 2016-07-28,
+ with no issues reported
+ + Contains updated microcode for:
+ Skylake/H/DT, Broadwell/E/EP/H/DE/WS, Haswell/E/WS/EP/EX, and their
+ usual variants (U/ULT,Y,S...): mobile, desktop, embedded, single-
+ and dual-socket server/workstation. Also includes related Pentium
+ and Celeron
+ + Somewhat unusually, this release includes an update for the
+ multi-socket Haswell-EX E7-v3 Xeon server processors
+ + Fixes critical issues on Intel Skylake processors, such as:
+ - TSX unpredictable behavior
+ - AVX data/calculation corruption
+ - High-hitting crashes and hangs related to MCEs and power
+ management errata that might make it impossible to even install
+ Debian in the first place (systems with very outdated firmware)
+ + Likely fixes a recently identified, critical but low-hitting TSX
+ erratum on Broadwell, Broadwell-E and related Xeons
+ (Broadwell-DE/WS/EP: Xeon-D 1500, E3-v4 and E5-v4)
+ + Fix Broadwell-DE (Xeon-D 1500) errata (incomplete list):
+ Stepping V-1: BDE58, BDE56, BDE55, BDE50, BDE44, BDE41, BDE38,
+ BDE10, BDE9, BDE8, BDE7
+ Stepping Y-0: LAN1, BDE67, BDE68
+ + Might fix Haswell-EP Xeon E5-v3 power management regression
+ which is already present in the packages currently in jessie
+ (#815990)
+ + Fixes undisclosed errata on Xeon E7-v3 48xx/88xx
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 07 Aug 2016 21:48:59 -0300
+
+intel-microcode (3.20160714.1~bpo8+1) jessie-backports; urgency=medium
+
+ * Rebuild for jessie-backports (no changes)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 22 Jul 2016 20:39:26 -0300
+
+intel-microcode (3.20160714.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20160714
+ + Updated Microcodes:
+ sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
+ sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
+ sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
+ sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
+ + This release hopefully fixes a hang when updating the microcode on
+ some Skylake-U D-1/Skylake-Y D-1 (sig 0x406e3, pf 0x80) systems
+ * source: remove superseded upstream data file: 20160607
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 21 Jul 2016 19:04:09 -0300
+
+intel-microcode (3.20160607.2~bpo8+1) jessie-backports; urgency=medium
+
+ * Rebuild for jessie-backports (no changes)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 16 Jul 2016 15:24:40 -0300
+
+intel-microcode (3.20160607.2) unstable; urgency=low
+
+ * REMOVE microcode:
+ sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+ (closes: #828819)
+ * The Core i7-6500U and m3-6Y30 processors (Skylake-UY D-1,
+ sig=0x406e3, pf=0x80) may hang while attempting an early microcode
+ update to revision 0x8a, apparently due to some sort of firmware
+ dependency. On affected systems, the only way to avoid the issue is
+ to get a firmware update that includes microcode revision 0x8a or
+ later. At this time, there are reports of both sucessful and failed
+ updates on the m3-6Y30, and only of failed updates on the i7-6500U.
+ There are no reports about Skylake-U K-1 (pf=0x40).
+ + WARNING: it is unsafe to use a system based on an Intel Skylake-U/Y
+ processor with microcode earlier than revision 0x8a, due to several
+ critical errata that cause unpredictable behavior, data corruption,
+ and other problems. Users *must* update their firmware to get
+ microcode 0x8a or newer, and keep it up-to-date.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 08 Jul 2016 22:54:26 -0300
+
+intel-microcode (3.20160607.1~bpo8+1) jessie-backports; urgency=medium
+
+ * Rebuild for jessie-backports (no changes)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 23 Jun 2016 16:13:20 -0300
+
+intel-microcode (3.20160607.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20160607
+ + New Microcodes:
+ sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+ sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
+ sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
+ sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
+ + Updated Microcodes:
+ sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
+ sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
+ sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
+ sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
+ sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
+ sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
+ sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
+ * source: remove superseded upstream data file: 20151106.
+ * control: change upstream URL to a search for "linux microcode"
+ Unfortunately, many of the per-processor-model feeds have not been
+ updated for microcode release 20160607. Switch to the general search
+ page as the upstream URL.
+ * README.Debian: fix duplicated word 'to'
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 23 Jun 2016 12:17:03 -0300
+
+intel-microcode (3.20151106.2) unstable; urgency=medium
+
+ * Makefile: make the build less verbose.
+ * debian/changelog: fix error in past entry.
+ Correct the version of the microcode that caused bug #776431,
+ in the entry for version 3.20150121.1.
+ * initramfs: don't force_load microcode.ko when missing.
+ Detect a missing microcode.ko and don't attempt to force_load() it,
+ otherwise we get spurious warnings at boot. In verbose mode, log the
+ fact that the microcode driver is modular. For Linux 4.4 and later,
+ skip the entire module loading logic, since the microcode driver cannot
+ be modular for those kernels (closes: #814301).
+ * initramfs: update copyright notice
+ * initramfs: use iucode_tool -l for verbose mode
+ * README.Debian: enhance and add recovery instructions.
+ Rewrite large parts of the README.Debian document, and add recovery
+ instructions (use of the "dis_ucode_ldr" kernel parameter).
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 17 Apr 2016 12:38:12 -0300
+
+intel-microcode (3.20151106.1~bpo8+1) jessie-backports; urgency=medium
+
+ * Rebuild for jessie-backports (no changes)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 10 Nov 2015 20:21:31 -0200
+
intel-microcode (3.20151106.1~deb8u1) stable; urgency=medium
* Rebuild for jessie (stable update), no changes required
@@ -49,7 +187,7 @@
sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
* The microcode downgrade fixes a very nasty regression on Xeon E5v3
processors (closes: #776431)
- * critical urgency: the broken sig 0x306f2, rev 0x2b microcode shipped
+ * critical urgency: the broken sig 0x306f2, rev 0x2d microcode shipped
in release 20150107 caused CPU core hangs and Linux boot failures.
The upstream fix was to downgrade it to the same microcode revision
that was shipped in release 20140913
diff -Nru intel-microcode-3.20151106.1~deb8u1/debian/control intel-microcode-3.20160714.1~deb8u1/debian/control
--- intel-microcode-3.20151106.1~deb8u1/debian/control 2015-12-28 15:57:04.000000000 -0200
+++ intel-microcode-3.20160714.1~deb8u1/debian/control 2016-07-31 18:11:41.000000000 -0300
@@ -5,7 +5,7 @@
Uploaders: Giacomo Catenazzi <cate@debian.org>
Build-Depends: debhelper (>= 7), iucode-tool (>= 0.9)
Standards-Version: 3.9.6
-Homepage: http://feeds.downloadcenter.intel.com/rss/?p=483&lang=eng
+Homepage: https://downloadcenter.intel.com/search?keyword=linux+microcode
Vcs-Git: git://git.debian.org/users/hmh/intel-microcode.git
Vcs-Browser: http://git.debian.org/?p=users/hmh/intel-microcode.git
XS-Autobuild: yes
diff -Nru intel-microcode-3.20151106.1~deb8u1/debian/initramfs.hook intel-microcode-3.20160714.1~deb8u1/debian/initramfs.hook
--- intel-microcode-3.20151106.1~deb8u1/debian/initramfs.hook 2015-12-28 11:54:52.000000000 -0200
+++ intel-microcode-3.20160714.1~deb8u1/debian/initramfs.hook 2016-07-31 18:11:41.000000000 -0300
@@ -1,6 +1,6 @@
#!/bin/sh
# intel-microcode initramfs-tools hook script version 3
-# Copyright (C) 2012-2014 Henrique de Moraes Holschuh <hmh@debian.org>
+# Copyright (C) 2012-2016 Henrique de Moraes Holschuh <hmh@debian.org>
# Released under the GNU GPL v2 or later license
#
# Generates a copy of the Intel microcode (by default tailored to the
@@ -35,7 +35,7 @@
}
if [ "${verbose}" = "y" ] ; then
- IUCODE_TOOL_OPTIONS="-v"
+ IUCODE_TOOL_OPTIONS="-l"
else
IUCODE_TOOL_OPTIONS="-q"
fi
@@ -120,11 +120,23 @@
# fast at detecting missing data files and doesn't wait for them.
#
# note: force_load will load a blacklisted module. We depend on that behavior.
-force_load microcode
-[ -d "${DESTDIR}${IUCODE_FW_DIR}" ] && rm -fr "${DESTDIR}${IUCODE_FW_DIR}"
+#
+# For 4.4 and later kernels, the microcode driver cannot be a module and will
+# be built-in.
+dpkg --compare-versions "${version}" lt 4.4 && {
+ [ -d "${DESTDIR}${IUCODE_FW_DIR}" ] && rm -fr "${DESTDIR}${IUCODE_FW_DIR}"
+
+ manual_add_modules microcode && {
+ # force_load has broken semanthics when the .ko file is missing
+ find "${DESTDIR}/${MODULESDIR}" -type f -print | grep -qc '/microcode\.ko$' && {
+ verbose "modular microcode driver detected"
+ force_load microcode
+ }
+ }
+}
# generate early initramfs image and prepend
-verbose "using early initramfs microcode update mode (Linux v3.10 and later)..."
+verbose "using early initramfs microcode update mode..."
EFW=$(mktemp "${TMPDIR:-/var/tmp}/mkinitramfs-EFW_XXXXXXXXXX") || {
echo "E: intel-microcode: cannot create temporary file" >&2
exit 1
diff -Nru intel-microcode-3.20151106.1~deb8u1/debian/README.Debian intel-microcode-3.20160714.1~deb8u1/debian/README.Debian
--- intel-microcode-3.20151106.1~deb8u1/debian/README.Debian 2015-12-28 11:54:52.000000000 -0200
+++ intel-microcode-3.20160714.1~deb8u1/debian/README.Debian 2016-07-31 18:11:41.000000000 -0300
@@ -4,127 +4,189 @@
Introduction:
Intel® 64 and IA-32 processors (x86_64 and i686 processors) are capable of
-field-upgrading their control program (microcode). These microcode updates
-correct processor errata, and are often important for safe, correct system
-operation.
+field-upgrading their control program (microcode) as well as parameters
+for other on-chip subsystems (power management, interconnects, etc).
+These microcode updates correct processor errata, and are important for
+safe, stable and correct system operation.
While most of the microcode updates fix problems that happen extremely
-rarely, there are enough updates fixing issues that would cause system
-lockup, memory corruption, or unpredictable system behavior, to warrant
-taking it seriously.
+rarely, they also fix high-profile, high-hitting issues. There are enough
+microcode updates fixing processor errata that would cause system lockup,
+memory corruption, or unpredictable system behavior, to warrant taking
+firmware updates and microcode updates seriously.
Microcode updates are ephemeral: they will be lost after a processor hard
reset or after the processor is powered off. They must be reapplied at
-every boot and after the system wakes up from suspend to RAM or disk.
+every boot, as well as after the system wakes up from suspend to RAM or
+disk.
Updating the processor microcode is the responsibility of the system
-firmware (BIOS or EFI). However, not all vendors will release timely
+firmware (BIOS, UEFI). However, not all vendors will release timely
updates for their firmware when Intel releases updated microcode, and most
users don't update their system firmware in a timely fashion (or at all)
anyway.
-The end result is that, unless some other method of distributing microcode
-updates is in place, the processor in many systems will be running with
-outdated microcode, increasing the chances of incorrect system operation.
+The end result is that, unless the operating system picks up the slack and
+tries to deliver microcode updates, the processor in many systems will be
+running with outdated microcode, increasing the chances of incorrect
+system operation.
-Safely updating the system processor microcode:
+Using Debian to apply microcode updates:
-1. install the initramfs-tools, iucode-tool and intel-microcode packages;
+Debian can apply microcode updates to the system processors during the
+operating system boot when a correctly configured Linux kernel (such as
+the standard Debian Linux kernels), and a small set of extra packages from
+"non-free" and "contrib" are installed.
-2. configure the system to use a initramfs created by initramfs-tools
- during boot (Debian kernels do this by default);
+You must have "contrib" and "non-free" repositories enabled in apt's
+sources list (either in /etc/apt/sources.list, or in a file inside
+/etc/apt/sources.list.d/).
-NOTE: if you're compiling your own kernel, you must use Linux v3.10 or
- later, and you must make sure early microcode update support is
- compiled in (see below).
+On a default Debian system (which uses a Debian kernel, the grub
+bootloader, and initramfs-tools to create the initramfs for the kernel),
+install the "intel-microcode" package and its dependencies, and reboot.
-3. make sure the initramfs for the kernel you will use was updated (it
- should have been done automatically for the default boot kernel, at
- least for Debian kernels), using update-initramfs -u, and possibly
- update-initramfs -u -k <kernel version>
+Users of custom configurations should note that microcode update support
+for Debian 8 "Jessie" changed from previous Debian stable releases.
-4. reboot.
+Custom Linux kernels must be built with initramfs support enabled (Kconfig
+option CONFIG_BLK_DEV_INITRD=y), as well as early microcode support
+enabled (Kconfig options CONFIG_MICROCODE=y, CONFIG_MICROCODE_INTEL=y,
+CONFIG_MICROCODE_INTEL_EARLY=y). An initramfs image *must* be used.
+The use of "dracut" to generate the initramfs is not yet supported, but it
+should work if you have a new enough version of dracut that is compatible
+with the kernel you are using (i.e. it might require the use of
+backports). Dracut will have to be manually configured to enable early
+microcode updates. Better dracut support is planned for a future version
+of the intel-microcode package.
+NOTE: It is not impossible for an operating-system supplied microcode
+update to cause boot issues. Should that happen, please refer to the
+"RECOVERY PROCEDURE" section of this document.
-Triggering an immediate microcode update (without a reboot):
+Caveats:
- **** WARNING **** **** WARNING **** **** WARNING **** **** WARNING ****
+Please keep your UEFI/BIOS up-to-date. Assuming your motherboard vendor
+does a good job of updating system firmware components, an up-to-date
+version of the firmware will negate most of the caveats listed here.
- This procedure used to be safe before microcode update 20140913.
- It is not safe anymore in the general case.
+Some features added to the processor post-launch, such as Intel SGX for
+"Skylake", are likely to require a full firmware update to work. Some
+issues and errata can only be fixed by a full firmware update should they
+require fixes and workarounds outside of the processor microcode update
+(typically: ME firmware, SMM code, platform MSR setup, ACPI data, Intel
+TXT/SGX modules).
- While it is likely to continue to be safe for the Intel micro-
- architectures that preceded Haswell and Silvermont, this is not
- in any way assured.
+A microcode update may enable functionality or change the behavior of
+weakly-defined functionality (such as the effect of model-dependent CPU
+power-management MSRs). This can (very rarely) interact badly with
+outdated BIOS/UEFI.
- You have been warned. Do not do this unless you really know
- what you are doing.
+A microcode update can revoke the signatures of vulnerable Intel TXT ACMs
+(refer to security advisory INTEL-SA-00035) and Intel SGX system modules.
+This will disable Intel TXT and Intel SGX in a system that still has the
+vulnerable components in firmware (the only way to really fix the
+vulnerabilities is to update the firmware).
- **** WARNING **** **** WARNING **** **** WARNING **** **** WARNING ****
+Microcode updates often do not go well with overclocking and similar
+tuning (such as underclocking, "undervolting", etc). Reset the system to
+Intel's *up-to-date* recommended values should a microcode update seem to
+be causing trouble, and search for a less aggressive, stable operating
+point for the new microcode.
-The microcode kernel module will attempt to apply a microcode update when
-loaded by "modprobe". If the module is already loaded or compiled-in, run
-this command (as root):
+A microcode update can (very rarely) interact badly with, or expose
+software bugs in the kernel and on frequency/thermal control daemons.
- echo -n 1 >/sys/devices/system/cpu/microcode/reload
-Alternatively, run the commands (as root):
- rmmod microcode ; modprobe microcode
+RECOVERY PROCEDURE:
-For kernels before Linux v3.6, refer to the iucode_tool(8) manpage.
+It is possible for a microcode update to not work well, or to not work at
+all on specific system models. This is very rare when using early
+microcode updates, but it has happened at least once.
+Should you experience problems because of the microcode update, you will
+have to bypass the microcode update process that happens during operating
+system startup (boot), and remove (or install an older version of) the
+intel-microcode package.
-Microcode update details:
+To bypass the microcode update during system startup, you must instruct the
+boot loader (grub, lilo, etc) to pass the "dis_ucode_ldr" parameter
+(without the quotes) to the kernel.
-Debian can apply microcode updates to the system processors during the
-operating system boot, with the help of the intel-microcode and iucode-tool
-packages.
+If your system uses grub (the default bootloader in Debian):
+
+ 1. Access the grub menu during boot (press and hold the left "Shift"
+ key right after starting the system up if you don't see a grub menu
+ during boot);
+
+ 2. Move the highlight/cursor to the kernel/boot option you want to
+ use, and press the "e" key to edit it;
+
+ 3. Locate the line that starts with "linux" using the cursor
+ keys. You must add the word "dis_ucode_ldr" (without the quotes) to
+ the end of that line;
+
+ 4. Press "Ctrl+X" to start (boot) the system. The microcode updates
+ will be skipped.
+
+After the system is running, remove or purge the intel-microcode package,
+or alternatively install an older version of the intel-microcode package.
+
+If removing or purging the intel-microcode package fails to do it for some
+reason, please refresh the initramfs using the "update-initramfs -u"
+command (as the root user), and possibly "update-initramfs -u -k <desired
+kernel version>" or "update-initramfs -u -k all".
+
+Please report any issues caused by microcode updates to the Debian bug
+tracker, e.g. using the "reportbug" tool.
+
+
+Microcode update details:
-For safety reasons, this requires Linux v3.10 or above and the use of the
-"early microcode update" driver. This greatly reduces the chances of
-system malfunction due to any issues that are corrected by the microcode
-update.
+The "early mode" of the Linux kernel microcode update driver will apply
+the microcode updates as soon as possible, before making use of the more
+complex modes and functionality of the system processors. This greatly
+reduces the chances of system malfunction due to any issues that are
+corrected by the microcode update.
+
+It will update the CPU core that boots the system (known as BSP, for
+"bootstrap processor") as one of the first things it does. It will also
+update the microcode on the other CPU cores (known as AP, for "application
+processor") while enabling them, before they can be used.
In some cases, early microcode updates will allow the kernel to sidestep
the need to disable functionality, as an example, there's the "Atom PSE
erratum".
In other cases, it will be the only safe way to apply a microcode update.
-For example, the Intel TSX erratum in Intel Haswell processors, where
-applying the microcode update will crash anything that might be using
-Intel TSX at the time the microcode update is applied.
-
-The early microcode update requires both kernel support and that the
-iucode-tool package to be installed to work. It also requires the use of
-an initramfs built by "update-initramfs -u". The kernel must be compiled
-with kconfig options CONFIG_MICROCODE_EARLY=y and
-CONFIG_MICROCODE_INTEL_EARLY=y.
-
-For Linux v3.9 and earlier kernels, the early microcode update
-functionality is either not available, or buggy. These kernels are not
-supported anymore by this branch of the intel-microcode package, please
-use the 1.* branch of intel-microcode.
-
-When the iucode-tool package is installed, the initramfs helpers will
-attempt to restrict the number of microcodes added to the initramfs to the
-bare minimum. This behavior can be changed and fine-tuned through the
+For example, the Intel TSX errata in Intel Haswell and Broadwell processors
+required a microcode update that entirely disables Intel TSX. Applying the
+microcode update will crash anything that might be using Intel TSX at that
+time.
+
+The initramfs helpers will attempt to restrict the number of microcode
+updates added to the initramfs to the bare minimum through the use of
+iucode_tool. This behavior can be changed and fine-tuned through the
/etc/default/intel-microcode file.
-Also, when iucode-tool is installed, microcode from files matching
-/usr/share/misc/intel-microcode* will be considered. This allows the
-easy use of microcode.dat files distributed directly by Intel. Be careful
-to not leave old files there, or you may end up using microcode that Intel
-stopped distributing on purpose for unknown reasons.
+Also, microcode from files matching /usr/share/misc/intel-microcode* will
+be considered. This allows the easy use of microcode.dat files distributed
+directly by Intel. Be careful to not leave old files there, or you may end
+up using microcode that Intel stopped distributing on purpose for unknown
+reasons.
Downloading new microcode data from Intel:
A new version of the microcode bundle can be downloaded directly from
-Intel, either by navigating to the support section looking for downloads
-for your processor, or through one of these RSS feeds:
+Intel. Try to search for "Linux Processor Microcode":
+
+https://downloadcenter.intel.com/search?keyword=Linux+Processor+Microcode+Data+File
+
+Alternatively, you can try one of these RSS feeds:
http://feeds.downloadcenter.intel.com/rss/?p=483&lang=eng
http://feeds.downloadcenter.intel.com/rss/?p=2371&lang=eng
@@ -145,6 +207,33 @@
iucode_tool --scan-system --write-firmware /usr/share/misc/intel-microcode.dat
update-initramfs -u
+
+Triggering an immediate microcode update (without a reboot):
+
+ **** WARNING **** **** WARNING **** **** WARNING **** **** WARNING ****
+
+ This procedure used to be safe before microcode update 20140913.
+ It is not safe anymore in the general case.
+
+ While it is likely to continue to be safe for the Intel micro-
+ architectures that preceded Haswell and Silvermont, this is not
+ in any way assured.
+
+ You have been warned. Do not do this unless you really know
+ what you are doing.
+
+ **** WARNING **** **** WARNING **** **** WARNING **** **** WARNING ****
+
+The microcode kernel module will attempt to apply a microcode update when
+loaded by "modprobe". If the module is already loaded or compiled-in (it
+cannot be a module anymore in recent Linux kernels), run this command (as
+root):
+
+ echo -n 1 >/sys/devices/system/cpu/microcode/reload
+
+For kernels before Linux v3.6, refer to the iucode_tool(8) manpage.
+
+
* Note: Intel is a registered trademark of Intel Corporation.
- -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 09 Oct 2014 10:45:09 -0300
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 10 Apr 2016 16:32:09 -0300
diff -Nru intel-microcode-3.20151106.1~deb8u1/Makefile intel-microcode-3.20160714.1~deb8u1/Makefile
--- intel-microcode-3.20151106.1~deb8u1/Makefile 2015-12-28 11:54:52.000000000 -0200
+++ intel-microcode-3.20160714.1~deb8u1/Makefile 2016-07-31 18:11:41.000000000 -0300
@@ -1,7 +1,6 @@
PATH := $(PATH):/sbin:/usr/sbin
IUCODE_TOOL ?= iucode_tool
-IUC_FLAGS := -vv
-IUC_QUIET_FLAGS := -q
+IUC_FLAGS := -v
IUC_FINAL_FLAGS := -vv
# CUTDATE RANGE:
--- End Message ---