Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
I'd like to update the intel-microcode packages in buster and stretch to
3.202006016.1~deb{9,10}u1.
This is basically the same packages already in buster and stretch via
buster/strech-security, with one extra microcode revert. It effectively
fixes a regression introduced by the security updates for a single
processor model (Xeon E3 with signature 0x506e3).
The upload via s-p-u/os-p-u was suggested by the security team: we
agreed the revert of microcode 0x506e3 did not really deserve a DSA and
could be handled through the upcoming point releases (it affects only
*some* motherboards with such processors).
The git diff is attached. Unfortunately, stable debdiff gets mightly
confused by a directory rename that only has binary files inside, so git
diff does a much better job here.
diffstat:
changelog | 8 ++++++
debian/changelog | 19 ++++++++++++
intel-ucode/06-4e-03 | Bin 104448 -> 101376 bytes
intel-ucode/06-5e-03 | Bin 104448 -> 101376 bytes
microcode-20200609.d => microcode-20200616.d | 0
releasenote | 32 ++++-----------------
s000406E3_m000000C0_r000000D6.fw | Bin 101376 -> 0 bytes
....bin => supplementary-ucode-20200616_BDX-ML.bin | 0
8 files changed, 32 insertions(+), 27 deletions(-)
--
Henrique Holschuh
diff --git a/changelog b/changelog
index d033202..b0565f2 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,11 @@
+2020-06-16:
+ * Downgraded microcodes (to a previously shipped revision):
+ sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+ sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
+ * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+ * This update *removes* the SRBDS mitigations from the above processors
+
2020-06-09:
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), aka INTEL-SA-00320
diff --git a/debian/changelog b/debian/changelog
index 89ee06e..67308d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+intel-microcode (3.20200616.1~deb10u1) buster; urgency=high
+
+ * Rebuild for Debian stable (buster), no changes
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 05 Jul 2020 15:18:54 -0300
+
+intel-microcode (3.20200616.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20200616
+ + Downgraded microcodes (to a previously shipped revision):
+ sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+ sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
+ * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+ * This update *removes* the SRBDS mitigations from the above processors
+ * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 28 Jun 2020 18:38:57 -0300
+
intel-microcode (3.20200609.2~deb10u1) buster-security; urgency=high
* Rebuild for buster-security, no changes
diff --git a/intel-ucode/06-4e-03 b/intel-ucode/06-4e-03
index 33b963e..1fabcf8 100644
Binary files a/intel-ucode/06-4e-03 and b/intel-ucode/06-4e-03 differ
diff --git a/intel-ucode/06-5e-03 b/intel-ucode/06-5e-03
index 4e947ea..a3119d5 100644
Binary files a/intel-ucode/06-5e-03 and b/intel-ucode/06-5e-03 differ
diff --git a/microcode-20200609.d b/microcode-20200616.d
similarity index 100%
rename from microcode-20200609.d
rename to microcode-20200616.d
diff --git a/releasenote b/releasenote
index 9b60007..f7302d5 100644
--- a/releasenote
+++ b/releasenote
@@ -82,37 +82,15 @@ OS vendors must ensure that the late loader patches (provided in
linux-kernel-patches\) are included in the distribution before packaging the
BDX-ML microcode for late-loading.
-== 20200609 Release ==
--- Updates upon 20200520 release --
+== 20200616 Release ==
+-- Updates upon 20200609 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
---- new platforms ----------------------------------------
---- updated platforms ------------------------------------
-HSW C0 6-3c-3/32 00000027->00000028 Core Gen4
-BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5
-HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4
-HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4
-BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5
-SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
-SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
-SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable
-SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable
-SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx
-CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2
-CLX-SP B1 6-55-7/bf 0500002c->05002f01 Xeon Scalable Gen2
-SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5
-AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile
-KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile
-CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile
-WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile
-AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
-CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
-WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile
-KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6
-CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E
-CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8
-CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9
-CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile
+SKL-U/Y D0 6-4e-3/c0 000000dc->000000d6 Core Gen6 Mobile
+SKL-U23e K1 6-4e-3/c0 000000dc->000000d6 Core Gen6 Mobile
+SKL-H/S R0/N0 6-5e-3/36 000000dc->000000d6 Core Gen6; Xeon E3 v5
---- removed platforms ------------------------------------
diff --git a/s000406E3_m000000C0_r000000D6.fw b/s000406E3_m000000C0_r000000D6.fw
deleted file mode 100644
index 1fabcf8..0000000
Binary files a/s000406E3_m000000C0_r000000D6.fw and /dev/null differ
diff --git a/supplementary-ucode-20200609_BDX-ML.bin b/supplementary-ucode-20200616_BDX-ML.bin
similarity index 100%
rename from supplementary-ucode-20200609_BDX-ML.bin
rename to supplementary-ucode-20200616_BDX-ML.bin
Attachment:
signature.asc
Description: PGP signature