--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
I'd like to update the intel-microcode in buster non-free.
This is a safe update: it only changes a few microcodes from what is
alrady in buster non-free, fixing a security issue. There are no
regressions reported regarding this microcode update [when compared with
what is already in non-free buster].
Here's the relevant changelog:
intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium
* RELEASE MANAGER INFORMATION: this update mitigates an extra security
issue on a few processors, as described in 3.20210216.1 changelog.
It has zero reports of regressions when compared with 3.20201118.1~deb10u1
thus it is a safe stable update.
* Rebuild for buster, keeping all changes to avoid regressions present
in 3.20201118.1~deb10u1.
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 20 Mar 2021 11:57:37 -0300
intel-microcode (3.20210216.1) unstable; urgency=medium
* New upstream microcode datafile 20210216
* Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
and Cascade Lake Server (B0/B1) when using an active JTAG
agent like In Target Probe (ITP), Direct Connect Interface
(DCI) or a Baseboard Management Controller (BMC) to take the
CPU JTAG/TAP out of reset and then returning it to reset.
* This issue is related to the INTEL-SA-00381 mitigation.
* Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
* source: update symlinks to reflect id of the latest release, 20210216
-- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 17 Feb 2021 11:26:06 -0300
The git diff is attached. Here's the diffstat:
changelog | 12 ++++++++++++
debian/changelog | 28 ++++++++++++++++++++++++++++
intel-ucode/06-55-04 |binary
intel-ucode/06-55-06 |binary
intel-ucode/06-55-07 |binary
license | 2 +-
releasenote.md | 23 +++++++++++++++++++++++
7 files changed, 64 insertions(+), 1 deletion(-)
Thank you.
--
Henrique Holschuh
diff --git a/changelog b/changelog
index 2444e14..1c60ff2 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,15 @@
+2021-02-16:
+ * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+ and Cascade Lake Server (B0/B1) when using an active JTAG
+ agent like In Target Probe (ITP), Direct Connect Interface
+ (DCI) or a Baseboard Management Controller (BMC) to take the
+ CPU JTAG/TAP out of reset and then returning it to reset.
+ * This issue is related to the INTEL-SA-00381 mitigation.
+ * Updated Microcodes:
+ sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+ sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+ sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+
2020-11-18:
* Removes a faulty microcode update from release 2020-11-10
which results on boot failures with a MCE (firmware error)
diff --git a/debian/changelog b/debian/changelog
index b746f58..45661aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium
+
+ * RELEASE MANAGER INFORMATION: this update mitigates an extra security
+ issue on a few processors, as described in 3.20210216.1 changelog.
+ It has zero reports of regressions when compared with 3.20201118.1~deb10u1
+ thus it is a safe stable update.
+ * Rebuild for buster, keeping all changes to avoid regressions present
+ in 3.20201118.1~deb10u1.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 20 Mar 2021 11:57:37 -0300
+
+intel-microcode (3.20210216.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20210216
+ * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+ and Cascade Lake Server (B0/B1) when using an active JTAG
+ agent like In Target Probe (ITP), Direct Connect Interface
+ (DCI) or a Baseboard Management Controller (BMC) to take the
+ CPU JTAG/TAP out of reset and then returning it to reset.
+ * This issue is related to the INTEL-SA-00381 mitigation.
+ * Updated Microcodes:
+ sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+ sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+ sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+ * source: update symlinks to reflect id of the latest release, 20210216
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 17 Feb 2021 11:26:06 -0300
+
intel-microcode (3.20201118.1~deb10u1) buster; urgency=high
* Rebuild for buster, with changes to avoid regressions
diff --git a/intel-ucode/06-55-04 b/intel-ucode/06-55-04
index 3822870..aa33771 100644
Binary files a/intel-ucode/06-55-04 and b/intel-ucode/06-55-04 differ
diff --git a/intel-ucode/06-55-06 b/intel-ucode/06-55-06
index 8370d64..6c9e6d7 100644
Binary files a/intel-ucode/06-55-06 and b/intel-ucode/06-55-06 differ
diff --git a/intel-ucode/06-55-07 b/intel-ucode/06-55-07
index 8b1f7e4..9a8f61c 100644
Binary files a/intel-ucode/06-55-07 and b/intel-ucode/06-55-07 differ
diff --git a/license b/license
index 8fbad3d..cb763c9 100644
--- a/license
+++ b/license
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2020 Intel Corporation.
+Copyright (c) 2018-2021 Intel Corporation.
All rights reserved.
Redistribution.
diff --git a/microcode-20201118.d b/microcode-20210216.d
similarity index 100%
rename from microcode-20201118.d
rename to microcode-20210216.d
diff --git a/releasenote.md b/releasenote.md
index 0c2e2f7..c89508b 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -1,5 +1,28 @@
# Release Notes
+## [microcode-20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216)
+
+### Purpose
+
+- Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html)
+
+### New Platforms
+
+None
+
+### Updated Platforms
+
+| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
+|:---------------|:---------|:------------|:---------|:---------|:---------
+| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable
+| SKX-D | M1 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx
+| CLX-SP | B0 | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2
+| CLX-SP | B1 | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2
+
+### Removed Platforms
+
+None
+
## [microcode-20201118](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201118)
### Purpose
diff --git a/supplementary-ucode-20201118_BDX-ML.bin b/supplementary-ucode-20210216_BDX-ML.bin
similarity index 100%
rename from supplementary-ucode-20201118_BDX-ML.bin
rename to supplementary-ucode-20210216_BDX-ML.bin
--- End Message ---