Re: ANNOUNCEMENT: Intel processor microcode security update
in-line :-
On 9/8/13, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> On Sat, 07 Sep 2013, shirish शिरीष wrote:
>> I also read the README.gz and realized it's kinda pointless till Intel
>> starts distributing some sort of errata and changelog information
>
> They do distribute some information, but only to Intel hardware partners
> which have access to microcode updates directly... and I don't work for one
> :-)
>
> It is also entirely possible that NDAs forbid even the hardware partners to
> disclose information without asking Intel about it first. Fortunately,
> some
> server vendors leak enough information on their firmware update notices for
> us to actually find out something is important (usually well after the
> fact).
understood.
>> I'm still reading the documentation but if somebody finds how to get
>> the info. about pf mask bit please share the same with me.
>
> http://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.html
>
> Read section 9.11 of the above Intel document.
>
> I've tried to explain about the pf mask (processor flags mask) in the
> README
> file for iucode-tool, but the Intel manual above is the real documentation.
Did see the manpage as well as read the manual and esp. the whole of
9.11 but still confused to know if there is a way to get info. about
the specific processor flags value.
As shared with :-
$ sudo iucode_tool -L /lib/firmware/intel-ucode/06-17-0a
microcode bundle 1: /lib/firmware/intel-ucode/06-17-0a
01/001: sig 0x0001067a, pf mask 0xa0, 2010-09-28, rev 0x0a0b, size 8192
01/002: sig 0x0001067a, pf mask 0x11, 2010-09-28, rev 0x0a0b, size 8192
01/003: sig 0x0001067a, pf mask 0x44, 2010-09-28, rev 0x0a0b, size 8192
The update is from one of these three binary files and as can be seen
the pf mask values of each of them are different.
>From the manpage of iucode-tool
-s ! | [!]signature[,pf_mask]
Select microcodes by the specificed signature and
processor flags mask (pf_mask). If pf_mask is specified, it will
select only microcodes that are suitable for at least one of the
processor flag combinations in the mask.
Specify more than once to select more microcodes. This
option can be combined with the --scan-system option to select more
microcodes. If signature is prefixed with a !, it will unselect
microcodes instead. Ordering matters, with later -s options
overriding earlier ones.
The special notation -s! (with no signature parameter)
instructs iucode-tool to require explicit inclusion of microcode
signatures (using the non-negated form of -s, or using --scan-system).
The --scan-system option has precedence, therefore the
microcodes it selects cannot be unselected.
I read and re-read but wasn't able to glean or understand anything
which would help me know which of the three files had my update. If
there is no way to get info. about the pf mask then tell that
straightaway or give an e.g.
>> Thank you Henrique for packaging and sharing the package as whatever I
>> have shared is upstream issues and nothing to do with your packaging
>> efforts.
>
> Yeah, Intel doesn't make it easy on us, the general public. I actually
> wrote iucode-tool to give me _some_ insight, I hate flying blind...
May I take this opportunity to add a wishlist bug. I would suggest to
add example commands. Like me there are many users who do not
understand technicalities or manpage syntax/language per se. Giving
example commands should also help in broadening the reach of the
technology and its effectiveness.
Just my 2 paise.
> --
> "One disk to rule them all, One disk to find them. One disk to bring
> them all and in the darkness grind them. In the Land of Redmond
> where the shadows lie." -- The Silicon Valley Tarot
> Henrique Holschuh
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
Reply to: