intel-microcode-20220510 includes fixes for CVE-2021-33117 and CVE-2022-21151.
CVE-2021-33117:
A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable
Processors may allow information disclosure. Intel is releasing firmware
updates to mitigate this potential vulnerability.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html
CVE-2022-21151:
A potential security vulnerability in some Intel® Processors may allow
information disclosure. Intel is releasing firmware updates to mitigate this
potential vulnerability.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Switch to using SPDX preferred identifiers. All changes done using v0.1
of the script convert-spdx-licenses.py.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Commit cba66dfb7b ("intel-microcode: fix microcode loading on newer
kernels") effectively disabled microcode filtering for intel-microcode
package.
Add the missing filter parameter to iucode_tool command to install only
necessary files. Do not generate microcode bin file in compile step as
it is no longer needed.
Signed-off-by: Tomasz Moń <tomasz.mon@camlingroup.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
The /dev/microcode interface and microcode-ctl utility has
been deprecated in favor of the new kernel
/sys/devices/system/cpu/microcode/reload interface as documented in:
https://github.com/torvalds/linux/blob/master/Documentation/x86/microcode.rst
It expects the microcode binaries to be split out and loaded from
/lib/firmware, eg:
/lib/firmware/intel-ucode/06-01-01
/lib/firmware/intel-ucode/06-01-02
/lib/firmware/intel-ucode/06-01-06
/lib/firmware/intel-ucode/06-01-07
/lib/firmware/intel-ucode/06-01-09
...
This change does not affect the earlyfw cpio generated by inte-ucode.
Signed-off-by: Yong, Jonathan <jonathan.yong@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Include the microcode from caveats as well since all kernels supported
have those patches. Also point to the new git repo and corrected
license.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Point to the the license from layer now that text .dat isn't supplied. And,
generate cpio from binary files.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
The LIC_FILES_CHKSUM also needed to be updated, as the copyright
added the year 2018.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Remove the concept of the common directory and move all the recipes-* dirs
to the top level as a normal layer would be. layer.conf is updated appropriately
Signed-off-by: Saul Wold <sgw@linux.intel.com>
