mirror of
git://git.yoctoproject.org/meta-intel.git
synced 2025-07-19 12:59:03 +02:00
e26d271f11
intel-microcode-20220510 includes fixes for CVE-2021-33117 and CVE-2022-21151. CVE-2021-33117: A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html CVE-2022-21151: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
64 lines
2.2 KiB
BlitzBasic
64 lines
2.2 KiB
BlitzBasic
SUMMARY = "Intel Processor Microcode Datafile for Linux"
|
|
HOMEPAGE = "http://www.intel.com/"
|
|
DESCRIPTION = "The microcode data file contains the latest microcode\
|
|
definitions for all Intel processors. Intel releases microcode updates\
|
|
to correct processor behavior as documented in the respective processor\
|
|
specification updates. While the regular approach to getting this microcode\
|
|
update is via a BIOS upgrade, Intel realizes that this can be an\
|
|
administrative hassle. The Linux operating system and VMware ESX\
|
|
products have a mechanism to update the microcode after booting.\
|
|
For example, this file will be used by the operating system mechanism\
|
|
if the file is placed in the /etc/firmware directory of the Linux system."
|
|
|
|
LICENSE = "Intel-Microcode-License"
|
|
LIC_FILES_CHKSUM = "file://license;md5=d8405101ec6e90c1d84b082b0c40c721"
|
|
|
|
SRC_URI = "git://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git;protocol=https;branch=main \
|
|
"
|
|
|
|
SRCREV = "6c0c4691e5bb446e0e428ebca595164709c59586"
|
|
|
|
DEPENDS = "iucode-tool-native"
|
|
S = "${WORKDIR}/git"
|
|
|
|
COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
|
|
PACKAGE_ARCH = "${MACHINE_ARCH}"
|
|
|
|
inherit deploy
|
|
|
|
# Use any of the iucode_tool parameters to filter specific microcodes from the data file
|
|
# For further information, check the iucode-tool's manpage : http://manned.org/iucode-tool
|
|
UCODE_FILTER_PARAMETERS ?= ""
|
|
|
|
do_compile() {
|
|
${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \
|
|
${UCODE_FILTER_PARAMETERS} \
|
|
--overwrite \
|
|
--write-earlyfw=${WORKDIR}/microcode_${PV}.cpio \
|
|
${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/*
|
|
}
|
|
|
|
do_install() {
|
|
install -d ${D}${nonarch_base_libdir}/firmware/intel-ucode/
|
|
${STAGING_DIR_NATIVE}${sbindir_native}/iucode_tool \
|
|
${UCODE_FILTER_PARAMETERS} \
|
|
--write-firmware=${D}${nonarch_base_libdir}/firmware/intel-ucode \
|
|
${S}/intel-ucode/* ${S}/intel-ucode-with-caveats/*
|
|
}
|
|
|
|
do_deploy() {
|
|
install -d ${DEPLOYDIR}
|
|
install ${WORKDIR}/microcode_${PV}.cpio ${DEPLOYDIR}/
|
|
cd ${DEPLOYDIR}
|
|
rm -f microcode.cpio
|
|
ln -sf microcode_${PV}.cpio microcode.cpio
|
|
}
|
|
|
|
addtask deploy before do_build after do_compile
|
|
|
|
PACKAGES = "${PN}"
|
|
|
|
FILES:${PN} = "${nonarch_base_libdir}"
|
|
|
|
UPSTREAM_CHECK_GITTAGREGEX = "^microcode-(?P<pver>(\d+)[a-z]*)$"
|