| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250818190137.3525414-1-sohil.mehta@intel.com>
Date: Mon, 18 Aug 2025 12:01:35 -0700
From: Sohil Mehta <sohil.mehta@...el.com>
To: Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org
Cc: Borislav Petkov <bp@...en8.de>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
Dave Hansen <dave.hansen@...el.com>,
Nikolay Borisov <nik.borisov@...e.com>,
Alex Murray <alex.murray@...onical.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Sohil Mehta <sohil.mehta@...el.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] x86/intel: Refresh the old ucode revisions with a script
The kernel maintains a list of recently released Intel microcode
revisions for each family-model-stepping. Systems with microcode older
than those listed are marked with X86_BUG_OLD_MICROCODE [1].
Naturally, the microcode list needs to be periodically updated to
reflect the latest releases. This series introduces a script to simplify
this process along with the first update.
Microcode revision update (Patch 1)
-----------------------------------
The update is based on the May 2025 Intel microcode release [2]. Even if
this is taken through the x86/urgent branch, a gap of 3 months seems
like enough time for systems to have been updated. If there are concerns
regarding the timing, the patch can be taken through the regular merge
window.
It also includes a stable Cc to keep the stable trees up-to-date.
The update script (Patch 2)
---------------------------
Below is the help text for the script. Any feedback on the interface or
the help text is appreciated.
$ ./scripts/update-intel-ucode-defs.py -h
usage: update-intel-ucode-defs.py [-h] -u UCODE_PATH [-o HEADER]
For Intel CPUs, update the microcode revisions that determine
X86_BUG_OLD_MICROCODE.
The script takes the Intel microcode files as input and uses the
iucode-tool to extract the revision information. It formats the output
and writes it to intel-ucode-defs.h which holds the minimum expected
revision for each family-model-stepping.
A typical usage is to get the desired release of the Intel Microcode
Update Package at:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git
And run:
./scripts/update-intel-ucode-defs.py -u /path/to/microcode/files
Note: The microcode revisions are usually updated shortly after a new
microcode package is released, allowing a reasonable time for systems to
get the update.
options:
-h, --help show this help message and exit
-u UCODE_PATH, --ucode_path UCODE_PATH
Path to the microcode files
-o HEADER, --output HEADER
The microcode header file to be updated (default: intel-ucode-defs.h)
Links
-----
[1]: https://lore.kernel.org/lkml/174530444932.31282.15748299566756052894.tip-bot2@tip-bot2/
[2]: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
Sohil Mehta (2):
x86/microcode/intel: Refresh the revisions that determine
old_microcode
scripts/x86: Add a script to update minimum Intel ucode revisions
MAINTAINERS | 1 +
.../kernel/cpu/microcode/intel-ucode-defs.h | 86 ++++++-----
scripts/update-intel-ucode-defs.py | 134 ++++++++++++++++++
3 files changed, 183 insertions(+), 38 deletions(-)
create mode 100755 scripts/update-intel-ucode-defs.py
--
2.43.0
Powered by blists - more mailing lists