1 |
commit: eb9036f6f998c91c6bc021f73bc10ca1b5240ae7 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed May 23 18:02:28 2018 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed May 23 18:24:36 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb9036f6 |
7 |
|
8 |
sys-firmware/intel-microcode: Bump |
9 |
|
10 |
Ebuild changes: |
11 |
=============== |
12 |
- Based on Intel's microcode tarball from 2018-04-25. |
13 |
|
14 |
- Added 210+ additional microcode updates (for production, no beta release!), |
15 |
which are signed by Intel and publicly available but are not distributed |
16 |
via Intel's microcode tarball for marketing/product phase out reasons. |
17 |
You can prevent the usage of these microcode updates and stick with |
18 |
content from Intel's official release tarball via new "vanilla" |
19 |
USE flag. |
20 |
|
21 |
- Blacklisted microcode 0x000604f1 aka 06-4f-01 aka CPUID 406F1 which |
22 |
requires a newer microcode loader in kernel which is only available |
23 |
in kernel >=4.14.34. |
24 |
It is blacklisted because loading via older loader could crash the |
25 |
system. A news item with instructions will follow. |
26 |
|
27 |
Closes: https://github.com/gentoo/gentoo/pull/8532 |
28 |
Bug: https://bugs.gentoo.org/654638 |
29 |
Package-Manager: Portage-2.3.38, Repoman-2.3.9 |
30 |
|
31 |
sys-firmware/intel-microcode/Manifest | 2 + |
32 |
.../intel-microcode-20180426.ebuild | 129 +++++++++++++++++++++ |
33 |
sys-firmware/intel-microcode/metadata.xml | 1 + |
34 |
3 files changed, 132 insertions(+) |
35 |
|
36 |
diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest |
37 |
index c6a73a98102..0a0431030f7 100644 |
38 |
--- a/sys-firmware/intel-microcode/Manifest |
39 |
+++ b/sys-firmware/intel-microcode/Manifest |
40 |
@@ -1,3 +1,4 @@ |
41 |
+DIST intel-microcode-collection-20180426.tar.xz 4155132 BLAKE2B 222c48ba0123887b4ae299e0acc4696512dc1c7528f1b735dd79b2d2f0bf6d988d061e773fb3949b2ab9ddcb69e4224ddb431ccda1c4b329ca37e9409ca60380 SHA512 038d43cd698183baa14b14f1b05e76c93386568494b2621e49338cf3c02fd0e663284ca864a50b3df4188bde5669bf4794cdcf7f4a287dcd42efbb8717809990 |
42 |
DIST microcode-20140430.tgz 785594 BLAKE2B e51a187ca99ad496804f117871b50693b03b50759c9dd23002149ff7fa4b74888c83e8e1fcf078a973dea82e6a9439de8415c56c902ed0163e55ceaaff0eaf23 SHA512 12954522629ce15c4b95c158b6288b3877a3d1f87bea838f8138e53987ef1b6c0edc7a8cbb802a981ccca178b70b4323907aafa7479c0c2fed4497f6fb7bbc1c |
43 |
DIST microcode-20140624.tgz 787237 BLAKE2B 1c2d8f39bf142570283e80f370f41c502ef04d24b4348ca4b44c881e3b1e54df72a88e09350d45a33d47d9955d84a80ae8a11e44561b1a8944a59f9326d4d81a SHA512 c774006aae639e7fae90bc1f5d8308b407e7cd3b7d0da6e35577560bf6201c2b15f7d7b6b0cd727c50be1e9d508b484b067856631fa2598498982109bff0e44c |
44 |
DIST microcode-20140913.tgz 830537 BLAKE2B 665c72fc3a3e1e13d9e58eba0ed202b30856532eee590006c02112df926b879985a97ba9a96b58a6aad0285bff95a3fbb27b22d533f958fe170887f0ab37eef1 SHA512 e179fe0001b1157cc95aee39185f51fd182d53c1bdb30bfc95bc3a70795c32012050f3a4adf06735a77d8ef9c703a330c6a2610b73b70f09f5760e31d39cb89c |
45 |
@@ -13,3 +14,4 @@ DIST microcode-20171117_p20171215-r1.tgz 1477015 BLAKE2B 3911aed3bbbd350be69a99b |
46 |
DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293 |
47 |
DIST microcode-20180108.tgz 3676678 BLAKE2B 197e0188e516a3071be9e2e7a6261d78208613db8b746c7df533ce37884197dbd06a4e6ab027cbddba38903f590130f2d974e46da8fbab0613561523653460ab SHA512 f4010d83353948df27beeb804ef11e4f019f63397a4936f9d139e2842f7944d1ae864b9376987eaffc7db5b97201d5de2f4c1d7cc6b0f545ae15ec53a61fce2b |
48 |
DIST microcode-20180312.tgz 3789662 BLAKE2B e948d74833fe75b9bbdff1e4676f5d49a13bdd06aa6525c39be3448b822203947a5f55515484401ee0c96e8ade19ea580718949bed65883d983509661a16e637 SHA512 cc2cabf6d12c83b65eeb30fca7eb0b503e037dbee3d7ce9cb307b02ed8ac9426b2bafc2c1f1281dddff0945f8308f0d3cd320edea4596551354188d64760b854 |
49 |
+DIST microcode-20180425.tgz 1565473 BLAKE2B 70e0a56f0f5f720e00ab18d6553bc221147589e83df34fdc0c130c6f74a239e48355bfe1845b1de919ed1bce9ade7b7db298883eb3de1d53732a694b15d76f62 SHA512 6cea53cc0f486891fb9ddffc1e03e8e0a6d1d91df6bfda81250b2c60714e7b4111caa9df5afa7f13d8144e591550ef7eb4fd1e153fc67fc904afb83ccc2e3bb0 |
50 |
|
51 |
diff --git a/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild b/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild |
52 |
new file mode 100644 |
53 |
index 00000000000..648f16f204a |
54 |
--- /dev/null |
55 |
+++ b/sys-firmware/intel-microcode/intel-microcode-20180426.ebuild |
56 |
@@ -0,0 +1,129 @@ |
57 |
+# Copyright 1999-2018 Gentoo Foundation |
58 |
+# Distributed under the terms of the GNU General Public License v2 |
59 |
+ |
60 |
+EAPI="6" |
61 |
+ |
62 |
+inherit linux-info toolchain-funcs mount-boot |
63 |
+ |
64 |
+# Find updates by searching and clicking the first link (hopefully it's the one): |
65 |
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File |
66 |
+ |
67 |
+COLLECTION_SNAPSHOT="20180426" |
68 |
+INTEL_SNAPSHOT="20180425" |
69 |
+NUM="27776" |
70 |
+DESCRIPTION="Intel IA32/IA64 microcode update data" |
71 |
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}" |
72 |
+SRC_URI="https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz |
73 |
+ https://dev.gentoo.org/~whissi/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz" |
74 |
+ |
75 |
+LICENSE="intel-ucode" |
76 |
+SLOT="0" |
77 |
+KEYWORDS="" |
78 |
+IUSE="initramfs +split-ucode vanilla" |
79 |
+REQUIRED_USE="|| ( initramfs split-ucode )" |
80 |
+ |
81 |
+DEPEND="sys-apps/iucode_tool" |
82 |
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586 |
83 |
+ |
84 |
+S=${WORKDIR} |
85 |
+ |
86 |
+# Blacklist bad microcode here. |
87 |
+# 0x000604f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader |
88 |
+DEFAULT_MICROCODE_SIGNATURES="-s !0x000604f1" |
89 |
+ |
90 |
+# Advanced users only: |
91 |
+# merge with: |
92 |
+# only current CPU: MICROCODE_SIGNATURES="-S" |
93 |
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" |
94 |
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" |
95 |
+MICROCODE_SIGNATURES="${MICROCODE_SIGNATURES:=${DEFAULT_MICROCODE_SIGNATURES}}" |
96 |
+ |
97 |
+pkg_pretend() { |
98 |
+ if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then |
99 |
+ ewarn "The user has opted in for advanced use:" |
100 |
+ ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${DEFAULT_MICROCODE_SIGNATURES}\"!" |
101 |
+ fi |
102 |
+ use initramfs && mount-boot_pkg_pretend |
103 |
+} |
104 |
+ |
105 |
+src_prepare() { |
106 |
+ default |
107 |
+ |
108 |
+ # Prevent "invalid file format" errors from iucode_tool |
109 |
+ rm -f "${S}"/intel-ucod*/list || die |
110 |
+} |
111 |
+ |
112 |
+src_install() { |
113 |
+ # This will take ALL of the upstream microcode sources: |
114 |
+ # - microcode.dat |
115 |
+ # - intel-ucode/ |
116 |
+ # In some cases, they have not contained the same content (eg the directory has newer stuff). |
117 |
+ MICROCODE_SRC=( |
118 |
+ "${S}"/intel-ucode/ |
119 |
+ "${S}"/intel-ucode-with-caveats/ |
120 |
+ ) |
121 |
+ |
122 |
+ # Allow users who are scared about microcode updates not included in Intel's official |
123 |
+ # microcode tarball to opt-out and comply with Intel marketing |
124 |
+ if ! use vanilla; then |
125 |
+ MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) |
126 |
+ fi |
127 |
+ |
128 |
+ opts=( |
129 |
+ ${MICROCODE_SIGNATURES} |
130 |
+ # be strict about what we are doing |
131 |
+ --overwrite |
132 |
+ --strict-checks |
133 |
+ --no-ignore-broken |
134 |
+ # we want to install latest version |
135 |
+ --no-downgrade |
136 |
+ # show everything we find |
137 |
+ --list-all |
138 |
+ # show what we selected |
139 |
+ --list |
140 |
+ ) |
141 |
+ |
142 |
+ # The earlyfw cpio needs to be in /boot because it must be loaded before |
143 |
+ # rootfs is mounted. |
144 |
+ use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED%/}"/boot/intel-uc.img ) |
145 |
+ # split location: |
146 |
+ use split-ucode && dodir /lib/firmware/intel-ucode && opts+=( --write-firmware="${ED%/}"/lib/firmware/intel-ucode ) |
147 |
+ |
148 |
+ iucode_tool \ |
149 |
+ "${opts[@]}" \ |
150 |
+ "${MICROCODE_SRC[@]}" \ |
151 |
+ || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" |
152 |
+ |
153 |
+ dodoc releasenote |
154 |
+} |
155 |
+ |
156 |
+pkg_preinst() { |
157 |
+ use initramfs && mount-boot_pkg_preinst |
158 |
+} |
159 |
+ |
160 |
+pkg_prerm() { |
161 |
+ use initramfs && mount-boot_pkg_prerm |
162 |
+} |
163 |
+ |
164 |
+pkg_postrm() { |
165 |
+ use initramfs && mount-boot_pkg_postrm |
166 |
+} |
167 |
+ |
168 |
+pkg_postinst() { |
169 |
+ use initramfs && mount-boot_pkg_postinst |
170 |
+ |
171 |
+ if [[ "${MICROCODE_SIGNATURES}" != "${DEFAULT_MICROCODE_SIGNATURES}" ]]; then |
172 |
+ if kernel_is -lt 4 14 34; then |
173 |
+ ewarn "${P} contains microcode updates which require" |
174 |
+ ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." |
175 |
+ ewarn "Loading such a microcode through kernel interface from an unpatched kernel" |
176 |
+ ewarn "can crash your system!" |
177 |
+ ewarn "" |
178 |
+ ewarn "Those microcodes are blacklisted per default. However, you have altered" |
179 |
+ ewarn "MICROCODE_SIGNATURES and maybe unintentionally re-enabled those microcodes." |
180 |
+ ewarn "" |
181 |
+ ewarn "Check ${EROOT%/}/usr/share/doc/${P}/releasenot* if your microcode update" |
182 |
+ ewarn "requires additional kernel patches or not." |
183 |
+ fi |
184 |
+ fi |
185 |
+} |
186 |
|
187 |
diff --git a/sys-firmware/intel-microcode/metadata.xml b/sys-firmware/intel-microcode/metadata.xml |
188 |
index f8bcf6658dd..2d96b231657 100644 |
189 |
--- a/sys-firmware/intel-microcode/metadata.xml |
190 |
+++ b/sys-firmware/intel-microcode/metadata.xml |
191 |
@@ -9,5 +9,6 @@ |
192 |
<flag name="initramfs">install a small initramfs for use with CONFIG_MICROCODE_EARLY</flag> |
193 |
<flag name="monolithic">install the large text microcode.dat (used by older kernels via microcode_ctl)</flag> |
194 |
<flag name="split-ucode">install the split binary ucode files (used by the kernel directly)</flag> |
195 |
+ <flag name="vanilla">install only microcode updates from Intel's official microcode tarball</flag> |
196 |
</use> |
197 |
</pkgmetadata> |