D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
usr
/
share
/
doc
/
microcode_ctl
/
caveats
/
Filename :
06-55-04_readme
back
Copy
Intel Skylake Scalable Platform CPU models that belong to Workstation and HEDT (Basin Falls) segment (SKL-W/X, family 6, model 85, stepping 4) had reports of system hangs on reboot when revision 0x2000065 of microcode, that was included from microcode-20191112 update up to microcode-20200520 update, was applied[1]. In order to address this, microcode update to the newer revision had been disabled by default on these systems, and the previously published microcode revision 0x2000064 is used by default for the OS-driven microcode update. Since revision 0x2006906 (included with the microcode-20200609 release) it is reported that the issue is no longer present, so the newer microcode revision is enabled by default now (but can be disabled explicitly; see below). [1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21 For the reference, SHA1 checksums of 06-55-04 microcode files containing microcode revisions in question are listed below: * 06-55-04, revision 0x2000064: 2e405644a145de0f55517b6a9de118eec8ec1e5a * 06-55-04, revision 0x2000065: f27f12b9d53f492c297afd856cdbc596786fad23 * 06-55-04, revision 0x2006906: 5f18f985f6d5ad369b5f6549b7f3ee55acaef967 * 06-55-04, revision 0x2006a08: 4059fb1f60370297454177f63cd7cc20b3fa1212 * 06-55-04, revision 0x2006a0a: 7ec27025329c82de9553c14a78733ad1013e5462 * 06-55-04, revision 0x2006b06: cb5bec976cb9754e3a22ab6828b3262a8f9eccf7 * 06-55-04, revision 0x2006c0a: 76b641375d136c08f5feb46aacebee40468ac085 * 06-55-04, revision 0x2006d05: dc4207cf4eb916ff34acbdddc474db0df781234f * 06-55-04, revision 0x2006e05: bc67d247ad1c9a834bec5e452606db1381d6bc7e * 06-55-04, revision 0x2006f05: c47277a6a47caedb518f311ce5d339528a8347e2 * 06-55-04, revision 0x2007006: 68ae0f321685ff97b50266bc20818f31563fc67c Please contact your system vendor for a BIOS/firmware update that contains the latest microcode version. For the information regarding microcode versions required for mitigating specific side-channel cache attacks, please refer to the following knowledge base articles: * CVE-2017-5715 ("Spectre"): https://access.redhat.com/articles/3436091 * CVE-2018-3639 ("Speculative Store Bypass"): https://access.redhat.com/articles/3540901 * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"): https://access.redhat.com/articles/3562741 * CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091 ("Microarchitectural Data Sampling"): https://access.redhat.com/articles/4138151 * CVE-2019-0117 (Intel SGX Information Leak), CVE-2019-0123 (Intel SGX Privilege Escalation), CVE-2019-11135 (TSX Asynchronous Abort), CVE-2019-11139 (Voltage Setting Modulation): https://access.redhat.com/solutions/2019-microcode-nov * CVE-2020-0543 (Special Register Buffer Data Sampling), CVE-2020-0548 (Vector Register Data Sampling), CVE-2020-0549 (L1D Cache Eviction Sampling): https://access.redhat.com/solutions/5142751 * CVE-2020-8695 (Information disclosure issue in Intel SGX via RAPL interface), CVE-2020-8696 (Vector Register Leakage-Active), CVE-2020-8698 (Fast Forward Store Predictor): https://access.redhat.com/articles/5569051 * CVE-2020-24489 (VT-d-related Privilege Escalation), CVE-2020-24511 (Improper Isolation of Shared Resources), CVE-2020-24512 (Observable Timing Discrepancy), CVE-2020-24513 (Information Disclosure on Some Intel Atom Processors): https://access.redhat.com/articles/6101171 * CVE-2021-0127 (Intel Processor Breakpoint Control Flow): https://access.redhat.com/articles/6716541 * CVE-2022-0005 (Informational disclosure via JTAG), CVE-2022-21123 (Shared Buffers Data Read), CVE-2022-21125 (Shared Buffers Data Sampling), CVE-2022-21127 (Update to Special Register Buffer Data Sampling), CVE-2022-21131 (Protected Processor Inventory Number (PPIN) access protection), CVE-2022-21136 (Overclocking service access protection), CVE-2022-21151 (Optimization Removal-Induced Informational Disclosure), CVE-2022-21166 (Device Register Partial Write): https://access.redhat.com/articles/6963124 * CVE-2022-21233 (Stale Data Read from legacy xAPIC): https://access.redhat.com/articles/6976398 The information regarding disabling microcode update is provided below. To disable usage of the newer microcode revision for a specific kernel version, please create a file "disallow-intel-06-55-04" inside /lib/firmware/<kernel_version> directory, run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directory used for late microcode updates, and run "dracut -f --kver <kernel_version>" so initramfs for this kernel version is regenerated, for example: touch /lib/firmware/3.10.0-862.9.1/disallow-intel-06-55-04 /usr/libexec/microcode_ctl/update_ucode dracut -f --kver 3.10.0-862.9.1 To disable usage of the newer microcode revision for all kernels, please create file "/etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04", run "/usr/libexec/microcode_ctl/update_ucode" to update firmware directories used for late microcode updates, and run "dracut -f --regenerate-all" so initramfs images get regenerated, for example: mkdir -p /etc/microcode_ctl/ucode_with_caveats touch /etc/microcode_ctl/ucode_with_caveats/disallow-intel-06-55-04 /usr/libexec/microcode_ctl/update_ucode dracut -f --regenerate-all Please refer to /usr/share/doc/microcode_ctl/README.caveats for additional information.
Name
Size
Last Modified
Owner
Permissions
Actions
06-2d-07_readme
2.908
KB
March 25 2025 7:38:30
root
0644
06-4e-03_readme
4.62
KB
March 25 2025 7:38:30
root
0644
06-4f-01_readme
3.855
KB
March 25 2025 7:38:30
root
0644
06-55-04_readme
5.322
KB
March 25 2025 7:38:30
root
0644
06-5e-03_readme
4.667
KB
March 25 2025 7:38:30
root
0644
06-8c-01_readme
3.441
KB
March 25 2025 7:38:30
root
0644
06-8e-9e-0x-0xca_readme
12.115
KB
March 25 2025 7:38:30
root
0644
06-8e-9e-0x-dell_readme
12.104
KB
March 25 2025 7:38:30
root
0644
intel_readme
2.403
KB
March 25 2025 7:38:30
root
0644
2017 © D7net | D704T team