Bug#985609: buster-pu: package intel-microcode/3.20210216.1~deb10u1

Henrique de Moraes Holschuh Sat, 20 Mar 2021 09:45:14 -0700

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu


I'd like to update the intel-microcode in buster non-free.

This is a safe update: it only changes a few microcodes from what is
alrady in buster non-free, fixing a security issue.  There are no
regressions reported regarding this microcode update [when compared with
what is already in non-free buster].

Here's the relevant changelog:
intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium

  * RELEASE MANAGER INFORMATION: this update mitigates an extra security
    issue on a few processors, as described in 3.20210216.1 changelog.
    It has zero reports of regressions when compared with 3.20201118.1~deb10u1
    thus it is a safe stable update.
  * Rebuild for buster, keeping all changes to avoid regressions present
    in 3.20201118.1~deb10u1.

 -- Henrique de Moraes Holschuh <h...@debian.org>  Sat, 20 Mar 2021 11:57:37 
-0300

intel-microcode (3.20210216.1) unstable; urgency=medium

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

 -- Henrique de Moraes Holschuh <h...@debian.org>  Wed, 17 Feb 2021 11:26:06 
-0300


The git diff is attached.  Here's the diffstat:

 changelog            |   12 ++++++++++++
 debian/changelog     |   28 ++++++++++++++++++++++++++++
 intel-ucode/06-55-04 |binary
 intel-ucode/06-55-06 |binary
 intel-ucode/06-55-07 |binary
 license              |    2 +-
 releasenote.md       |   23 +++++++++++++++++++++++
 7 files changed, 64 insertions(+), 1 deletion(-)

Thank you.

-- 
  Henrique Holschuh

diff --git a/changelog b/changelog
index 2444e14..1c60ff2 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,15 @@
+2021-02-16:
+  * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+    and Cascade Lake Server (B0/B1) when using an active JTAG
+    agent like In Target Probe (ITP), Direct Connect Interface
+    (DCI) or a Baseboard Management Controller (BMC) to take the
+    CPU JTAG/TAP out of reset and then returning it to reset.
+  * This issue is related to the INTEL-SA-00381 mitigation.
+  * Updated Microcodes:
+    sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+    sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+    sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+
 2020-11-18:
   * Removes a faulty microcode update from release 2020-11-10
     which results on boot failures with a MCE (firmware error)
diff --git a/debian/changelog b/debian/changelog
index b746f58..45661aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium
+
+  * RELEASE MANAGER INFORMATION: this update mitigates an extra security
+    issue on a few processors, as described in 3.20210216.1 changelog.
+    It has zero reports of regressions when compared with 3.20201118.1~deb10u1
+    thus it is a safe stable update.
+  * Rebuild for buster, keeping all changes to avoid regressions present
+    in 3.20201118.1~deb10u1.
+
+ -- Henrique de Moraes Holschuh <h...@debian.org>  Sat, 20 Mar 2021 11:57:37 
-0300
+
+intel-microcode (3.20210216.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20210216
+    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+      and Cascade Lake Server (B0/B1) when using an active JTAG
+      agent like In Target Probe (ITP), Direct Connect Interface
+      (DCI) or a Baseboard Management Controller (BMC) to take the
+      CPU JTAG/TAP out of reset and then returning it to reset.
+    * This issue is related to the INTEL-SA-00381 mitigation.
+    * Updated Microcodes:
+      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+  * source: update symlinks to reflect id of the latest release, 20210216
+
+ -- Henrique de Moraes Holschuh <h...@debian.org>  Wed, 17 Feb 2021 11:26:06 
-0300
+
 intel-microcode (3.20201118.1~deb10u1) buster; urgency=high
 
   * Rebuild for buster, with changes to avoid regressions
diff --git a/intel-ucode/06-55-04 b/intel-ucode/06-55-04
index 3822870..aa33771 100644
Binary files a/intel-ucode/06-55-04 and b/intel-ucode/06-55-04 differ
diff --git a/intel-ucode/06-55-06 b/intel-ucode/06-55-06
index 8370d64..6c9e6d7 100644
Binary files a/intel-ucode/06-55-06 and b/intel-ucode/06-55-06 differ
diff --git a/intel-ucode/06-55-07 b/intel-ucode/06-55-07
index 8b1f7e4..9a8f61c 100644
Binary files a/intel-ucode/06-55-07 and b/intel-ucode/06-55-07 differ
diff --git a/license b/license
index 8fbad3d..cb763c9 100644
--- a/license
+++ b/license
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2020 Intel Corporation.
+Copyright (c) 2018-2021 Intel Corporation.
 All rights reserved.
 
 Redistribution.
diff --git a/microcode-20201118.d b/microcode-20210216.d
similarity index 100%
rename from microcode-20201118.d
rename to microcode-20210216.d
diff --git a/releasenote.md b/releasenote.md
index 0c2e2f7..c89508b 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -1,5 +1,28 @@
 # Release Notes
 
+## 
[microcode-20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216)
+
+### Purpose
+
+- Security updates for 
[INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html)
+
+### New Platforms
+
+None
+
+### Updated Platforms
+
+| Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
+|:---------------|:---------|:------------|:---------|:---------|:---------
+| SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable
+| SKX-D          | M1       | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx
+| CLX-SP         | B0       | 06-55-06/bf | 04003003 | 04003006 | Xeon 
Scalable Gen2
+| CLX-SP         | B1       | 06-55-07/bf | 05003003 | 05003006 | Xeon 
Scalable Gen2
+
+### Removed Platforms
+
+None
+
 ## 
[microcode-20201118](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201118)
 
 ### Purpose
diff --git a/supplementary-ucode-20201118_BDX-ML.bin 
b/supplementary-ucode-20210216_BDX-ML.bin
similarity index 100%
rename from supplementary-ucode-20201118_BDX-ML.bin
rename to supplementary-ucode-20210216_BDX-ML.bin

Bug#985609: buster-pu: package intel-microcode/3.20210216.1~deb10u1

Reply via email to