sys-firmware/intel-microcode: add 20240312_p20240312
Signed-off-by: Mike Pagano <mpagano@gentoo.org>
This commit is contained in:
Mike Pagano
parent
7154aad5dd
commit
d9b820aa1f
|
|
@ -5,6 +5,7 @@ DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b88
|
|||
DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
|
||||
DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88
|
||||
DIST intel-microcode-collection-20231114.tar.xz 13782912 BLAKE2B 65e2e8753e41fb140abdcc821b6fcdf9b930bcfcd24dcf523ab334c7cbfe1ce2f891b8c4385adb2a6ab4896a08215f140698a028265d0bfbc18b6fbd66720b3c SHA512 c9e590053f2fcd8882727476ea08c7ff68d2f65487c87845513c0037f741e4548b56bee69b0c05b864f92f23e1453f638e5547f716319a861c4f0de8f51a39da
|
||||
DIST intel-microcode-collection-20240312.tar.xz 13484040 BLAKE2B 947f78698211b372472629e7fdf076021db97f156d812ec2a84c5ab3d5ee374e04191f7881c956c261c6a6a5935b2c779b837879677ee98d44cf8c753a4393b8 SHA512 de577f232035a92ce563475edb4572c6fa40a0a2ee8e76b858de1ca42f905d366d107bf02e4968127ad6fe150baf37e11ed93191e40c1c5913ba34fe77184c00
|
||||
DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
|
||||
DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
|
||||
DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
|
||||
|
|
@ -12,3 +13,4 @@ DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da72
|
|||
DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639
|
||||
DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b
|
||||
DIST microcode-20231114.tar.gz 12466839 BLAKE2B e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 SHA512 a684444ef81e81687ff43b8255e95675eed1d728053bb1a483a60e94e2d2d43f10fc12522510b22daf90c4debd8f035e6b9a565813aa799c2e1e3a464124f59b
|
||||
DIST microcode-20240312.tar.gz 12825665 BLAKE2B 43c771becef0f6dbfd41bf78a9a3cc8f6679a43ea48765d0e7f555c138dca6e3db42a4d33f743d8d51f38b0b6aa69322bba0c00ae9f1ff4c533b52166ee54747 SHA512 f5f3dfb1706675060b00057b5f017c2cb4ac0df74727139185fd167ca67fc6c611e205b1caeded23b006e4d8d314f87537007e7bafba2c87373f6d960988c911
|
||||
|
|
|
|||
|
|
@ -0,0 +1,287 @@
|
|||
# Copyright 1999-2024 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=8
|
||||
|
||||
inherit linux-info mount-boot
|
||||
|
||||
# Find updates by searching and clicking the first link (hopefully it's the one):
|
||||
# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
|
||||
#
|
||||
#
|
||||
# Package Maintenance instructions:
|
||||
# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
|
||||
# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
|
||||
# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
|
||||
# a. Clone the repository https://github.com/platomav/CPUMicrocodes
|
||||
# b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
|
||||
# c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
|
||||
# tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
|
||||
# d. This file can go in your devspace, add the URL to SRC_URI if it's not there
|
||||
# https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
|
||||
#
|
||||
# PV:
|
||||
# * the first date is upstream
|
||||
# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
|
||||
|
||||
COLLECTION_SNAPSHOT="${PV##*_p}"
|
||||
INTEL_SNAPSHOT="${PV/_p*}"
|
||||
#NUM="28087"
|
||||
|
||||
#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
|
||||
#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
|
||||
|
||||
DESCRIPTION="Intel IA32/IA64 microcode update data"
|
||||
HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
|
||||
SRC_URI="
|
||||
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
|
||||
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
|
||||
https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
|
||||
https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
|
||||
"
|
||||
S="${WORKDIR}"
|
||||
|
||||
LICENSE="intel-ucode"
|
||||
SLOT="0"
|
||||
KEYWORDS="-* ~amd64 ~x86"
|
||||
IUSE="hostonly initramfs +split-ucode vanilla"
|
||||
REQUIRED_USE="|| ( initramfs split-ucode )"
|
||||
RESTRICT="binchecks strip"
|
||||
|
||||
BDEPEND=">=sys-apps/iucode_tool-2.3"
|
||||
# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
|
||||
RDEPEND="hostonly? ( sys-apps/iucode_tool )"
|
||||
|
||||
# Blacklist bad microcode here.
|
||||
# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
|
||||
MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
|
||||
|
||||
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
|
||||
MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
|
||||
|
||||
# https://bugs.gentoo.org/722768
|
||||
MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
|
||||
|
||||
# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
|
||||
MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
|
||||
|
||||
# In case we want to set some defaults ...
|
||||
MICROCODE_SIGNATURES_DEFAULT=""
|
||||
|
||||
# Advanced users only!
|
||||
# Set MIRCOCODE_SIGNATURES to merge with:
|
||||
# only current CPU: MICROCODE_SIGNATURES="-S"
|
||||
# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
|
||||
# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
|
||||
|
||||
pkg_pretend() {
|
||||
use initramfs && mount-boot_pkg_pretend
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
default
|
||||
|
||||
if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
|
||||
# new tarball format from GitHub
|
||||
mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
|
||||
cd .. || die
|
||||
rm -r Intel-Linux-Processor-Microcode-Data* || die
|
||||
fi
|
||||
|
||||
mkdir intel-ucode-old || die
|
||||
cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
|
||||
|
||||
# Prevent "invalid file format" errors from iucode_tool
|
||||
rm -f "${S}"/intel-ucod*/list || die
|
||||
|
||||
# https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
|
||||
rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
|
||||
|
||||
# Remove non-microcode file from list
|
||||
rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
|
||||
rm -f "${S}"/intel-ucode*/LICENSE || die
|
||||
}
|
||||
|
||||
src_install() {
|
||||
# This will take ALL of the upstream microcode sources:
|
||||
# - microcode.dat
|
||||
# - intel-ucode/
|
||||
# In some cases, they have not contained the same content (eg the directory has newer stuff).
|
||||
MICROCODE_SRC=(
|
||||
"${S}"/intel-ucode/
|
||||
"${S}"/intel-ucode-with-caveats/
|
||||
"${S}"/intel-ucode-old/
|
||||
)
|
||||
|
||||
# Allow users who are scared about microcode updates not included in Intel's official
|
||||
# microcode tarball to opt-out and comply with Intel marketing
|
||||
if ! use vanilla; then
|
||||
MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
|
||||
fi
|
||||
|
||||
# These will carry into pkg_preinst via env saving.
|
||||
: ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
|
||||
: ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
|
||||
|
||||
opts=(
|
||||
${MICROCODE_BLACKLIST}
|
||||
${MICROCODE_SIGNATURES}
|
||||
# be strict about what we are doing
|
||||
--overwrite
|
||||
--strict-checks
|
||||
--no-ignore-broken
|
||||
# we want to install latest version
|
||||
--no-downgrade
|
||||
# show everything we find
|
||||
--list-all
|
||||
# show what we selected
|
||||
--list
|
||||
)
|
||||
|
||||
# The earlyfw cpio needs to be in /boot because it must be loaded before
|
||||
# rootfs is mounted.
|
||||
use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
|
||||
|
||||
keepdir /lib/firmware/intel-ucode
|
||||
opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
|
||||
|
||||
iucode_tool \
|
||||
"${opts[@]}" \
|
||||
"${MICROCODE_SRC[@]}" \
|
||||
|| die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
|
||||
|
||||
dodoc releasenote.md
|
||||
}
|
||||
|
||||
pkg_preinst() {
|
||||
if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
|
||||
ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
|
||||
fi
|
||||
|
||||
if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
|
||||
ewarn "Package was created using advanced options:"
|
||||
ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
|
||||
fi
|
||||
|
||||
# Make sure /boot is available if needed.
|
||||
use initramfs && mount-boot_pkg_preinst
|
||||
|
||||
local _initramfs_file="${ED}/boot/intel-uc.img"
|
||||
|
||||
if use hostonly; then
|
||||
# While this output looks redundant we do this check to detect
|
||||
# rare cases where iucode_tool was unable to detect system's processor(s).
|
||||
local _detected_processors=$(iucode_tool --scan-system 2>&1)
|
||||
if [[ -z "${_detected_processors}" ]]; then
|
||||
ewarn "Looks like iucode_tool was unable to detect any processor!"
|
||||
else
|
||||
einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
|
||||
fi
|
||||
|
||||
opts=(
|
||||
--scan-system
|
||||
# be strict about what we are doing
|
||||
--overwrite
|
||||
--strict-checks
|
||||
--no-ignore-broken
|
||||
# we want to install latest version
|
||||
--no-downgrade
|
||||
# show everything we find
|
||||
--list-all
|
||||
# show what we selected
|
||||
--list
|
||||
)
|
||||
|
||||
# The earlyfw cpio needs to be in /boot because it must be loaded before
|
||||
# rootfs is mounted.
|
||||
use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
|
||||
|
||||
if use split-ucode; then
|
||||
opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
|
||||
fi
|
||||
|
||||
opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
|
||||
|
||||
mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
|
||||
keepdir /lib/firmware/intel-ucode
|
||||
|
||||
iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
|
||||
|
||||
rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
|
||||
|
||||
elif ! use split-ucode; then # hostonly disabled
|
||||
rm -r "${ED}"/lib/firmware/intel-ucode || die
|
||||
fi
|
||||
|
||||
# Because it is possible that this package will install not one single file
|
||||
# due to user selection which is still somehow unexpected we add the following
|
||||
# check to inform user so that the user has at least a chance to detect
|
||||
# a problem/invalid select.
|
||||
local _has_installed_something=
|
||||
if use initramfs && [[ -s "${_initramfs_file}" ]]; then
|
||||
_has_installed_something="yes"
|
||||
elif use split-ucode; then
|
||||
_has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
|
||||
fi
|
||||
|
||||
if use hostonly && [[ -n "${_has_installed_something}" ]]; then
|
||||
elog "You only installed ucode(s) for all currently available (=online)"
|
||||
elog "processor(s). Remember to re-emerge this package whenever you"
|
||||
elog "change the system's processor model."
|
||||
elog ""
|
||||
elif [[ -z "${_has_installed_something}" ]]; then
|
||||
ewarn "WARNING:"
|
||||
if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
|
||||
ewarn "No ucode was installed! Because you have created this package"
|
||||
ewarn "using MICROCODE_SIGNATURES variable please double check if you"
|
||||
ewarn "have an invalid select."
|
||||
ewarn "It's rare but it is also possible that just no ucode update"
|
||||
ewarn "is available for your processor(s). In this case it is safe"
|
||||
ewarn "to ignore this warning."
|
||||
else
|
||||
ewarn "No ucode was installed! It's rare but it is also possible"
|
||||
ewarn "that just no ucode update is available for your processor(s)."
|
||||
ewarn "In this case it is safe to ignore this warning."
|
||||
fi
|
||||
|
||||
ewarn ""
|
||||
|
||||
if use hostonly; then
|
||||
ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
|
||||
ewarn ""
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
pkg_prerm() {
|
||||
# Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
|
||||
use initramfs && mount-boot_pkg_prerm
|
||||
}
|
||||
|
||||
pkg_postrm() {
|
||||
# Don't forget to umount /boot if it was previously mounted by us.
|
||||
use initramfs && mount-boot_pkg_postrm
|
||||
}
|
||||
|
||||
pkg_postinst() {
|
||||
# Don't forget to umount /boot if it was previously mounted by us.
|
||||
use initramfs && mount-boot_pkg_postinst
|
||||
|
||||
# We cannot give detailed information if user is affected or not:
|
||||
# If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
|
||||
# to to force a specific, otherwise blacklisted, microcode. So we
|
||||
# only show a generic warning based on running kernel version:
|
||||
if kernel_is -lt 4 14 34; then
|
||||
ewarn "${P} contains microcode updates which require"
|
||||
ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
|
||||
ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
|
||||
ewarn "can crash your system!"
|
||||
ewarn ""
|
||||
ewarn "Those microcodes are blacklisted per default. However, if you have altered"
|
||||
ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
|
||||
ewarn "re-enabled those microcodes...!"
|
||||
ewarn ""
|
||||
ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
|
||||
ewarn "requires additional kernel patches or not."
|
||||
fi
|
||||
}
|
||||
Loading…
Reference in New Issue