summaryrefslogtreecommitdiff
path: root/sys-firmware/intel-microcode
diff options
context:
space:
mode:
Diffstat (limited to 'sys-firmware/intel-microcode')
-rw-r--r--sys-firmware/intel-microcode/Manifest3
-rw-r--r--sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild287
2 files changed, 290 insertions, 0 deletions
diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index bf398b278e34..0e21277f647f 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -4,16 +4,19 @@ DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281
DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb
DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e
DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88
+DIST intel-microcode-collection-20231114.tar.xz 13782912 BLAKE2B 65e2e8753e41fb140abdcc821b6fcdf9b930bcfcd24dcf523ab334c7cbfe1ce2f891b8c4385adb2a6ab4896a08215f140698a028265d0bfbc18b6fbd66720b3c SHA512 c9e590053f2fcd8882727476ea08c7ff68d2f65487c87845513c0037f741e4548b56bee69b0c05b864f92f23e1453f638e5547f716319a861c4f0de8f51a39da
DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567
DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4
DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2
DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48
DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639
DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b
+DIST microcode-20231114.tar.gz 12466839 BLAKE2B e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 SHA512 a684444ef81e81687ff43b8255e95675eed1d728053bb1a483a60e94e2d2d43f10fc12522510b22daf90c4debd8f035e6b9a565813aa799c2e1e3a464124f59b
EBUILD intel-microcode-20221108_p20221102.ebuild 10616 BLAKE2B a7789417b54d4388f2b6818ae6e8262aee8705b3f214fc145f1a6aa512edaac8ddf6b671b3b82de8a45b0233eca49586a655212459268a9f6889b212039230bb SHA512 33fd46a7451052be02f0b7aa6bfea55635b2563afdbb5aa67e141d6a037585e2ed86e43aee24cf117e4b617ee01407a29e080809e662590b4b7ff82ae4208e4f
EBUILD intel-microcode-20230214_p20230212.ebuild 10613 BLAKE2B 537fbc7c2f64c89971bd9afb790dfeea24d3f9a3a1d4f58a5a1a4a86654598aff1644c72106f9db60b80428b146388a465b1ade91c532fd88f8def51bef7e356 SHA512 db183b89c71d411d78d16434ade9b7af743646a10388bf0826682d1cfb25dc5c6fc0d5b71368b28e32b112bb7db93ae1299079d86882ddd101d6eac173a4a300
EBUILD intel-microcode-20230512_p20230512.ebuild 10613 BLAKE2B 537fbc7c2f64c89971bd9afb790dfeea24d3f9a3a1d4f58a5a1a4a86654598aff1644c72106f9db60b80428b146388a465b1ade91c532fd88f8def51bef7e356 SHA512 db183b89c71d411d78d16434ade9b7af743646a10388bf0826682d1cfb25dc5c6fc0d5b71368b28e32b112bb7db93ae1299079d86882ddd101d6eac173a4a300
EBUILD intel-microcode-20230613_p20230520.ebuild 10795 BLAKE2B cd783f7a9383bb28834f5471ee29a9a66ff8b693b2544d6f417f363f1ab40b68c4e5bb6d26bae45738aabda7f116709cd80373fc9bb47316a5f6ef9593a76e3e SHA512 23d7463eb94107061bfc0d1770b9083097b1b68db02d8e356f38224cfac20e9ea60ae791b39bccc953e7108004aa6cdf0c1522b3b6707b030fe353f6e26e5241
EBUILD intel-microcode-20230808_p20230804.ebuild 10795 BLAKE2B cd783f7a9383bb28834f5471ee29a9a66ff8b693b2544d6f417f363f1ab40b68c4e5bb6d26bae45738aabda7f116709cd80373fc9bb47316a5f6ef9593a76e3e SHA512 23d7463eb94107061bfc0d1770b9083097b1b68db02d8e356f38224cfac20e9ea60ae791b39bccc953e7108004aa6cdf0c1522b3b6707b030fe353f6e26e5241
EBUILD intel-microcode-20230808_p20231007.ebuild 10795 BLAKE2B cd783f7a9383bb28834f5471ee29a9a66ff8b693b2544d6f417f363f1ab40b68c4e5bb6d26bae45738aabda7f116709cd80373fc9bb47316a5f6ef9593a76e3e SHA512 23d7463eb94107061bfc0d1770b9083097b1b68db02d8e356f38224cfac20e9ea60ae791b39bccc953e7108004aa6cdf0c1522b3b6707b030fe353f6e26e5241
+EBUILD intel-microcode-20231114_p20231114.ebuild 10797 BLAKE2B b7bc9c50804e6ed95ee2a8e44cbba8a1ceb70a9eca6087e769b100c92f14acbbcafa5f3c9ef577d275ee3d2411934526b8120e1ebedb50bfc0954eab07d1fd14 SHA512 b4fb7698ea87becac77b564cd5fa5b0de45c6cbd5831694fe63647ac0f4dd1dfd2019821164799f1f079cbeefe48102da30fc0f298fb49997f3196d1240474e0
MISC metadata.xml 853 BLAKE2B b9103bc6c00cd36211b33060a28dc72159fa1309644f6dc8005c415c8eb435217f1e39ba70a289bf9f93a3edac7e73f2227bfe711e745f8743ae455e2d1caa4a SHA512 c425c341725210af9693ed50ae9b9f91cd4c44539f1abe5fff9f59c3441eed39aee6746c881f7a812aec1bab1a8c4974e111980211cf4cfb55e1bdb12e394631
diff --git a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
new file mode 100644
index 000000000000..8f5ab874339b
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild
@@ -0,0 +1,287 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info mount-boot
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+#
+#
+# Package Maintenance instructions:
+# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
+# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
+# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
+# a. Clone the repository https://github.com/platomav/CPUMicrocodes
+# b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
+# c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
+# tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
+# d. This file can go in your devspace, add the URL to SRC_URI if it's not there
+# https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+#
+# PV:
+# * the first date is upstream
+# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection
+
+COLLECTION_SNAPSHOT="${PV##*_p}"
+INTEL_SNAPSHOT="${PV/_p*}"
+#NUM="28087"
+
+#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}
+#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz
+
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/"
+SRC_URI="
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
+ https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+ https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
+"
+S="${WORKDIR}"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="hostonly initramfs +split-ucode vanilla"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+RESTRICT="binchecks strip"
+
+BDEPEND=">=sys-apps/iucode_tool-2.3"
+# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586
+RDEPEND="hostonly? ( sys-apps/iucode_tool )"
+
+# Blacklist bad microcode here.
+# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader
+MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc"
+
+# https://bugs.gentoo.org/722768
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da"
+
+# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9
+MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068"
+
+# In case we want to set some defaults ...
+MICROCODE_SIGNATURES_DEFAULT=""
+
+# Advanced users only!
+# Set MIRCOCODE_SIGNATURES to merge with:
+# only current CPU: MICROCODE_SIGNATURES="-S"
+# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676"
+# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686"
+
+pkg_pretend() {
+ use initramfs && mount-boot_pkg_pretend
+}
+
+src_prepare() {
+ default
+
+ if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then
+ # new tarball format from GitHub
+ mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*"
+ cd .. || die
+ rm -r Intel-Linux-Processor-Microcode-Data* || die
+ fi
+
+ mkdir intel-ucode-old || die
+ cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die
+
+ # Prevent "invalid file format" errors from iucode_tool
+ rm -f "${S}"/intel-ucod*/list || die
+
+ # https://gitlab.com/iucode-tool/iucode-tool/-/issues/4
+ rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die
+
+ # Remove non-microcode file from list
+ rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die
+ rm -f "${S}"/intel-ucode*/LICENSE || die
+}
+
+src_install() {
+ # This will take ALL of the upstream microcode sources:
+ # - microcode.dat
+ # - intel-ucode/
+ # In some cases, they have not contained the same content (eg the directory has newer stuff).
+ MICROCODE_SRC=(
+ "${S}"/intel-ucode/
+ "${S}"/intel-ucode-with-caveats/
+ "${S}"/intel-ucode-old/
+ )
+
+ # Allow users who are scared about microcode updates not included in Intel's official
+ # microcode tarball to opt-out and comply with Intel marketing
+ if ! use vanilla; then
+ MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} )
+ fi
+
+ # These will carry into pkg_preinst via env saving.
+ : ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}}
+ : ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}}
+
+ opts=(
+ ${MICROCODE_BLACKLIST}
+ ${MICROCODE_SIGNATURES}
+ # be strict about what we are doing
+ --overwrite
+ --strict-checks
+ --no-ignore-broken
+ # we want to install latest version
+ --no-downgrade
+ # show everything we find
+ --list-all
+ # show what we selected
+ --list
+ )
+
+ # The earlyfw cpio needs to be in /boot because it must be loaded before
+ # rootfs is mounted.
+ use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" )
+
+ keepdir /lib/firmware/intel-ucode
+ opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+
+ iucode_tool \
+ "${opts[@]}" \
+ "${MICROCODE_SRC[@]}" \
+ || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}"
+
+ dodoc releasenote.md
+}
+
+pkg_preinst() {
+ if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then
+ ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!"
+ fi
+
+ if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+ ewarn "Package was created using advanced options:"
+ ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!"
+ fi
+
+ # Make sure /boot is available if needed.
+ use initramfs && mount-boot_pkg_preinst
+
+ local _initramfs_file="${ED}/boot/intel-uc.img"
+
+ if use hostonly; then
+ # While this output looks redundant we do this check to detect
+ # rare cases where iucode_tool was unable to detect system's processor(s).
+ local _detected_processors=$(iucode_tool --scan-system 2>&1)
+ if [[ -z "${_detected_processors}" ]]; then
+ ewarn "Looks like iucode_tool was unable to detect any processor!"
+ else
+ einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..."
+ fi
+
+ opts=(
+ --scan-system
+ # be strict about what we are doing
+ --overwrite
+ --strict-checks
+ --no-ignore-broken
+ # we want to install latest version
+ --no-downgrade
+ # show everything we find
+ --list-all
+ # show what we selected
+ --list
+ )
+
+ # The earlyfw cpio needs to be in /boot because it must be loaded before
+ # rootfs is mounted.
+ use initramfs && opts+=( --write-earlyfw=${_initramfs_file} )
+
+ if use split-ucode; then
+ opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" )
+ fi
+
+ opts+=( "${ED}/lib/firmware/intel-ucode-temp" )
+
+ mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die
+ keepdir /lib/firmware/intel-ucode
+
+ iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}"
+
+ rm -r "${ED}"/lib/firmware/intel-ucode-temp || die
+
+ elif ! use split-ucode; then # hostonly disabled
+ rm -r "${ED}"/lib/firmware/intel-ucode || die
+ fi
+
+ # Because it is possible that this package will install not one single file
+ # due to user selection which is still somehow unexpected we add the following
+ # check to inform user so that the user has at least a chance to detect
+ # a problem/invalid select.
+ local _has_installed_something=
+ if use initramfs && [[ -s "${_initramfs_file}" ]]; then
+ _has_installed_something="yes"
+ elif use split-ucode; then
+ _has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;)
+ fi
+
+ if use hostonly && [[ -n "${_has_installed_something}" ]]; then
+ elog "You only installed ucode(s) for all currently available (=online)"
+ elog "processor(s). Remember to re-emerge this package whenever you"
+ elog "change the system's processor model."
+ elog ""
+ elif [[ -z "${_has_installed_something}" ]]; then
+ ewarn "WARNING:"
+ if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then
+ ewarn "No ucode was installed! Because you have created this package"
+ ewarn "using MICROCODE_SIGNATURES variable please double check if you"
+ ewarn "have an invalid select."
+ ewarn "It's rare but it is also possible that just no ucode update"
+ ewarn "is available for your processor(s). In this case it is safe"
+ ewarn "to ignore this warning."
+ else
+ ewarn "No ucode was installed! It's rare but it is also possible"
+ ewarn "that just no ucode update is available for your processor(s)."
+ ewarn "In this case it is safe to ignore this warning."
+ fi
+
+ ewarn ""
+
+ if use hostonly; then
+ ewarn "Unset \"hostonly\" USE flag to install all available ucodes."
+ ewarn ""
+ fi
+ fi
+}
+
+pkg_prerm() {
+ # Make sure /boot is mounted so that we can remove /boot/intel-uc.img!
+ use initramfs && mount-boot_pkg_prerm
+}
+
+pkg_postrm() {
+ # Don't forget to umount /boot if it was previously mounted by us.
+ use initramfs && mount-boot_pkg_postrm
+}
+
+pkg_postinst() {
+ # Don't forget to umount /boot if it was previously mounted by us.
+ use initramfs && mount-boot_pkg_postinst
+
+ # We cannot give detailed information if user is affected or not:
+ # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES
+ # to to force a specific, otherwise blacklisted, microcode. So we
+ # only show a generic warning based on running kernel version:
+ if kernel_is -lt 4 14 34; then
+ ewarn "${P} contains microcode updates which require"
+ ewarn "additional kernel patches which aren't yet included in kernel <4.14.34."
+ ewarn "Loading such a microcode through kernel interface from an unpatched kernel"
+ ewarn "can crash your system!"
+ ewarn ""
+ ewarn "Those microcodes are blacklisted per default. However, if you have altered"
+ ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally"
+ ewarn "re-enabled those microcodes...!"
+ ewarn ""
+ ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update"
+ ewarn "requires additional kernel patches or not."
+ fi
+}