diff options
Diffstat (limited to 'sys-firmware/intel-microcode')
-rw-r--r-- | sys-firmware/intel-microcode/Manifest | 3 | ||||
-rw-r--r-- | sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild | 287 |
2 files changed, 290 insertions, 0 deletions
diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest index bf398b278e34..0e21277f647f 100644 --- a/sys-firmware/intel-microcode/Manifest +++ b/sys-firmware/intel-microcode/Manifest @@ -4,16 +4,19 @@ DIST intel-microcode-collection-20230512.tar.xz 12924124 BLAKE2B 3593d9dd9d46281 DIST intel-microcode-collection-20230520.tar.xz 12720520 BLAKE2B 804579eb05c5b8835565dec3560d059f909d13da853d37c79ddbaa049b94f96e811a2240ab043dfdbf59074e683383f5c17e76ceb0e7f6cccffdaad330bf7de1 SHA512 6302866edf5a5209f8dfc80817fe306fc11376ac7d70450f32e38483902c428365fb553c57e989a6ca6e1cf07573352c9b500764250a815c4aff6b9f6b6d47fb DIST intel-microcode-collection-20230804.tar.xz 12972872 BLAKE2B b2d04ad679b537fbcff7327e4eb9de5d989a3bc6057f4ef339908921fb71275f8374d1db1234f36dd8b07587133c4d2e59f1910f854038253d4cd36d5e6d2dcf SHA512 9e47ee898b5ea1da3fc115de6e8f9e5e6b2eeb74a178c3226cb2bbdf0b1677ac95c40f5d4d874c7e054bf8293e4c2457e32c953a371ab34dd16c43841412f71e DIST intel-microcode-collection-20231007.tar.xz 13997252 BLAKE2B fdd9f42c1b8945c4fdc9eed3b07959ac193df365dce7ff0f81c5f10916581914800701a57f9a57822369967a24cb092acb770f79815c5f595633f3e19a3e3fb5 SHA512 59fe08497c8c4a137c7212a8cc4bd038a740059059ae938dff7759c6797a29d008df7661c7f0fb20ea673f12df40479866d62278bb58a79e78789704a76cfc88 +DIST intel-microcode-collection-20231114.tar.xz 13782912 BLAKE2B 65e2e8753e41fb140abdcc821b6fcdf9b930bcfcd24dcf523ab334c7cbfe1ce2f891b8c4385adb2a6ab4896a08215f140698a028265d0bfbc18b6fbd66720b3c SHA512 c9e590053f2fcd8882727476ea08c7ff68d2f65487c87845513c0037f741e4548b56bee69b0c05b864f92f23e1453f638e5547f716319a861c4f0de8f51a39da DIST intel-ucode-sig_0x406e3-rev_0xd6.bin 101376 BLAKE2B 66d55867954d69dda1425febd93bb8c89f7aa836d504f8b5fee127f8505bcf2246f4fcc55cc245bc5e532528d60cca2eee278de7ab5174dc2862db7982a2b36f SHA512 248066b521bf512b5d8e4a8c7e921464ce52169c954d6e4ca580d8c172cd789519e22b4cf56c212e452b4191741f0202019f7061d322c9433b5af9ce5413b567 DIST microcode-20221108.tar.gz 6436305 BLAKE2B e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 SHA512 d86bee1269d31d3028f0d2b7d4886795b96d8f1f9d5dbd5149c2dd4cec3b0319fd869f8138f283e2135ecb0bb6387cfd3c2ef1f597b4194a250ac4f2df7f15a4 DIST microcode-20230214.tar.gz 12088391 BLAKE2B d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5 SHA512 6456cd6719923eeacb1f9d6d7372efd2bcd0de9e04350c722543ff41e45c7715ba52a2d330ad5818fbf44ea9df6b2ac482d6f8bd420b191427881dcfe3bd81e2 DIST microcode-20230512.tar.gz 12654272 BLAKE2B 302aedf0b57719d1009be0dea513da7290b41842117951a0081f866024d5380c65850638ee3d2e87c8d9efcac4da58650463b0c31373d661fe74b8a3a380e099 SHA512 e21c82846f7f5e2c8d9559931e90389a7d21f8a59fbdec4c5b11fe43f010a21d3e9f27d67be12fe98b3dbdf26558a8ed74dc149bedd93f4b7728795dc6e86d48 DIST microcode-20230613.tar.gz 12338446 BLAKE2B 56bffb26687fd3a20b79b4540ae10c98b2875e3edb84583b679ddc75e339193db4bddece25c7e5cb26b79f5e6ce2d10fcc318c55e13c05d8611198e4c571354b SHA512 460e46d20f71df1247affa2ca397b961ce3d77e3456144c6b7358e48c3239e9c077ff4c512b0c4b7d9a86f33fed094db8b3ac65b1a4047bb853212848d929639 DIST microcode-20230808.tar.gz 13011561 BLAKE2B 400ba9b91a7048c780377d49ff6cb00458c60a9d53c2e5cef1eb99170ca8f0cad66336841d14869bd42d182f7d8df27a2fa9cb982b0df0c5fc9f62325b6acb69 SHA512 8316eb9d35b315e630c6c9fab1ba601b91e72cc42926ef14e7c2b77e7025d276ae06c143060f44cd1a873d3879c067d11ad82e1886c796e6be6bf466243ad85b +DIST microcode-20231114.tar.gz 12466839 BLAKE2B e6084c92e9c3cc627af25a7f2f7fb26230b6ed117ddc197d19991df2816334132af92925f23af829bad005c32d0bd3afc362055ef223a599799d846216cf7612 SHA512 a684444ef81e81687ff43b8255e95675eed1d728053bb1a483a60e94e2d2d43f10fc12522510b22daf90c4debd8f035e6b9a565813aa799c2e1e3a464124f59b EBUILD intel-microcode-20221108_p20221102.ebuild 10616 BLAKE2B a7789417b54d4388f2b6818ae6e8262aee8705b3f214fc145f1a6aa512edaac8ddf6b671b3b82de8a45b0233eca49586a655212459268a9f6889b212039230bb SHA512 33fd46a7451052be02f0b7aa6bfea55635b2563afdbb5aa67e141d6a037585e2ed86e43aee24cf117e4b617ee01407a29e080809e662590b4b7ff82ae4208e4f EBUILD intel-microcode-20230214_p20230212.ebuild 10613 BLAKE2B 537fbc7c2f64c89971bd9afb790dfeea24d3f9a3a1d4f58a5a1a4a86654598aff1644c72106f9db60b80428b146388a465b1ade91c532fd88f8def51bef7e356 SHA512 db183b89c71d411d78d16434ade9b7af743646a10388bf0826682d1cfb25dc5c6fc0d5b71368b28e32b112bb7db93ae1299079d86882ddd101d6eac173a4a300 EBUILD intel-microcode-20230512_p20230512.ebuild 10613 BLAKE2B 537fbc7c2f64c89971bd9afb790dfeea24d3f9a3a1d4f58a5a1a4a86654598aff1644c72106f9db60b80428b146388a465b1ade91c532fd88f8def51bef7e356 SHA512 db183b89c71d411d78d16434ade9b7af743646a10388bf0826682d1cfb25dc5c6fc0d5b71368b28e32b112bb7db93ae1299079d86882ddd101d6eac173a4a300 EBUILD intel-microcode-20230613_p20230520.ebuild 10795 BLAKE2B cd783f7a9383bb28834f5471ee29a9a66ff8b693b2544d6f417f363f1ab40b68c4e5bb6d26bae45738aabda7f116709cd80373fc9bb47316a5f6ef9593a76e3e SHA512 23d7463eb94107061bfc0d1770b9083097b1b68db02d8e356f38224cfac20e9ea60ae791b39bccc953e7108004aa6cdf0c1522b3b6707b030fe353f6e26e5241 EBUILD intel-microcode-20230808_p20230804.ebuild 10795 BLAKE2B cd783f7a9383bb28834f5471ee29a9a66ff8b693b2544d6f417f363f1ab40b68c4e5bb6d26bae45738aabda7f116709cd80373fc9bb47316a5f6ef9593a76e3e SHA512 23d7463eb94107061bfc0d1770b9083097b1b68db02d8e356f38224cfac20e9ea60ae791b39bccc953e7108004aa6cdf0c1522b3b6707b030fe353f6e26e5241 EBUILD intel-microcode-20230808_p20231007.ebuild 10795 BLAKE2B cd783f7a9383bb28834f5471ee29a9a66ff8b693b2544d6f417f363f1ab40b68c4e5bb6d26bae45738aabda7f116709cd80373fc9bb47316a5f6ef9593a76e3e SHA512 23d7463eb94107061bfc0d1770b9083097b1b68db02d8e356f38224cfac20e9ea60ae791b39bccc953e7108004aa6cdf0c1522b3b6707b030fe353f6e26e5241 +EBUILD intel-microcode-20231114_p20231114.ebuild 10797 BLAKE2B b7bc9c50804e6ed95ee2a8e44cbba8a1ceb70a9eca6087e769b100c92f14acbbcafa5f3c9ef577d275ee3d2411934526b8120e1ebedb50bfc0954eab07d1fd14 SHA512 b4fb7698ea87becac77b564cd5fa5b0de45c6cbd5831694fe63647ac0f4dd1dfd2019821164799f1f079cbeefe48102da30fc0f298fb49997f3196d1240474e0 MISC metadata.xml 853 BLAKE2B b9103bc6c00cd36211b33060a28dc72159fa1309644f6dc8005c415c8eb435217f1e39ba70a289bf9f93a3edac7e73f2227bfe711e745f8743ae455e2d1caa4a SHA512 c425c341725210af9693ed50ae9b9f91cd4c44539f1abe5fff9f59c3441eed39aee6746c881f7a812aec1bab1a8c4974e111980211cf4cfb55e1bdb12e394631 diff --git a/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild new file mode 100644 index 000000000000..8f5ab874339b --- /dev/null +++ b/sys-firmware/intel-microcode/intel-microcode-20231114_p20231114.ebuild @@ -0,0 +1,287 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit linux-info mount-boot + +# Find updates by searching and clicking the first link (hopefully it's the one): +# https://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File +# +# +# Package Maintenance instructions: +# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild +# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files +# 3. The COLLECTION_SNAPSHOT is created manually using the following steps: +# a. Clone the repository https://github.com/platomav/CPUMicrocodes +# b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD> +# c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>: +# tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/ +# d. This file can go in your devspace, add the URL to SRC_URI if it's not there +# https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz +# +# PV: +# * the first date is upstream +# * the second date is snapshot (use last commit date in repo) from intel-microcode-collection + +COLLECTION_SNAPSHOT="${PV##*_p}" +INTEL_SNAPSHOT="${PV/_p*}" +#NUM="28087" + +#https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM} +#https://downloadmirror.intel.com/${NUM}/eng/microcode-${INTEL_SNAPSHOT}.tgz + +DESCRIPTION="Intel IA32/IA64 microcode update data" +HOMEPAGE="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files https://github.com/platomav/CPUMicrocodes http://inertiawar.com/microcode/" +SRC_URI=" + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz + https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin + https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz + https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz +" +S="${WORKDIR}" + +LICENSE="intel-ucode" +SLOT="0" +KEYWORDS="-* ~amd64 ~x86" +IUSE="hostonly initramfs +split-ucode vanilla" +REQUIRED_USE="|| ( initramfs split-ucode )" +RESTRICT="binchecks strip" + +BDEPEND=">=sys-apps/iucode_tool-2.3" +# !<sys-apps/microcode-ctl-1.17-r2 due to bug #268586 +RDEPEND="hostonly? ( sys-apps/iucode_tool )" + +# Blacklist bad microcode here. +# 0x000406f1 aka 06-4f-01 aka CPUID 406F1 require newer microcode loader +MICROCODE_BLACKLIST_DEFAULT="-s !0x000406f1" + +# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31 +MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00dc" + +# https://bugs.gentoo.org/722768 +MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000406e3,0xc0,eq:0x00da" + +# https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/49bb67f32a2e3e631ba1a9a73da1c52e1cac7fd9 +MICROCODE_BLACKLIST_DEFAULT+=" -s !0x000806c1,0x80,eq:0x0068" + +# In case we want to set some defaults ... +MICROCODE_SIGNATURES_DEFAULT="" + +# Advanced users only! +# Set MIRCOCODE_SIGNATURES to merge with: +# only current CPU: MICROCODE_SIGNATURES="-S" +# only specific CPU: MICROCODE_SIGNATURES="-s 0x00000f4a -s 0x00010676" +# exclude specific CPU: MICROCODE_SIGNATURES="-s !0x00000686" + +pkg_pretend() { + use initramfs && mount-boot_pkg_pretend +} + +src_prepare() { + default + + if cd Intel-Linux-Processor-Microcode-Data* &>/dev/null; then + # new tarball format from GitHub + mv * ../ || die "Failed to move Intel-Linux-Processor-Microcode-Data*" + cd .. || die + rm -r Intel-Linux-Processor-Microcode-Data* || die + fi + + mkdir intel-ucode-old || die + cp "${DISTDIR}"/intel-ucode-sig_0x406e3-rev_0xd6.bin "${S}"/intel-ucode-old/ || die + + # Prevent "invalid file format" errors from iucode_tool + rm -f "${S}"/intel-ucod*/list || die + + # https://gitlab.com/iucode-tool/iucode-tool/-/issues/4 + rm "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/cpu106C0_plat01_ver00000007_2007-08-24_PRD_923CDFA3.bin || die + + # Remove non-microcode file from list + rm -f "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT}/LICENSE || die + rm -f "${S}"/intel-ucode*/LICENSE || die +} + +src_install() { + # This will take ALL of the upstream microcode sources: + # - microcode.dat + # - intel-ucode/ + # In some cases, they have not contained the same content (eg the directory has newer stuff). + MICROCODE_SRC=( + "${S}"/intel-ucode/ + "${S}"/intel-ucode-with-caveats/ + "${S}"/intel-ucode-old/ + ) + + # Allow users who are scared about microcode updates not included in Intel's official + # microcode tarball to opt-out and comply with Intel marketing + if ! use vanilla; then + MICROCODE_SRC+=( "${S}"/intel-microcode-collection-${COLLECTION_SNAPSHOT} ) + fi + + # These will carry into pkg_preinst via env saving. + : ${MICROCODE_BLACKLIST=${MICROCODE_BLACKLIST_DEFAULT}} + : ${MICROCODE_SIGNATURES=${MICROCODE_SIGNATUES_DEFAULT}} + + opts=( + ${MICROCODE_BLACKLIST} + ${MICROCODE_SIGNATURES} + # be strict about what we are doing + --overwrite + --strict-checks + --no-ignore-broken + # we want to install latest version + --no-downgrade + # show everything we find + --list-all + # show what we selected + --list + ) + + # The earlyfw cpio needs to be in /boot because it must be loaded before + # rootfs is mounted. + use initramfs && dodir /boot && opts+=( --write-earlyfw="${ED}/boot/intel-uc.img" ) + + keepdir /lib/firmware/intel-ucode + opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" ) + + iucode_tool \ + "${opts[@]}" \ + "${MICROCODE_SRC[@]}" \ + || die "iucode_tool ${opts[@]} ${MICROCODE_SRC[@]}" + + dodoc releasenote.md +} + +pkg_preinst() { + if [[ ${MICROCODE_BLACKLIST} != ${MICROCODE_BLACKLIST_DEFAULT} ]]; then + ewarn "MICROCODE_BLACKLIST is set to \"${MICROCODE_BLACKLIST}\" instead of default \"${MICROCODE_BLACKLIST_DEFAULT}\". You are on your own!" + fi + + if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then + ewarn "Package was created using advanced options:" + ewarn "MICROCODE_SIGNATURES is set to \"${MICROCODE_SIGNATURES}\" instead of default \"${MICROCODE_SIGNATURES_DEFAULT}\"!" + fi + + # Make sure /boot is available if needed. + use initramfs && mount-boot_pkg_preinst + + local _initramfs_file="${ED}/boot/intel-uc.img" + + if use hostonly; then + # While this output looks redundant we do this check to detect + # rare cases where iucode_tool was unable to detect system's processor(s). + local _detected_processors=$(iucode_tool --scan-system 2>&1) + if [[ -z "${_detected_processors}" ]]; then + ewarn "Looks like iucode_tool was unable to detect any processor!" + else + einfo "Only installing ucode(s) for ${_detected_processors#iucode_tool: system has } due to USE=hostonly ..." + fi + + opts=( + --scan-system + # be strict about what we are doing + --overwrite + --strict-checks + --no-ignore-broken + # we want to install latest version + --no-downgrade + # show everything we find + --list-all + # show what we selected + --list + ) + + # The earlyfw cpio needs to be in /boot because it must be loaded before + # rootfs is mounted. + use initramfs && opts+=( --write-earlyfw=${_initramfs_file} ) + + if use split-ucode; then + opts+=( --write-firmware="${ED}/lib/firmware/intel-ucode" ) + fi + + opts+=( "${ED}/lib/firmware/intel-ucode-temp" ) + + mv "${ED}"/lib/firmware/intel-ucode{,-temp} || die + keepdir /lib/firmware/intel-ucode + + iucode_tool "${opts[@]}" || die "iucode_tool ${opts[@]}" + + rm -r "${ED}"/lib/firmware/intel-ucode-temp || die + + elif ! use split-ucode; then # hostonly disabled + rm -r "${ED}"/lib/firmware/intel-ucode || die + fi + + # Because it is possible that this package will install not one single file + # due to user selection which is still somehow unexpected we add the following + # check to inform user so that the user has at least a chance to detect + # a problem/invalid select. + local _has_installed_something= + if use initramfs && [[ -s "${_initramfs_file}" ]]; then + _has_installed_something="yes" + elif use split-ucode; then + _has_installed_something=$(find "${ED}/lib/firmware/intel-ucode" -maxdepth 0 -not -empty -exec echo yes \;) + fi + + if use hostonly && [[ -n "${_has_installed_something}" ]]; then + elog "You only installed ucode(s) for all currently available (=online)" + elog "processor(s). Remember to re-emerge this package whenever you" + elog "change the system's processor model." + elog "" + elif [[ -z "${_has_installed_something}" ]]; then + ewarn "WARNING:" + if [[ ${MICROCODE_SIGNATURES} != ${MICROCODE_SIGNATURES_DEFAULT} ]]; then + ewarn "No ucode was installed! Because you have created this package" + ewarn "using MICROCODE_SIGNATURES variable please double check if you" + ewarn "have an invalid select." + ewarn "It's rare but it is also possible that just no ucode update" + ewarn "is available for your processor(s). In this case it is safe" + ewarn "to ignore this warning." + else + ewarn "No ucode was installed! It's rare but it is also possible" + ewarn "that just no ucode update is available for your processor(s)." + ewarn "In this case it is safe to ignore this warning." + fi + + ewarn "" + + if use hostonly; then + ewarn "Unset \"hostonly\" USE flag to install all available ucodes." + ewarn "" + fi + fi +} + +pkg_prerm() { + # Make sure /boot is mounted so that we can remove /boot/intel-uc.img! + use initramfs && mount-boot_pkg_prerm +} + +pkg_postrm() { + # Don't forget to umount /boot if it was previously mounted by us. + use initramfs && mount-boot_pkg_postrm +} + +pkg_postinst() { + # Don't forget to umount /boot if it was previously mounted by us. + use initramfs && mount-boot_pkg_postinst + + # We cannot give detailed information if user is affected or not: + # If MICROCODE_BLACKLIST wasn't modified, user can still use MICROCODE_SIGNATURES + # to to force a specific, otherwise blacklisted, microcode. So we + # only show a generic warning based on running kernel version: + if kernel_is -lt 4 14 34; then + ewarn "${P} contains microcode updates which require" + ewarn "additional kernel patches which aren't yet included in kernel <4.14.34." + ewarn "Loading such a microcode through kernel interface from an unpatched kernel" + ewarn "can crash your system!" + ewarn "" + ewarn "Those microcodes are blacklisted per default. However, if you have altered" + ewarn "MICROCODE_BLACKLIST or MICROCODE_SIGNATURES, you maybe have unintentionally" + ewarn "re-enabled those microcodes...!" + ewarn "" + ewarn "Check \"${EROOT}/usr/share/doc/${PN}-*/releasenot*\" if your microcode update" + ewarn "requires additional kernel patches or not." + fi +} |