Re: update spectre v2 microcodes blacklist
From: Alexander Sergeyev
Date: Sat Feb 10 2018 - 12:11:26 EST
I didn't fully match the updated revision guidance and spectre_bad_microcodes
I compared these lists and it seems that the only difference is about skylakes.
Everything else is covered by less-or-equal criteria on revision version.
Both desktop and mobile skylakes are stated to be unaffected for 0xC2:
{ INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, // signature 0x000506E3
{ INTEL_FAM6_SKYLAKE_MOBILE, 0x03, 0xc2 }, // signature 0x000406E3
I reformated the Intel bulletin into json format for ease of automation and
batch processing -- it is attached.
Raw diff between the mainline blacklist and the bulletin looks like:
@@ -1,5 +1,6 @@
{ INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 },
{ INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b },
+{ INTEL_FAM6_BROADWELL_X, 0x01, 0x0b000023 },
{ INTEL_FAM6_BROADWELL_X, 0x01, 0x0b000025 },
{ INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 },
{ INTEL_FAM6_BROADWELL_XEON_D, 0x03, 0x07000011 },
@@ -9,12 +10,10 @@
{ INTEL_FAM6_HASWELL_X, 0x02, 0x3b },
{ INTEL_FAM6_HASWELL_X, 0x04, 0x10 },
{ INTEL_FAM6_IVYBRIDGE_X, 0x04, 0x42a },
-{ INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x84 },
-{ INTEL_FAM6_KABYLAKE_DESKTOP, 0x0a, 0x84 },
-{ INTEL_FAM6_KABYLAKE_DESKTOP, 0x0b, 0x84 },
-{ INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x84 },
-{ INTEL_FAM6_KABYLAKE_MOBILE, 0x0a, 0x84 },
-{ INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 },
-{ INTEL_FAM6_SKYLAKE_MOBILE, 0x03, 0xc2 },
-{ INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e },
+{ INTEL_FAM6_KABYLAKE_DESKTOP, 0x09, 0x80 },
+{ INTEL_FAM6_KABYLAKE_DESKTOP, 0x0a, 0x80 },
+{ INTEL_FAM6_KABYLAKE_DESKTOP, 0x0b, 0x80 },
+{ INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 },
+{ INTEL_FAM6_KABYLAKE_MOBILE, 0x0a, 0x80 },
+{ INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003a },
{ INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c },
Note: Gemini Lake and Sandy Bridge are not considered (observed in wild).
Attachment:
microcode-update-guidance.json
Description: application/json