RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1753544 - [rhel-8.2.0] Update Intel microcode version to microcode-20190918
Summary: [rhel-8.2.0] Update Intel microcode version to microcode-20190918
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: microcode_ctl
Version: 8.1
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: rc
: 8.2
Assignee: Eugene Syromiatnikov
QA Contact: Jeff Bastian
URL:
Whiteboard:
Depends On:
Blocks: 1710951 1758538 1760832
TreeView+ depends on / blocked
 
Reported: 2019-09-19 09:16 UTC by Eugene Syromiatnikov
Modified: 2020-12-20 08:18 UTC (History)
3 users (show)

Fixed In Version: microcode_ctl-20190918-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1758538 1760832 (view as bug list)
Environment:
Last Closed: 2020-04-28 16:06:20 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:1761 0 None None None 2020-04-28 16:07:08 UTC

Description Eugene Syromiatnikov 2019-09-19 09:16:15 UTC 
There is a new Intel microcode release[1], that is to be packaged.

[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20190918
Comment 2 Eugene Syromiatnikov 2019-09-19 09:18:55 UTC 
microcode-20190918 release includes the following microcode updates:

Processor             Identifier     Version       Products
Model        Stepping F-MO-S/PI      Old->New
BDW-U/Y      E0/F0    6-3d-4/c0 0000002d->0000002e Core Gen5
HSX-EX       E0       6-3f-4/80 00000014->00000016 Xeon E7 v3
BDW-H/E3     E0/G0    6-47-1/22 00000020->00000021 Core Gen5
BDX-ML       B0/M0/R0 6-4f-1/ef 0b000036->0b000038 Xeon E5/E7 v4; Core i7-69xx/68xx
BDX-DE       V1       6-56-2/10 0000001a->0000001c Xeon D-1520/40
BDX-DE       V2/3     6-56-3/10 07000017->07000019 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
BDX-DE       Y0       6-56-4/10 0f000015->0f000017 Xeon D-1557/59/67/71/77/81/87
BDX-NS       A0       6-56-5/10 0e00000d->0e00000f Xeon D-1513N/23/33/43/53
SKX-SP       H0/M0/U0 6-55-4/b7 0200005e->00000064 Xeon Scalable
SKX-D        M1       6-55-4/b7 0200005e->00000064 Xeon D-21xx
CLX-SP       B1       6-55-7/bf 05000021->0500002b Xeon Scalable Gen2
Comment 8 Jeff Bastian 2019-10-10 18:09:47 UTC 
Verified with microcode_ctl-20190918-2.el8 on 3 different Intel CPU models.

https://beaker.engineering.redhat.com/jobs/3835629

Note: minor bug 1760508 was found while testing Sandy Bridge-EP, but it does not block this update

:::::::::::::::::::::
:: Sandy Bridge-EP ::
:::::::::::::::::::::

[root@dell-prt5600-01 ~]# rpm -q microcode_ctl
microcode_ctl-20190918-2.el8.x86_64

[root@dell-prt5600-01 ~]# ls -l /etc/microcode_ctl/ucode_with_caveats/
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 10:55 force-intel-06-2d-07

[root@dell-prt5600-01 ~]# lscpu | egrep -i -e family -e model -e stepping
CPU family:          6
Model:               45
Model name:          Intel(R) Xeon(R) CPU E5-2667 0 @ 2.90GHz
Stepping:            7

[root@dell-prt5600-01 ~]# uname -r
4.18.0-147.4.el8.x86_64

[root@dell-prt5600-01 ~]# cat /sys/devices/system/cpu/cpu0/microcode/version
0x718

[root@dell-prt5600-01 ~]# journalctl -b0 -o short-monotonic --no-hostname | grep -i microcode | grep -v -e dracut -e restraintd -e dnf
[    0.000000] kernel: microcode: microcode updated early to revision 0x718, date = 2019-05-21
[    3.576162] kernel: microcode: sig=0x206d7, pf=0x1, revision=0x718
[    3.582659] kernel: microcode: Microcode Update Driver: v2.2.
[   21.251783] kernel: [drm] Loading CEDAR Microcode
[   40.200296] systemd[1]: Starting Load CPU microcode update...
[   41.999394] systemd[1]: Started Load CPU microcode update.

[root@dell-prt5600-01 ~]# cd /sys/devices/system/cpu/vulnerabilities

[root@dell-prt5600-01 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^
l1tf               Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
mds                Mitigation: Clear CPU buffers; SMT vulnerable
meltdown           Mitigation: PTI
spec_store_bypass  Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1         Mitigation: usercopy/swapgs barriers and __user pointer sanitization
spectre_v2         Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling


::::::::::::::::::
:: Broadwell-EP ::
::::::::::::::::::

[root@intel-wildcatpass-02 ~]# rpm -q microcode_ctl
microcode_ctl-20190918-2.el8.x86_64

[root@intel-wildcatpass-02 ~]# lscpu | egrep -i -e family -e model -e stepping
CPU family:          6
Model:               79
Model name:          Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz
Stepping:            1

[root@intel-wildcatpass-02 ~]# uname -r
4.18.0-147.4.el8.x86_64

[root@intel-wildcatpass-02 ~]# cat /sys/devices/system/cpu/cpu0/microcode/version
0xb000038

[root@intel-wildcatpass-02 ~]# journalctl -b0 -o short-monotonic --no-hostname | grep -i microcode | grep -v -e dracut -e restraintd -e dnf
[    0.000000] kernel: microcode: microcode updated early to revision 0xb000038, date = 2019-06-18
[    3.587315] kernel: microcode: sig=0x406f1, pf=0x1, revision=0xb000038
[    3.597670] kernel: microcode: Microcode Update Driver: v2.2.
[    9.785339] systemd[1]: Starting Load CPU microcode update...
[    9.842720] systemd[1]: Started Load CPU microcode update.

[root@intel-wildcatpass-02 ~]# cd /sys/devices/system/cpu/vulnerabilities

[root@intel-wildcatpass-02 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^
l1tf               Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
mds                Mitigation: Clear CPU buffers; SMT vulnerable
meltdown           Mitigation: PTI
spec_store_bypass  Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1         Mitigation: usercopy/swapgs barriers and __user pointer sanitization
spectre_v2         Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling


:::::::::::::::
:: Skylake-X ::
:::::::::::::::

[root@dell-per740-03 ~]# rpm -q microcode_ctl
microcode_ctl-20190918-2.el8.x86_64

[root@dell-per740-03 ~]# lscpu | egrep -i -e family -e model -e stepping
CPU family:          6
Model:               85
Model name:          Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz
Stepping:            4

[root@dell-per740-03 ~]# uname -r
4.18.0-147.4.el8.x86_64

[root@dell-per740-03 ~]# cat /sys/devices/system/cpu/cpu0/microcode/version
0x2000064

[root@dell-per740-03 ~]# journalctl -b0 -o short-monotonic --no-hostname | grep -i microcode | grep -v -e dracut -e restraintd -e dnf
[    0.000000] kernel: microcode: microcode updated early to revision 0x2000064, date = 2019-07-31
[    3.573148] kernel: microcode: sig=0x50654, pf=0x80, revision=0x2000064
[    3.579609] kernel: microcode: Microcode Update Driver: v2.2.
[   11.811731] systemd[1]: Starting Load CPU microcode update...
[   11.855131] systemd[1]: Started Load CPU microcode update.

[root@dell-per740-03 ~]# cd /sys/devices/system/cpu/vulnerabilities

[root@dell-per740-03 vulnerabilities]# grep . * | sed 's/:/^/' | column -t -s^
l1tf               Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
mds                Mitigation: Clear CPU buffers; SMT vulnerable
meltdown           Mitigation: PTI
spec_store_bypass  Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1         Mitigation: usercopy/swapgs barriers and __user pointer sanitization
spectre_v2         Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling
Comment 9 Jeff Bastian 2019-10-10 18:17:34 UTC 
(In reply to Jeff Bastian from comment #8)
> ::::::::::::::::::
> :: Broadwell-EP ::
> ::::::::::::::::::
> 
> [root@intel-wildcatpass-02 ~]# rpm -q microcode_ctl
> microcode_ctl-20190918-2.el8.x86_64


I forgot to mention this CPU require a caveats "force" file too:

[root@intel-wildcatpass-02 ~]# ls -l /etc/microcode_ctl/ucode_with_caveats/
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 10:56 force-intel-06-4f-01
Comment 12 errata-xmlrpc 2020-04-28 16:06:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1761
Note You need to log in before you can comment on or make changes to this bug.