contrib

History

Predrag Ivanović 6d8574d14b [notify] intel-ucode: Security update for MDS. Update CPU microcode to mitigate 4 variants of the data sampling flaw: - CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS)) - CVE-2018-12127 (Microarchitectural Load Port Data Samping (MLPDS)) - CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS)) - CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM)) References: - https://seclists.org/bugtraq/2019/May/43 - https://security-tracker.debian.org/tracker/DSA-4447-1 - https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS - https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html		2019-05-15 17:07:31 +02:00
..
.footprint
.signature	[notify] intel-ucode: Security update for MDS.	2019-05-15 17:07:31 +02:00
Pkgfile	[notify] intel-ucode: Security update for MDS.	2019-05-15 17:07:31 +02:00
README	intel-ucode: add README	2018-02-22 17:52:23 +01:00

README

post-install
---
Enabling Intel microcode updates

Microcode must be loaded by the bootloader.
These updates must be enabled by adding /boot/early-ucode.cpio as the *FIRST* initrd in the bootloader config file.
This is in addition to the normal initrd file, if you are using one.

GRUB2
---
- Automatic method

grub-mkconfig will automatically detect the microcode update and configure GRUB appropriately.
After installing the intel-ucode package, regenerate the GRUB config to activate loading the microcode update by running:

# grub-mkconfig -o /boot/grub/grub.cfg


- Manual method

Alternatively, manually add /boot/early-ucode.cpio to grub.cfg, so
it looks similar to below:

echo    'Loading Linux 4.15.3 ...'
linux   /boot/vmlinuz-4.15.3 root=/dev/sdb1 ro rootfstype=ext4 rootfstype=ext4 quiet
echo    'Loading intel microcode ...'
initrd  /boot/early-ucode.cpio $OTHER_INITRD

You'll have to do it for every kernel you have,
so the use of the automagic method is reccomended.

OTHER BOOTLOADERS
---
Patches to add them to the README welcome :)