-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
============================================================================= FreeBSD-EN-21:06.microcode Errata Notice
The FreeBSD Project
Topic: Boot-time microcode loading causes a boot hang
Category: core
Module: x86
Announced: 2021-02-24
Affects: FreeBSD 12.2
Corrected: 2021-02-19 20:57:34 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:50 UTC (releng/12.2, 12.2-RELEASE-p4)
For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit <URL:
https://security.FreeBSD.org/>.
I. Background
CPU microcode updates may include security fixes or mitigations. The
boot-time microcode loader applies CPU microcode as early in the boot process as possible, minimizing the amount of code executed without updated
microcode.
Microcode updates for many different CPU types are concatenated into one file and loaded by the boot loader. After the kernel has determined the correct update to apply, it frees the memory containing unused microcode updates, keeping only the update for the CPU on which the kernel is running.
II. Problem Description
An interaction between the code which frees the unused portions of the microcode file and the rest of the system can cause boot hangs.
III. Impact
The kernel may hang during boot if boot-time microcode updates are configured.
IV. Workaround
Systems not configured to load microcode at boot-time are unaffected.
Boot-time microcode loading is currently only supported with Intel CPUs.
On systems that are configured to load microcode at boot-time, setting the "debug.ucode.release" loader tunable to 0 will prevent the microcode update file from being freed, working around the problem.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch
https://security.FreeBSD.org/patches/EN-21:06/microcode.patch
# fetch
https://security.FreeBSD.org/patches/EN-21:06/microcode.patch.asc
# gpg --verify microcode.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in <URL:
https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- ------------------------------------------------------------------------- stable/12/ r369310 releng/12.2/ r369355
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:
https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this advisory is available at <URL:
https://security.FreeBSD.org/advisories/FreeBSD-EN-21:06.microcode.asc> -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15bwACgkQ05eS9J6n 5cLgbg//cottS8aQLl6YmSFs6JIyZwE4RutM2tSrkwkdQmuYLfba3tEyYs3R2iAK x9y5bf9jFG5m7mUVr9QhEPRGrFlKTdTtW682T5ClLrZO1TIWwTUZlEC9omIpAPV3 /A2tFFK253Zhufh2bKol8y8LwEle9MrO2xURj8KOo5dFa0HxSrMeCb+YlINV/iCy hEJPuGvVWr+1rTP0hbKT+lHwtsgV2yB73FuG85p3FtJ4nr7OBlrzDnVgAKANvGTG VTE/g/mqKfQlYqrNccw8Si/K5vh9PNiFjXiercSyMWV1eaYT6WU/a3x94RlISvR7 6t56uWyJ9YTs3+E1bwplIZ/0qrCOvcgYqsv6ANu5/2gysFCNaNACDcAtidcly2UB AL0hDjEQ7sAmsGmjAXfg7bbgUD/1h3saTmI3UmuWayZodMt1w6A0d/3A4bb/yZid rF3gVvgmLBSjsgSXSqYtnS3N+af/rr01/tLaZh/yvO8d0EwFteyGar/dduSCoXbU EK636ZNy+df7k6eCfqeh2/WixqSE7pKw2anQXmn11vHMBWDyuF919jMxrm64OdzT sLlVrGOH8FHbUwnTsNUAfggqO7VUowvfRnYk+CzDElpXqn0Pteq8UCGABLmRKW9u kISBhJwAjnnybyZ5/nvFaAN5UtvG5he0qhpbvArposyvqLdsgZ0=
=j/+s
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "
freebsd-announce-unsubscribe@freebsd.org"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)