From owner-freebsd-hackers@freebsd.org  Wed Jul 10 18:17:32 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51D7915DF465
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Wed, 10 Jul 2019 18:17:32 +0000 (UTC) (envelope-from mike@sentex.net)
Received: from pyroxene.sentex.ca (unknown [IPv6:2607:f3e0:0:3::18])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "pyroxene.sentex.ca",
 Issuer "Let's Encrypt Authority X3" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6B90B6AA3D;
 Wed, 10 Jul 2019 18:17:31 +0000 (UTC) (envelope-from mike@sentex.net)
Received: from [192.168.43.29] ([192.168.43.29])
 by pyroxene.sentex.ca (8.15.2/8.15.2) with ESMTPS id x6AIHRe3037260
 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO);
 Wed, 10 Jul 2019 14:17:28 -0400 (EDT) (envelope-from mike@sentex.net)
Subject: Re: FreeBSD mds mitigation.
To: "damian@damianek.be" <damian@damianek.be>, freebsd-hackers@freebsd.org
References: <CA+6J3vcK_FxBbnx+zyo3kFr3dB2LF5C4qQoiH5=bMd04aTjzKQ@mail.gmail.com>
 <20190710095247.GC47193@kib.kiev.ua>
 <CA+6J3veBFdeTbeeQ_9EZo4L36A0cMREQjab8E6Z1LgNAvJAZ1Q@mail.gmail.com>
 <babedd6c-2c8b-eb5d-7a55-bd403c131054@sentex.net>
 <CA+6J3vf979X2LOZRZ6RFOHzSYLduoJVXTsnHtF6BZkqB=WnTjg@mail.gmail.com>
From: mike tancsa <mike@sentex.net>
Message-ID: <71f9d553-7880-eb1d-3bb0-847e5693c599@sentex.net>
Date: Wed, 10 Jul 2019 14:17:28 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CA+6J3vf979X2LOZRZ6RFOHzSYLduoJVXTsnHtF6BZkqB=WnTjg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Rspamd-Queue-Id: 6B90B6AA3D
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of mike@sentex.net designates
 2607:f3e0:0:3::18 as permitted sender) smtp.mailfrom=mike@sentex.net
X-Spamd-Result: default: False [-0.65 / 15.00]; ARC_NA(0.00)[];
 TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2];
 RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f3e0::/32];
 NEURAL_HAM_LONG(-0.99)[-0.994,0]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[sentex.net]; RDNS_NONE(1.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[cached: smtp.sentex.ca];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.18)[-0.180,0];
 NEURAL_HAM_MEDIUM(-0.94)[-0.942,0];
 IP_SCORE(-1.72)[ipnet: 2607:f3e0::/32(-4.94), asn: 11647(-3.58), country:
 CA(-0.09)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:11647, ipnet:2607:f3e0::/32, country:CA];
 HFILTER_HOSTNAME_UNKNOWN(2.50)[]; MID_RHS_MATCH_FROM(0.00)[];
 FORGED_RECIPIENTS(0.00)[damian@damianek.be .., freebsd-hackers@freebsd.org ...]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 18:17:32 -0000


On 7/10/2019 1:21 PM, damian@damianek.be wrote:
> śr., 10 lip 2019 o 18:56 Mike Tancsa <mike@sentex.net> napisał(a):
>
>> Try the port
>>
>> sysutils/devcpu-data/
>>
>>
> FreeBSD port is stale, does not contain the latest microcodes.


Looking at the port it seems like you can grab the versions newer than
May. There does not seem to be too many transformations going on.

0{backup4}# make extract
===>  License EULA accepted by the user
===>   devcpu-data-1.22 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by devcpu-data-1.22 for building
===>  Extracting for devcpu-data-1.22
=> SHA256 Checksum OK for amd64-microcode.20181214.tar.xz.
=> SHA256 Checksum OK for
intel-Intel-Linux-Processor-Microcode-Data-Files-1.22-microcode-20190514_GH0.tar.gz.
cp -f -p /usr/ports/sysutils/devcpu-data/files/Makefile
/usr/ports/sysutils/devcpu-data/files/ucode-split.c
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514
/usr/bin/sed -i.bak 's|%%GH_TAGNAME%%|microcode-20190514|g'
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/Makefile
/bin/cat
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/intel-ucode/*
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/intel-ucode-with-caveats/*
>
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/intel-ucode.bin
0{backup4}#
0{backup4}#
0{backup4}# make
===>  Patching for devcpu-data-1.22
===>  Configuring for devcpu-data-1.22
===>  Building for devcpu-data-1.22
--- ucode-split ---
cc ucode-split.c -o ucode-split
--- ucode ---
mkdir -p mcodes
cd mcodes &&  for file in 
../Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/intel-ucode/[0-9,a-f][0-9,a-f]-[0-9,a-f][0-9,a-f]-[0-9,a-f][0-9,a-f];
do  ../ucode-split $file;  done
===>  Staging for devcpu-data-1.22
===>   Generating temporary packing list
/bin/mkdir -p
/usr/ports/sysutils/devcpu-data/work/stage/usr/local/share/cpucontrol/
install  -m 0644
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/microcode_amd.bin
/usr/ports/sysutils/devcpu-data/work/stage/usr/local/share/cpucontrol/
install  -m 0644
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/microcode_amd_fam15h.bin
/usr/ports/sysutils/devcpu-data/work/stage/usr/local/share/cpucontrol/
install  -m 0644
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/microcode_amd_fam16h.bin
/usr/ports/sysutils/devcpu-data/work/stage/usr/local/share/cpucontrol/
install  -m 0644
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/microcode_amd_fam17h.bin
/usr/ports/sysutils/devcpu-data/work/stage/usr/local/share/cpucontrol/
install  -m 0644
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/mcodes/*
/usr/ports/sysutils/devcpu-data/work/stage/usr/local/share/cpucontrol/
/bin/mkdir -p /usr/ports/sysutils/devcpu-data/work/stage/boot/firmware
install  -m 0644
/usr/ports/sysutils/devcpu-data/work/Intel-Linux-Processor-Microcode-Data-Files-microcode-20190514/intel-ucode.bin
/usr/ports/sysutils/devcpu-data/work/stage/boot/firmware/
====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)
0{backup4}#