c847da50e2
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html Fixes: CVE-2023-23583
35 lines
1.1 KiB
Nix
35 lines
1.1 KiB
Nix
{ lib, stdenv, fetchFromGitHub, libarchive, iucode-tool }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "microcode-intel";
|
|
version = "20231114";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "intel";
|
|
repo = "Intel-Linux-Processor-Microcode-Data-Files";
|
|
rev = "microcode-${version}";
|
|
hash = "sha256-cZ7APDjwjarPCzk1HWxqIXdGwNOl6HG0KSCtffmEhx0=";
|
|
};
|
|
|
|
nativeBuildInputs = [ iucode-tool libarchive ];
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
|
|
mkdir -p $out kernel/x86/microcode
|
|
iucode_tool -w kernel/x86/microcode/GenuineIntel.bin intel-ucode/
|
|
touch -d @$SOURCE_DATE_EPOCH kernel/x86/microcode/GenuineIntel.bin
|
|
echo kernel/x86/microcode/GenuineIntel.bin | bsdtar --uid 0 --gid 0 -cnf - -T - | bsdtar --null -cf - --format=newc @- > $out/intel-ucode.img
|
|
|
|
runHook postInstall
|
|
'';
|
|
|
|
meta = with lib; {
|
|
homepage = "https://www.intel.com/";
|
|
changelog = "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/${src.rev}";
|
|
description = "Microcode for Intel processors";
|
|
license = licenses.unfreeRedistributableFirmware;
|
|
platforms = platforms.linux;
|
|
maintainers = with maintainers; [ ];
|
|
};
|
|
}
|