feat(downfall): detection of the kernel mitigation relying on dmesg

feat: downfall: add kernel soft mitigation support check
feat(downfall): add downfall checks
2025-07-15 07:11:22 +02:00 · 2023-08-10 11:14:40 +02:00 · 2023-08-10 11:14:40 +02:00 · 2023-08-10 11:14:40 +02:00 · 2023-08-09 10:35:08 +02:00 · 2023-08-01 10:22:15 +02:00
4 changed files with 506 additions and 143 deletions
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@ -24,7 +24,7 @@ jobs:
        fi
    - name: check direct execution
      run: |
-        expected=16
+        expected=17
        nb=$(sudo ./spectre-meltdown-checker.sh --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
          echo "Invalid number of CVEs reported: $nb instead of $expected"
@ -34,7 +34,7 @@ jobs:
        fi
    - name: check docker-compose run execution
      run: |
-        expected=16
+        expected=17
        docker-compose build
        nb=$(docker-compose run --rm spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
@ -45,7 +45,7 @@ jobs:
        fi
    - name: check docker run execution
      run: |
-        expected=16
+        expected=17
        docker build -t spectre-meltdown-checker .
        nb=$(docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker --batch json | jq '.[]|.CVE' | wc -l)
        if [ "$nb" -ne "$expected" ]; then
--- a/FAQ.md
+++ b/FAQ.md
@ -45,9 +45,9 @@ Software vulnerability:
 Hardware vulnerability:
 - Can be fixed? No, only mitigated (or buy new hardware!)
- How to ~~fix~~ mitigate? In the worst case scenario, 5 "layers" need to be updated: the microcode/firmware, the host OS kernel, the hypervisor, the VM OS kernel, and possibly all the software running on the VM.
+- How to ~~fix~~ mitigate? In the worst case scenario, 5 "layers" need to be updated: the microcode/firmware, the host OS kernel, the hypervisor, the VM OS kernel, and possibly all the software running on the machine. Sometimes only a subset of those layers need to be updated. In yet other cases, there can be several possible mitigations for the same vulnerability, implying different layers. Yes, it can get horribly complicated.
-A more detailed video explanation is available here: https://youtu.be/2gB9U1EcCss?t=85
+A more detailed video explanation is available here: https://youtu.be/2gB9U1EcCss?t=425
 ## What do "affected", "vulnerable" and "mitigated" mean exactly?
@ -75,7 +75,7 @@ There are a few rules that govern how this tool is written.
 A lot as changed since 2018. Nowadays, the industry adapted and this range of vulnerabilities is almost "business as usual", as software vulnerabilities are. However, due to their complexity, it's still not as easy as just checking a version number to ensure a vulnerability is closed.
-Granted, we now have a standard way under Linux to check whether our system is affected, vulnerable, mitigated against most of these vulnerabilities. By having a look at the `sysfs` hierarchy, and more precisely the `/sys/devices/system/cpu/vulnerabilities/` folder, one can have a pretty good insight about its system state for each of the listed vulnerabilities. Note that the output can be a little different with some vendors (e.g. Red Hat has some slightly different output than the vanilla kernel for some vulnerabilities), but it's still a gigantic leap forward, given where we were in 2018 when this script was started, and it's very good news. The kernel is the proper place to have this because the kernel knows everything about itself (the mitigations it might have), and the CPU (its model, and microcode features that are exposed).
+Granted, we now have a standard way under Linux to check whether our system is affected, vulnerable, mitigated against most of these vulnerabilities. By having a look at the `sysfs` hierarchy, and more precisely the `/sys/devices/system/cpu/vulnerabilities/` folder, one can have a pretty good insight about its system state for each of the listed vulnerabilities. Note that the output can be a little different with some vendors (e.g. Red Hat has some slightly different output than the vanilla kernel for some vulnerabilities), but it's still a gigantic leap forward, given where we were in 2018 when this script was started, and it's very good news. The kernel is the proper place to have this because the kernel knows everything about itself (the mitigations it might have), and the CPU (its model, and microcode features that are exposed). Note however that some vulnerabilities are not reported through this file hierarchy at all, such as Zenbleed.
 However I see a few reasons why this script might still be useful to you, and that's why its development has not halted when the `sysfs` hierarchy came out:
@ -109,12 +109,14 @@ This tool only supports Linux, and [some flavors of BSD](#which-bsd-oses-are-sup
 ## The tool says there is an updated microcode for my CPU, but I don't have it!
-Even if your operating system is fully up to date, the tool might still tell you that there is a more recent microcode version for your CPU. Currently, it uses (and merges) information from two sources:
+Even if your operating system is fully up to date, the tool might still tell you that there is a more recent microcode version for your CPU. Currently, it uses (and merges) information from 4 sources:
 - The official [Intel microcode repository](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files)
 - The awesome platomav's [MCExtractor database](https://github.com/platomav/MCExtractor) for non-Intel CPUs
 - The official [linux-firmware](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git) repository for AMD
 - Specific Linux kernel commits that sometimes hardcode microcode versions, such as for [Zenbleed](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98) or for the bad [Spectre](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/intel.c#n141) microcodes
-Generally, for Intel CPUs it means that Intel does have a more recent version for your CPU, and for other CPUs it means that a more recent version has already been seen in the wild. However, your OS vendor might have chosen not to ship this new version (yet), maybe because it's currently being tested, or for other reasons. This tool can't tell you when or if this will be the case. You should ask your vendor about it. Technically, you can still go and upgrade your microcode yourself, and use this tool to confirm whether you did it successfully. Updating the microcode for you is out of the scope of this tool, as this would violate [rule 1b](#what-are-the-main-design-decisions-regarding-this-script).
+Generally, it means a more recent version of the microcode has been seen in the wild. However, fully public availability of this microcode might be limited yet, or your OS vendor might have chosen not to ship this new version (yet), maybe because it's currently being tested, or for other reasons. This tool can't tell you when or if this will be the case. You should ask your vendor about it. Technically, you can still go and upgrade your microcode yourself, and use this tool to confirm whether you did it successfully. Updating the microcode for you is out of the scope of this tool, as this would violate [rule 1b](#what-are-the-main-design-decisions-regarding-this-script).
 ## The tool says that I need a more up-to-date microcode, but I have the more recent version!
--- a/README.md
+++ b/README.md
@ -20,6 +20,7 @@ CVE
 [CVE-2019-11135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135) | TSX asynchronous abort                              | TAA, ZombieLoad V2
 [CVE-2018-12207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12207) | Machine Check Exception on Page Size Changes        | MCEPSC, No eXcuses, iTLB Multihit
 [CVE-2020-0543](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543)   | Special Register Buffer Data Sampling               | SRBDS
 [CVE-2022-40982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982) | Gather Data Sampling                                | GDS, Downfall
 [CVE-2023-20593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593) | Cross-Process Information Leak                      | Zenbleed
 Supported operating systems:
@ -180,6 +181,12 @@ docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/m
   - Mitigation: microcode update + kernel update helping to protect various CPU internal buffers from unprivileged speculative access to data
   - Performance impact of the mitigation: low
 **CVE-2022-40982** Gather Data Sampling (GDS, Downfall)
   - Impact: Kernel & all software
   - Mitigation: either microcode update or disabling AVX feature
   - Performance impact of the mitigation: TBD
 **CVE-2023-20593** Cross-Process Information Leak (Zenbleed)
   - Impact: Kernel & all software
--- a/spectre-meltdown-checker.sh
+++ b/spectre-meltdown-checker.sh
@ -95,6 +95,7 @@ show_usage()
 		--hw-only		only check for CPU information, don't check for any variant
 		--no-hw			skip CPU information and checks, if you're inspecting a kernel not to be run on this host
 		--vmm [auto,yes,no]	override the detection of the presence of a hypervisor, default: auto
 		--no-intel-db		don't use the builtin Intel DB of affected processors
 		--allow-msr-write	allow probing for write-only MSRs, this might produce kernel logs or be blocked by your system
 		--cpu [#,all]		interact with CPUID and MSR of CPU core number #, or all (default: CPU core 0)
 		--update-fwdb		update our local copy of the CPU microcodes versions database (using the awesome
@ -118,24 +119,27 @@ show_disclaimer()
 Disclaimer:
 This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the
-collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee
+collectively named "transient execution" (aka "speculative execution") vulnerabilities that started to appear
-that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place.
+since early 2018 with the infamous Spectre & Meltdown.
 This tool does NOT attempt to run any kind of exploit, and can't 100% guarantee that your system is secure,
 but rather helps you verifying whether your system has the known correct mitigations in place.
 However, some mitigations could also exist in your kernel that this script doesn't know (yet) how to detect, or it might
 falsely detect mitigations that in the end don't work as expected (for example, on backported or modified kernels).
-Your system exposure also depends on your CPU. As of now, AMD and ARM processors are marked as immune to some or all of these
+Your system affectability to a given vulnerability depends on your CPU model and CPU microcode version, whereas the
-vulnerabilities (except some specific ARM models). All Intel processors manufactured since circa 1995 are thought to be vulnerable,
+mitigations in place depend on your CPU (model and microcode), your kernel version, and both the runtime configuration
-except some specific/old models, such as some early Atoms. Whatever processor one uses, one might seek more information
+of your CPU (through bits set through the MSRs) and your kernel. The script attempts to explain everything for each
-from the manufacturer of that processor and/or of the device in which it runs.
+vulnerability, so you know where your system stands. For a given vulnerability, detailed information is sometimes
 available using the \`--explain\` switch.
-The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected
+Please also note that for the Spectre-like vulnerabilities, all software can possibly be exploited, in which case
-to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer
+this tool only verifies that the kernel (which is the core of the system) you're using has the proper protections
-explicitly stated otherwise in a verifiable public announcement.
+in place. Verifying all the other software is out of the scope of this tool, as it can't be done in a simple way.
 As a general measure, ensure you always have the most up to date stable versions of all the software you use,
 especially for those who are exposed to the world, such as network daemons and browsers.
-Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the
+For more information and answers to related questions, please refer to the FAQ.md file.
 kernel (which is the core of the system) you're using has the proper protections in place. Verifying all the other software
 is out of the scope of this tool. As a general measure, ensure you always have the most up to date stable versions of all
 the software you use, especially for those who are exposed to the world, such as network daemons and browsers.
 This tool has been released in the hope that it'll be useful, but don't use it to jump to conclusions about your security.
@ -167,12 +171,13 @@ opt_cpu=0
 opt_explain=0
 opt_paranoid=0
 opt_mock=0
 opt_intel_db=1
 global_critical=0
 global_unknown=0
 nrpe_vuln=''
-supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543 CVE-2023-20593'
+supported_cve_list='CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 CVE-2018-3640 CVE-2018-3639 CVE-2018-3615 CVE-2018-3620 CVE-2018-3646 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 CVE-2019-11135 CVE-2018-12207 CVE-2020-0543 CVE-2023-20593 CVE-2022-40982'
 # find a sane command to print colored messages, we prefer `printf` over `echo`
 # because `printf` behavior is more standard across Linux/BSD
@ -298,6 +303,7 @@ cve2name()
 		CVE-2018-12207) echo "No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)";;
 		CVE-2020-0543) echo "Special Register Buffer Data Sampling (SRBDS)";;
 		CVE-2023-20593) echo "Zenbleed, cross-process information leak";;
 		CVE-2022-40982) echo "Downfall, gather data sampling (GDS)";;
 		*) echo "$0: error: invalid CVE '$1' passed to cve2name()" >&2; exit 255;;
 	esac
 }
@ -323,6 +329,7 @@ _is_cpu_affected_cached()
 		CVE-2018-12207) return $variant_itlbmh;;
 		CVE-2020-0543) return $variant_srbds;;
 		CVE-2023-20593) return $variant_zenbleed;;
 		CVE-2022-40982) return $variant_downfall;;
 		*) echo "$0: error: invalid variant '$1' passed to is_cpu_affected()" >&2; exit 255;;
 	esac
 }
@ -334,6 +341,44 @@ is_cpu_affected()
 	# (note that in shell, a return of 0 is success)
 	# by default, everything is affected, we work in a "whitelist" logic here.
 	# usage: is_cpu_affected CVE-xxxx-yyyy && do something if affected
 	# if CPU is Intel and is in our dump of the Intel official affected CPUs page, use it:
 	if is_intel; then
 		cpuid_hex=$(printf "0x%08X" $(( cpu_cpuid )) )
 		if [ "${intel_line:-}" = "no" ]; then
 			_debug "is_cpu_affected: $cpuid_hex not in Intel database (cached)"
 		elif [ -z "$intel_line" ]; then
 			intel_line=$(read_inteldb | grep -F "$cpuid_hex," | head -n1)
 			if [ -z "$intel_line" ]; then
 				intel_line=no
 				_debug "is_cpu_affected: $cpuid_hex not in Intel database"
 			fi
 		fi
 		if [ "$intel_line" != "no" ]; then
 			_result=$(echo "$intel_line" | grep -Eo ,"$(echo "$1" | cut -c5-)"'=[^,]+' | cut -d= -f2)
 			_debug "is_cpu_affected: inteldb for $1 says '$_result'"
 			# handle special case for Foreshadow SGX (CVE-2018-3615):
 			# even if we are affected to L1TF (CVE-2018-3620/CVE-2018-3646), if there's no SGX on our CPU,
 			# then we're not affected to the original Foreshadow.
 			if [ "$1" = "CVE-2018-3615" ] && [ "$cpuid_sgx" = 0 ]; then
 				# not affected
 				return 1
 			fi
 			# /special case
 			if [ "$_result" = "N" ]; then
 				# not affected
 				return 1
 			elif [ -n "$_result" ]; then
 				# non-empty string != N means affected
 				return 0
 			fi
 		fi
 	fi
 	# Otherwise, do it ourselves
 	if [ "$is_cpu_affected_cached" = 1 ]; then
 		_is_cpu_affected_cached "$1"
 		return $?
@ -352,8 +397,10 @@ is_cpu_affected()
 	variant_taa=''
 	variant_itlbmh=''
 	variant_srbds=''
-	# Zenbleed if extremely AMD specific, look for "is_and" below:
+	# Zenbleed is AMD specific, look for "is_amd" below:
 	variant_zenbleed=immune
 	# Downfall is Intel specific, look for "is_intel" below:
 	variant_downfall=immune
 	if is_cpu_mds_free; then
 		[ -z "$variant_msbds" ] && variant_msbds=immune
@ -461,6 +508,39 @@ is_cpu_affected()
 			_debug "is_cpu_affected: intel family < 6 is immune to l1tf"
 			[ -z "$variantl1tf" ] && variantl1tf=immune
 		fi
 		# Downfall
 		if [ "$capabilities_gds_no" = 1 ]; then
 			# capability bit for future Intel processors that will explicitly state
 			# that they're unaffected by GDS. Also set by hypervisors on virtual CPUs
 			# so that the guest kernel doesn't try to mitigate GDS when it's already mitigated on the host
 			_debug "is_cpu_affected: downfall: not affected (GDS_NO)"
 		elif [ "$cpu_family" = 6 ]; then
 			# list from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=64094e7e3118aff4b0be8ff713c242303e139834
 			set -u
 			if [ "$cpu_model" = "$INTEL_FAM6_SKYLAKE_X" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_KABYLAKE_L" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_KABYLAKE" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_ICELAKE_L" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_ICELAKE_D" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_ICELAKE_X" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_COMETLAKE" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_COMETLAKE_L" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_TIGERLAKE_L" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_TIGERLAKE" ] || \
 				[ "$cpu_model" = "$INTEL_FAM6_ROCKETLAKE" ]; then
 				_debug "is_cpu_affected: downfall: affected"
 				variant_downfall=vuln
 			elif [ "$has_avx2" = 0 ] && [ "$has_avx512" = 0 ]; then
 				_debug "is_cpu_affected: downfall: no avx; immune"
 			else
 				# old Intel CPU (not in their DB), not listed as being affected by the Linux kernel,
 				# but with AVX2 or AVX512: unclear for now
 				_debug "is_cpu_affected: downfall: unclear, defaulting to non-affected for now"
 			fi
 			set +u
 		fi
 	elif is_amd || is_hygon; then
 		# AMD revised their statement about variant2 => affected
 		# https://www.amd.com/en/corporate/speculative-execution
@ -622,20 +702,21 @@ is_cpu_affected()
 	fi
 	_debug "is_cpu_affected: temp results are <$variant1> <$variant2> <$variant3> <$variant3a> <$variant4> <$variantl1tf>"
-	[ "$variant1"       = "immune" ] && variant1=1       || variant1=0
+	[ "$variant1"         = "immune" ] && variant1=1       || variant1=0
-	[ "$variant2"       = "immune" ] && variant2=1       || variant2=0
+	[ "$variant2"         = "immune" ] && variant2=1       || variant2=0
-	[ "$variant3"       = "immune" ] && variant3=1       || variant3=0
+	[ "$variant3"         = "immune" ] && variant3=1       || variant3=0
-	[ "$variant3a"      = "immune" ] && variant3a=1      || variant3a=0
+	[ "$variant3a"        = "immune" ] && variant3a=1      || variant3a=0
-	[ "$variant4"       = "immune" ] && variant4=1       || variant4=0
+	[ "$variant4"         = "immune" ] && variant4=1       || variant4=0
-	[ "$variantl1tf"    = "immune" ] && variantl1tf=1    || variantl1tf=0
+	[ "$variantl1tf"      = "immune" ] && variantl1tf=1    || variantl1tf=0
-	[ "$variant_msbds"  = "immune" ] && variant_msbds=1  || variant_msbds=0
+	[ "$variant_msbds"    = "immune" ] && variant_msbds=1  || variant_msbds=0
-	[ "$variant_mfbds"  = "immune" ] && variant_mfbds=1  || variant_mfbds=0
+	[ "$variant_mfbds"    = "immune" ] && variant_mfbds=1  || variant_mfbds=0
-	[ "$variant_mlpds"  = "immune" ] && variant_mlpds=1  || variant_mlpds=0
+	[ "$variant_mlpds"    = "immune" ] && variant_mlpds=1  || variant_mlpds=0
-	[ "$variant_mdsum"  = "immune" ] && variant_mdsum=1  || variant_mdsum=0
+	[ "$variant_mdsum"    = "immune" ] && variant_mdsum=1  || variant_mdsum=0
-	[ "$variant_taa"    = "immune" ] && variant_taa=1    || variant_taa=0
+	[ "$variant_taa"      = "immune" ] && variant_taa=1    || variant_taa=0
-	[ "$variant_itlbmh" = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
+	[ "$variant_itlbmh"   = "immune" ] && variant_itlbmh=1 || variant_itlbmh=0
-	[ "$variant_srbds" = "immune" ] && variant_srbds=1 || variant_srbds=0
+	[ "$variant_srbds"    = "immune" ] && variant_srbds=1 || variant_srbds=0
 	[ "$variant_zenbleed" = "immune" ] && variant_zenbleed=1 || variant_zenbleed=0
 	[ "$variant_downfall" = "immune" ] && variant_downfall=1 || variant_downfall=0
 	variantl1tf_sgx="$variantl1tf"
 	# even if we are affected to L1TF, if there's no SGX, we're not affected to the original foreshadow
 	[ "$cpuid_sgx" = 0 ] && variantl1tf_sgx=1
@ -881,6 +962,29 @@ fms2cpuid()
 	echo $(( (_stepping & 0x0F) | (_lowmodel << 4) | (_lowfamily << 8) | (_extmodel << 16) | (_extfamily << 20) ))
 }
 download_file()
 {
 	_url="$1"
 	_file="$2"
 	if command -v wget >/dev/null 2>&1; then
 		wget -q "$_url" -O "$_file"; ret=$?
 	elif command -v curl >/dev/null 2>&1; then
 		curl -sL "$_url" -o "$_file"; ret=$?
 	elif command -v fetch >/dev/null 2>&1; then
 		fetch -q "$_url" -o "$_file"; ret=$?
 	else
 		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
 		unset _file _url
 		return 1
 	fi
 	unset _file _url
 	if [ "$ret" != 0 ]; then
 		echo ERROR "error $ret"
 		return $ret
 	fi
 	echo DONE
 }
 [ -z "$HOME" ] && HOME="$(getent passwd "$(whoami)" | cut -d: -f6)"
 mcedb_cache="$HOME/.mcedb"
 update_fwdb()
@ -897,42 +1001,14 @@ update_fwdb()
 	mcedb_tmp="$(mktemp -t smc-mcedb-XXXXXX)"
 	mcedb_url='https://github.com/platomav/MCExtractor/raw/master/MCE.db'
 	_info_nol "Fetching MCE.db from the MCExtractor project... "
-	if command -v wget >/dev/null 2>&1; then
+	download_file "$mcedb_url" "$mcedb_tmp" || return $?
 		wget -q "$mcedb_url" -O "$mcedb_tmp"; ret=$?
 	elif command -v curl >/dev/null 2>&1; then
 		curl -sL "$mcedb_url" -o "$mcedb_tmp"; ret=$?
 	elif command -v fetch >/dev/null 2>&1; then
 		fetch -q "$mcedb_url" -o "$mcedb_tmp"; ret=$?
 	else
 		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
 		return 1
 	fi
 	if [ "$ret" != 0 ]; then
 		echo ERROR "error $ret while downloading MCE.db"
 		return $ret
 	fi
 	echo DONE
 	# second, get the Intel firmwares from GitHub
 	intel_tmp="$(mktemp -d -t smc-intelfw-XXXXXX)"
 	intel_url="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/main.zip"
 	_info_nol "Fetching Intel firmwares... "
 	## https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files.git
-	if command -v wget >/dev/null 2>&1; then
+	download_file "$intel_url" "$intel_tmp/fw.zip" || return $?
 		wget -q "$intel_url" -O "$intel_tmp/fw.zip"; ret=$?
 	elif command -v curl >/dev/null 2>&1; then
 		curl -sL "$intel_url" -o "$intel_tmp/fw.zip"; ret=$?
 	elif command -v fetch >/dev/null 2>&1; then
 		fetch -q "$intel_url" -o "$intel_tmp/fw.zip"; ret=$?
 	else
 		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
 		return 1
 	fi
 	if [ "$ret" != 0 ]; then
 		echo ERROR "error $ret while downloading Intel firmwares"
 		return $ret
 	fi
 	echo DONE
 	# now extract MCEdb contents using sqlite
 	_info_nol "Extracting MCEdb data... "
@ -1001,23 +1077,9 @@ update_fwdb()
 	# now parse the most recent linux-firmware amd-ucode README file
 	_info_nol "Fetching latest amd-ucode README from linux-firmware project... "
-	linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/README"
+	linuxfw_url="https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/README"
 	linuxfw_tmp=$(mktemp -t smc-linuxfw-XXXXXX)
-	if command -v wget >/dev/null 2>&1; then
+	download_file "$linuxfw_url" "$linuxfw_tmp" || return $?
 		wget -q "$linuxfw_url" -O "$linuxfw_tmp"; ret=$?
 	elif command -v curl >/dev/null 2>&1; then
 		curl -sL "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
 	elif command -v fetch >/dev/null 2>&1; then
 		fetch -q "$linuxfw_url" -o "$linuxfw_tmp"; ret=$?
 	else
 		echo ERROR "please install one of \`wget\`, \`curl\` of \`fetch\` programs"
 		return 1
 	fi
 	if [ "$ret" != 0 ]; then
 		echo ERROR "error $ret while downloading linux-firmware README"
 		return $ret
 	fi
 	echo DONE
 	_info_nol "Parsing the README... "
 	nbfound=0
@ -1042,6 +1104,10 @@ update_fwdb()
 	unset nbfound
 	dbversion="$mcedb_revision+i$_intel_latest_date"
 	linuxfw_hash=$(md5sum "$linuxfw_tmp" 2>/dev/null | cut -c1-4)
 	if [ -n "$linuxfw_hash" ]; then
 		dbversion="$dbversion+$linuxfw_hash"
 	fi
 	if [ "$1" != builtin ] && [ -n "$previous_dbversion" ] && [ "$previous_dbversion" = "v$dbversion" ]; then
 		echo "We already have this version locally, no update needed"
@ -1143,6 +1209,9 @@ while [ -n "${1:-}" ]; do
 	elif [ "$1" = "--allow-msr-write" ]; then
 		opt_allow_msr_write=1
 		shift
 	elif [ "$1" = "--no-intel-db" ]; then
 		opt_intel_db=0
 		shift
 	elif [ "$1" = "--cpu" ]; then
 		opt_cpu=$2
 		if [ "$opt_cpu" != all ]; then
@ -1222,7 +1291,7 @@ while [ -n "${1:-}" ]; do
 		fi
 		case "$2" in
 			help)	echo "The following parameters are supported for --variant (can be used multiple times):";
-					echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed";
+					echo "1, 2, 3, 3a, 4, msbds, mfbds, mlpds, mdsum, l1tf, taa, mcepsc, srbds, zenbleed, downfall";
 					exit 0;;
 			1)			opt_cve_list="$opt_cve_list CVE-2017-5753"; opt_cve_all=0;;
 			2)			opt_cve_list="$opt_cve_list CVE-2017-5715"; opt_cve_all=0;;
@ -1238,6 +1307,7 @@ while [ -n "${1:-}" ]; do
 			mcepsc)		opt_cve_list="$opt_cve_list CVE-2018-12207"; opt_cve_all=0;;
 			srbds)		opt_cve_list="$opt_cve_list CVE-2020-0543"; opt_cve_all=0;;
 			zenbleed)	opt_cve_list="$opt_cve_list CVE-2023-20593"; opt_cve_all=0;;
 			downfall)   opt_cve_list="$opt_cve_list CVE-2022-40982"; opt_cve_all=0;;
 			*)
 				echo "$0: error: invalid parameter '$2' for --variant, see --variant help for a list" >&2;
 				exit 255
@ -1331,6 +1401,7 @@ pvulnstatus()
 			CVE-2018-12207) aka="ITLBMH";;
 			CVE-2020-0543) aka="SRBDS";;
 			CVE-2023-20593) aka="ZENBLEED";;
 			CVE-2022-40982) aka="DOWNFALL";;
 			*) echo "$0: error: invalid CVE '$1' passed to pvulnstatus()" >&2; exit 255;;
 		esac
@ -1755,7 +1826,11 @@ parse_cpu_details()
 	fi
 	max_core_id=$(( number_of_cores - 1 ))
 	has_avx2=0
 	has_avx512=0
 	if [ -e "$procfs/cpuinfo" ]; then
 		if grep -qw avx2 "$procfs/cpuinfo" 2>/dev/null; then has_avx2=1; fi
 		if grep -qw avx512 "$procfs/cpuinfo" 2>/dev/null; then has_avx512=1; fi
 		cpu_vendor=$(  grep '^vendor_id'  "$procfs/cpuinfo" | awk '{print $3}' | head -1)
 		cpu_friendly_name=$(grep '^model name' "$procfs/cpuinfo" | cut -d: -f2- | head -1 | sed -e 's/^ *//')
 		# special case for ARM follows
@ -1835,7 +1910,9 @@ parse_cpu_details()
 	if read_cpuid 0x1 0x0 $EAX 0 0xFFFFFFFF; then
 		cpu_cpuid="$read_cpuid_value"
 	else
-		cpu_cpuid=0
+		# try to build it by ourselves
 		_debug "parse_cpu_details: build the CPUID by ourselves"
 		cpu_cpuid=$(fms2cpuid "$cpu_family" "$cpu_model" "$cpu_stepping")
 	fi
 	# under BSD, linprocfs often doesn't export ucode information, so fetch it ourselves the good old way
@ -1943,18 +2020,21 @@ parse_cpu_details()
 }
 is_hygon()
 {
 	parse_cpu_details
 	[ "$cpu_vendor" = HygonGenuine ] && return 0
 	return 1
 }
 is_amd()
 {
 	parse_cpu_details
 	[ "$cpu_vendor" = AuthenticAMD ] && return 0
 	return 1
 }
 is_intel()
 {
 	parse_cpu_details
 	[ "$cpu_vendor" = GenuineIntel ] && return 0
 	return 1
 }
@ -2213,6 +2293,14 @@ read_mcedb()
 	awk '{ if (DELIM==1) { print $2 } } /^# %%% MCEDB / { DELIM=1 }' "$mcedb_source"
 }
 read_inteldb()
 {
 	if [ "$opt_intel_db" = 1 ]; then
 		awk '/^# %%% ENDOFINTELDB/ { exit } { if (DELIM==1) { print $2 } } /^# %%% INTELDB/ { DELIM=1 }' "$0"
 	fi
 	# otherwise don't output nothing, it'll be as if the database is empty
 }
 is_latest_known_ucode()
 {
 	# 0: yes, 1: no, 2: unknown
@ -3229,6 +3317,8 @@ check_cpu()
 		capabilities_ssb_no=-1
 		capabilities_pschange_msc_no=-1
 		capabilities_tsx_ctrl_msr=-1
 		capabilities_gds_ctrl=-1
 		capabilities_gds_no=-1
 		if [ "$cpuid_arch_capabilities" = -1 ]; then
 			pstatus yellow UNKNOWN
 		elif [ "$cpuid_arch_capabilities" != 1 ]; then
@ -3241,6 +3331,8 @@ check_cpu()
 			capabilities_ssb_no=0
 			capabilities_pschange_msc_no=0
 			capabilities_tsx_ctrl_msr=0
 			capabilities_gds_ctrl=0
 			capabilities_gds_no=0
 			pstatus yellow NO
 		else
 			# the new MSR 'ARCH_CAPABILITIES' is at offset 0x10a
@ -3254,19 +3346,23 @@ check_cpu()
 			capabilities_ssb_no=0
 			capabilities_pschange_msc_no=0
 			capabilities_tsx_ctrl_msr=0
 			capabilities_gds_ctrl=0
 			capabilities_gds_no=0
 			if [ $ret = $READ_MSR_RET_OK ]; then
 				capabilities=$read_msr_value
 				# https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/include/asm/msr-index.h#n82
 				_debug "capabilities MSR is $capabilities (decimal)"
-				[ $(( capabilities >> 0 & 1 )) -eq 1 ] && capabilities_rdcl_no=1
+				[ $(( capabilities >>  0 & 1 )) -eq 1 ] && capabilities_rdcl_no=1
-				[ $(( capabilities >> 1 & 1 )) -eq 1 ] && capabilities_ibrs_all=1
+				[ $(( capabilities >>  1 & 1 )) -eq 1 ] && capabilities_ibrs_all=1
-				[ $(( capabilities >> 2 & 1 )) -eq 1 ] && capabilities_rsba=1
+				[ $(( capabilities >>  2 & 1 )) -eq 1 ] && capabilities_rsba=1
-				[ $(( capabilities >> 3 & 1 )) -eq 1 ] && capabilities_l1dflush_no=1
+				[ $(( capabilities >>  3 & 1 )) -eq 1 ] && capabilities_l1dflush_no=1
-				[ $(( capabilities >> 4 & 1 )) -eq 1 ] && capabilities_ssb_no=1
+				[ $(( capabilities >>  4 & 1 )) -eq 1 ] && capabilities_ssb_no=1
-				[ $(( capabilities >> 5 & 1 )) -eq 1 ] && capabilities_mds_no=1
+				[ $(( capabilities >>  5 & 1 )) -eq 1 ] && capabilities_mds_no=1
-				[ $(( capabilities >> 6 & 1 )) -eq 1 ] && capabilities_pschange_msc_no=1
+				[ $(( capabilities >>  6 & 1 )) -eq 1 ] && capabilities_pschange_msc_no=1
-				[ $(( capabilities >> 7 & 1 )) -eq 1 ] && capabilities_tsx_ctrl_msr=1
+				[ $(( capabilities >>  7 & 1 )) -eq 1 ] && capabilities_tsx_ctrl_msr=1
-				[ $(( capabilities >> 8 & 1 )) -eq 1 ] && capabilities_taa_no=1
+				[ $(( capabilities >>  8 & 1 )) -eq 1 ] && capabilities_taa_no=1
 				[ $(( capabilities >> 25 & 1 )) -eq 1 ] && capabilities_gds_ctrl=1
 				[ $(( capabilities >> 26 & 1 )) -eq 1 ] && capabilities_gds_no=1
 				_debug "capabilities says rdcl_no=$capabilities_rdcl_no ibrs_all=$capabilities_ibrs_all rsba=$capabilities_rsba l1dflush_no=$capabilities_l1dflush_no ssb_no=$capabilities_ssb_no mds_no=$capabilities_mds_no taa_no=$capabilities_taa_no pschange_msc_no=$capabilities_pschange_msc_no"
 				if [ "$capabilities_ibrs_all" = 1 ]; then
 					pstatus green YES
@ -3378,6 +3474,55 @@ check_cpu()
 				pstatus yellow UNKNOWN "couldn't read MSR"
 			fi
 		fi
 		_info_nol "  * CPU explicitly indicates being affected by GDS and having mitigation control (GDS_CTRL): "
 		if [ "$capabilities_gds_ctrl" = -1 ]; then
 			pstatus yellow UNKNOWN "couldn't read MSR"
 		elif [ "$capabilities_gds_ctrl" = 1 ]; then
 			pstatus green YES
 		else
 			pstatus blue NO
 		fi
 		mcu_opt_ctrl_gds_mitg_dis=-1
 		mcu_opt_ctrl_gds_mitg_lock=-1
 		if [ "$capabilities_gds_ctrl" = 1 ]; then
 			# read the IA32_MCU_OPT_CTRL MSR
 			read_msr 0x123; ret=$?
 			if [ "$ret" = $READ_MSR_RET_OK ]; then
 				mcu_opt_ctrl=$read_msr_value
 				mcu_opt_ctrl_gds_mitg_dis=$((  mcu_opt_ctrl >> 4 & 1 ))
 				mcu_opt_ctrl_gds_mitg_lock=$(( mcu_opt_ctrl >> 5 & 1 ))
 			fi
 			_info_nol "    * GDS microcode mitigation is disabled (GDS_MITG_DIS): "
 			if [ "$mcu_opt_ctrl_gds_mitg_dis" = -1 ]; then
 				pstatus yellow UNKNOWN "couldn't read MSR"
 			elif [ "$mcu_opt_ctrl_gds_mitg_dis" = 1 ]; then
 				pstatus yellow YES
 			else
 				pstatus green NO
 			fi
 			_info_nol "    * GDS microcode mitigation is locked in enabled state (GDS_MITG_LOCK): "
 			if [ "$mcu_opt_ctrl_gds_mitg_lock" = -1 ]; then
 				pstatus yellow UNKNOWN "couldn't read MSR"
 			elif [ "$mcu_opt_ctrl_gds_mitg_lock" = 1 ]; then
 				pstatus blue YES
 			else
 				pstatus blue NO
 			fi
 		fi
 		_info_nol "  * CPU explicitly indicates not being affected by GDS (GDS_NO): "
 		if [ "$capabilities_gds_no" = -1 ]; then
 			pstatus yellow UNKNOWN "couldn't read MSR"
 		elif [ "$capabilities_gds_no" = 1 ]; then
 			pstatus green YES
 		else
 			pstatus yellow NO
 		fi
 	fi
 	_info_nol "  * CPU supports Transactional Synchronization Extensions (TSX): "
@ -5821,8 +5966,8 @@ check_CVE_2020_0543_linux()
 	sys_interface_available=0
 	msg=''
 	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/srbds"; then
-				# this kernel has the /sys interface, trust it over everything
+		# this kernel has the /sys interface, trust it over everything
-				sys_interface_available=1
+		sys_interface_available=1
 	fi
 	if [ "$opt_sysfs_only" != 1 ]; then
 		_info_nol "* SRBDS mitigation control is supported by the kernel: "
@ -6045,6 +6190,92 @@ check_CVE_2023_20593_linux()
 	fi
 }
 #########################
 # Downfall section
 check_CVE_2022_40982() {
 	cve='CVE-2022-40982'
 	_info "\033[1;34m$cve aka '$(cve2name "$cve")'\033[0m"
 	if [ "$os" = Linux ]
 	then
 		check_CVE_2022_40982_linux
 	else
 		_warn "Unsupported OS ($os)."
 	fi
 }
 check_CVE_2022_40982_linux() {
 	status=UNK
 	sys_interface_available=0
 	msg=''
 	if sys_interface_check "/sys/devices/system/cpu/vulnerabilities/gather_data_sampling"; then
 		# this kernel has the /sys interface, trust it over everything
 		sys_interface_available=1
 	fi
 	if [ "$opt_sysfs_only" != 1 ]; then
 		_info_nol "* GDS is mitigated by microcode: "
 		if [ "$capabilities_gds_ctrl" = 1 ] && [ "$mcu_opt_ctrl_gds_mitg_dis" = 0 ]; then
 			pstatus green OK "microcode mitigation is supported and enabled"
 		else
 			pstatus yellow NO
 		fi
 		_info_nol "* Kernel supports software mitigation by disabling AVX: "
 		if [ -n "$kernel_err" ]; then	
 			kernel_gds_err="$kernel_err"
 		elif grep -q 'gather_data_sampling' "$kernel"; then
 			kernel_gds="found gather_data_sampling in kernel image"
 		fi
 		if [ -n "$kernel_gds" ]; then
 			pstatus green YES "$kernel_gds"
 		elif [ -n "$kernel_gds_err" ]; then
 			pstatus yellow UNKNOWN "$kernel_gds_err"
 		else
 			pstatus yellow NO
 		fi
 		if [ -n "$kernel_gds" ]; then
 			_info_nol "* Is the kernel mitigation active: "
 			# Check dmesg message to see whether AVX has been disabled
 			dmesg_grep 'Microcode update needed! Disabling AVX as mitigation'; ret=$?
 			if [ $ret -eq 2 ]; then
 				pstatus yellow UNKNOWN "dmesg truncated, AVX mitigation detection will be unreliable. Please reboot and relaunch this script"
 			elif [ $ret -eq 0 ]; then
 				kernel_avx_disabled="AVX disabled by the kernel"
 				pstatus green YES "$kernel_avx_disabled"
 			else
 				pstatus red NO "No trace of AVX mitigation in dmesg"
 			fi
 		fi
 	elif [ "$sys_interface_available" = 0 ]; then
 		# we have no sysfs but were asked to use it only!
 		msg="/sys vulnerability interface use forced, but it's not available!"
 		status=UNK
 	fi
 	if ! is_cpu_affected "$cve" ; then
 		# override status & msg in case CPU is not vulnerable after all
 		pvulnstatus "$cve" OK "your CPU vendor reported your CPU model as not affected"
 	elif [ -z "$msg" ]; then
 		# if msg is empty, sysfs check didn't fill it, rely on our own test
 		if [ "$capabilities_gds_ctrl" = 1 ] && [ "$mcu_opt_ctrl_gds_mitg_dis" = 0 ]; then
 			pvulnstatus $cve OK "Your microcode is up to date and mitigation is enabled"
 		elif [ "$capabilities_gds_ctrl" = 1 ] && [ "$mcu_opt_ctrl_gds_mitg_dis" = 1 ]; then
 			pvulnstatus $cve VULN "Your microcode is up to date but mitigation is disabled"
 		elif [ -z "$kernel_gds" ]; then
 			pvulnstatus $cve VULN "Your microcode doesn't mitigate the vulnerability, and your kernel doesn't support mitigation"
 		elif [ -z "$kernel_avx_disabled" ]; then
 			pvulnstatus $cve VULN "Your microcode doesn't mitigate the vulnerability, your kernel support the mitigation but the script did not detect AVX as disabled by the kernel"
 		else
 			pvulnstatus $cve OK "Your microcode doesn't mitigate the vulnerability, but your kernel has disabled AVX support"
 		fi
 	else
 		pvulnstatus $cve "$status" "$msg"
 	fi
 }
 #######################
 # END OF VULNS SECTIONS
@ -6134,11 +6365,134 @@ fi
 [ "$global_unknown"  = 1 ] && exit 3  # unknown
 exit 0  # ok
-# We're using MCE.db from the excellent platomav's MCExtractor project
+# Dump from Intel affected CPU page:
-# The builtin version follows, but the user can download an up-to-date copy (to be stored in his $HOME) by using --update-fwdb
+# - https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
-# To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
+# Only currently-supported CPUs are listed, so only rely on it if the current CPU happens to be in the list.
 # We merge it with info from the following file:
 # - https://software.intel.com/content/dam/www/public/us/en/documents/affected-processors-transient-execution-attacks-by-cpu-aug02.xlsx
 # As it contains some information from older processors, however when information is contradictory between the two sources, the HTML takes precedence as
 # it is expected to be updated, whereas the xslx seems to be frozen.
 #
 # N: Not affected
 # S: Affected, software fix
 # H: Affected, hardware fix
 # M: Affected, MCU update needed
 # B: Affected, BIOS update needed
 # X: Affected, no planned mitigation
 # Y: Affected (this is from the xlsx, no details are available)
 #
 # %%% INTELDB
 # 0x000206A7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
 # 0x000206D6,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
 # 0x000206D7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
 # 0x00030673,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x00030678,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x00030679,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000306A9,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
 # 0x000306C3,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
 # 0x000306D4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=Y,
 # 0x000306E4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
 # 0x000306E7,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=N,
 # 0x000306F2,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000306F4,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
 # 0x00040651,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
 # 0x00040661,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=N,2020-0543=Y,
 # 0x00040671,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=Y,
 # 0x000406A0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000406C3,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000406C4,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000406D8,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000406E3,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,
 # 0x000406F1,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
 # 0x00050653,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=M,
 # 0x00050654,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=M,
 # 0x00050656,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=N,2022-40982=M,
 # 0x00050657,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=N,2022-40982=M,
 # 0x0005065A,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x0005065B,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x00050662,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=Y,2018-12130=Y,2018-12207=Y,2018-3615=Y,2018-3620=Y,2018-3639=Y,2018-3640=Y,2018-3646=Y,2019-11135=Y,2020-0543=N,
 # 0x00050663,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
 # 0x00050664,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
 # 0x00050665,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=N,2022-40982=N,
 # 0x000506A0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000506C9,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000506CA,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000506D0,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000506E3,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=N,
 # 0x000506F1,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00060650,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000606A0,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000606A4,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000606A5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000606A6,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000606C1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000606E1,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x0007065A,2017-5715=Y,2017-5753=Y,2017-5754=Y,2018-12126=Y,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=N,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000706A1,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000706A8,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000706E5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x00080660,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x00080664,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00080665,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00080667,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000806A0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000806A1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=HM,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000806C0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000806C1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000806C2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000806D0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000806D1,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000806E9,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=M,2022-40982=M,
 # 0x000806EA,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000806EB,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000806EC,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000806F7,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000806F8,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090660,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090661,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090670,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090672,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090673,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090674,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x00090675,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000906A0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000906A2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000906A3,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000906A4,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=MS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000906C0,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000906E9,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000906EA,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000906EB,2017-5715=MS,2017-5753=S,2017-5754=S,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=MS,2018-3620=MS,2018-3639=MS,2018-3640=M,2018-3646=MS,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000906EC,2017-5715=MS,2017-5753=S,2017-5754=N,2018-12126=MS,2018-12127=MS,2018-12130=MS,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000906ED,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=MS,2020-0543=MS,2022-40982=M,
 # 0x000A0650,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0651,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0652,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0653,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0655,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0660,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0661,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=S,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=M,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0670,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=M,
 # 0x000A0680,2017-5715=Y,2017-5753=Y,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=Y,2018-3615=N,2018-3620=N,2018-3639=Y,2018-3640=Y,2018-3646=N,2019-11135=N,2020-0543=N,
 # 0x000B0671,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000B06A2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000B06A3,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000B06F2,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # 0x000B06F5,2017-5715=HS,2017-5753=S,2017-5754=N,2018-12126=N,2018-12127=N,2018-12130=N,2018-12207=N,2018-3615=N,2018-3620=N,2018-3639=HS,2018-3640=N,2018-3646=N,2019-11135=N,2020-0543=N,2022-40982=N,
 # %%% ENDOFINTELDB
-# %%% MCEDB v271+i20230614
+# We're using MCE.db from the excellent platomav's MCExtractor project
 # The builtin version follows, but the user can download an up-to-date copy (to be stored in their $HOME) by using --update-fwdb
 # To update the builtin version itself (by *modifying* this very file), use --update-builtin-fwdb
 #
 # The format below is:
 # X,CPUID_HEX,MICROCODE_VERSION_HEX,YYYYMMDD
 # with X being either I for Intel, or A for AMD
 # When the date is unknown it defaults to 20000101
 # %%% MCEDB v273+i20230808+b6bd
 # I,0x00000611,0x00000B27,19961218
 # I,0x00000612,0x000000C6,19961210
 # I,0x00000616,0x000000C6,19961210
@ -6370,13 +6724,13 @@ exit 0  # ok
 # I,0x00050650,0x8000002B,20160208
 # I,0x00050651,0x8000002B,20160208
 # I,0x00050652,0x80000037,20170502
-# I,0x00050653,0x01000171,20221221
+# I,0x00050653,0x01000181,20230323
-# I,0x00050654,0x02006F05,20221221
+# I,0x00050654,0x02007006,20230306
 # I,0x00050655,0x03000010,20181116
-# I,0x00050656,0x04003501,20221221
+# I,0x00050656,0x04003604,20230317
-# I,0x00050657,0x05003501,20221221
+# I,0x00050657,0x05003604,20230317
 # I,0x0005065A,0x86002302,20210416
-# I,0x0005065B,0x07002601,20221221
+# I,0x0005065B,0x07002703,20230321
 # I,0x00050661,0xF1000008,20150130
 # I,0x00050662,0x0000001C,20190617
 # I,0x00050663,0x0700001C,20210612
@ -6405,7 +6759,7 @@ exit 0  # ok
 # I,0x000606A0,0x80000031,20200308
 # I,0x000606A4,0x0B000280,20200817
 # I,0x000606A5,0x0C0002F0,20210308
-# I,0x000606A6,0x0D000390,20221228
+# I,0x000606A6,0x0D0003A5,20230330
 # I,0x000606C0,0xFD000220,20210629
 # I,0x000606C1,0x01000230,20230127
 # I,0x000606E0,0x0000000B,20161104
@ -6418,7 +6772,7 @@ exit 0  # ok
 # I,0x000706E2,0x00000042,20190420
 # I,0x000706E3,0x81000008,20181002
 # I,0x000706E4,0x00000046,20190905
-# I,0x000706E5,0x000000BA,20221225
+# I,0x000706E5,0x000000BC,20230226
 # I,0x00080650,0x00000018,20180108
 # I,0x00080664,0x4C000021,20220815
 # I,0x00080665,0x4C000021,20220815
@ -6426,56 +6780,56 @@ exit 0  # ok
 # I,0x000806A0,0x00000010,20190507
 # I,0x000806A1,0x00000033,20230113
 # I,0x000806C0,0x00000068,20200402
-# I,0x000806C1,0x000000AA,20221228
+# I,0x000806C1,0x000000AC,20230227
-# I,0x000806C2,0x0000002A,20221228
+# I,0x000806C2,0x0000002C,20230227
 # I,0x000806D0,0x00000050,20201217
-# I,0x000806D1,0x00000044,20221228
+# I,0x000806D1,0x00000046,20230227
-# I,0x000806E9,0x000000F2,20230102
+# I,0x000806E9,0x000000F4,20230223
-# I,0x000806EA,0x000000F2,20221226
+# I,0x000806EA,0x000000F4,20230223
-# I,0x000806EB,0x000000F2,20221226
+# I,0x000806EB,0x000000F4,20230223
-# I,0x000806EC,0x000000F6,20221226
+# I,0x000806EC,0x000000F8,20230226
 # I,0x000806F3,0x8D000520,20220812
-# I,0x000806F4,0x2B000461,20230313
+# I,0x000806F4,0x2C000271,20230515
-# I,0x000806F5,0x2B000461,20230313
+# I,0x000806F5,0x2C000271,20230515
-# I,0x000806F6,0x2B000461,20230313
+# I,0x000806F6,0x2C000271,20230515
-# I,0x000806F7,0x2B000461,20230313
+# I,0x000806F7,0x2B0004B1,20230509
-# I,0x000806F8,0x2B000461,20230313
+# I,0x000806F8,0x2C000271,20230515
 # I,0x00090660,0x00000009,20200617
 # I,0x00090661,0x00000017,20220715
 # I,0x00090670,0x00000019,20201111
 # I,0x00090671,0x0000001C,20210614
-# I,0x00090672,0x0000002C,20230104
+# I,0x00090672,0x0000002E,20230418
 # I,0x00090674,0x00000219,20210425
-# I,0x00090675,0x0000002C,20230104
+# I,0x00090675,0x0000002E,20230418
 # I,0x000906A0,0x0000001C,20210614
 # I,0x000906A1,0x0000011F,20211104
 # I,0x000906A2,0x00000315,20220102
-# I,0x000906A3,0x0000042A,20230214
+# I,0x000906A3,0x0000042C,20230418
-# I,0x000906A4,0x0000042A,20230214
+# I,0x000906A4,0x0000042C,20230418
 # I,0x000906C0,0x24000024,20220902
-# I,0x000906E9,0x000000F2,20221226
+# I,0x000906E9,0x000000F4,20230223
-# I,0x000906EA,0x000000F2,20230112
+# I,0x000906EA,0x000000F4,20230223
-# I,0x000906EB,0x000000F2,20221226
+# I,0x000906EB,0x000000F4,20230223
-# I,0x000906EC,0x000000F2,20230112
+# I,0x000906EC,0x000000F4,20230223
-# I,0x000906ED,0x000000F8,20230205
+# I,0x000906ED,0x000000FA,20230227
 # I,0x000A0650,0x000000BE,20191010
 # I,0x000A0651,0x000000C2,20191113
-# I,0x000A0652,0x000000F6,20221227
+# I,0x000A0652,0x000000F8,20230223
-# I,0x000A0653,0x000000F6,20230101
+# I,0x000A0653,0x000000F8,20230223
 # I,0x000A0654,0x000000C6,20200123
-# I,0x000A0655,0x000000F6,20221226
+# I,0x000A0655,0x000000F8,20230223
-# I,0x000A0660,0x000000F6,20221226
+# I,0x000A0660,0x000000F8,20230223
-# I,0x000A0661,0x000000F6,20221226
+# I,0x000A0661,0x000000F8,20230223
 # I,0x000A0670,0x0000002C,20201124
-# I,0x000A0671,0x00000058,20221225
+# I,0x000A0671,0x00000059,20230226
 # I,0x000A0680,0x80000002,20200121
 # I,0x000B0670,0x0000000E,20220220
-# I,0x000B0671,0x00000113,20230206
+# I,0x000B0671,0x00000119,20230606
-# I,0x000B06A2,0x00004112,20230222
+# I,0x000B06A2,0x00004119,20230606
-# I,0x000B06A3,0x00004112,20230222
+# I,0x000B06A3,0x00004119,20230606
-# I,0x000B06E0,0x00000010,20221219
+# I,0x000B06E0,0x00000011,20230412
-# I,0x000B06F2,0x0000002C,20230104
+# I,0x000B06F2,0x0000002E,20230418
-# I,0x000B06F5,0x0000002C,20230104
+# I,0x000B06F5,0x0000002E,20230418
 # I,0x000C06F1,0x21000030,20230410
 # I,0x000C06F2,0x21000030,20230410
 # A,0x00000F00,0x02000008,20070614
@ -6579,8 +6933,8 @@ exit 0  # ok
 # A,0x00A10F01,0x0A100104,20220207
 # A,0x00A10F0B,0x0A100B07,20220610
 # A,0x00A10F10,0x0A101020,20220913
-# A,0x00A10F11,0x0A101135,20230509
+# A,0x00A10F11,0x0A10113E,20230620
-# A,0x00A10F12,0x0A101235,20230509
+# A,0x00A10F12,0x0A10123E,20230620
 # A,0x00A20F00,0x0A200025,20200121
 # A,0x00A20F10,0x0A201025,20211014
 # A,0x00A20F12,0x0A20120A,20211014
@ -6592,5 +6946,5 @@ exit 0  # ok
 # A,0x00A60F11,0x0A601114,20220712
 # A,0x00A60F12,0x0A601203,20220715
 # A,0x00AA0F00,0x0AA00009,20221006
-# A,0x00AA0F01,0x0AA00112,20230510
+# A,0x00AA0F01,0x0AA00116,20230619
-# A,0x00AA0F02,0x0AA0020E,20230510
+# A,0x00AA0F02,0x0AA00212,20230619
Author	SHA1	Message	Date
Sébastien Mériot	c1c1ac4dbb	feat(downfall): detection of the kernel mitigation relying on dmesg	2023-08-10 11:14:40 +02:00
Stéphane Lesimple	ba0daa6769	feat: downfall: add kernel soft mitigation support check	2023-08-10 11:14:40 +02:00
Sébastien Mériot	227c0aab1e	feat(downfall): add downfall checks	2023-08-10 11:14:40 +02:00
Stéphane Lesimple	8ba3751cf7	fwdb: update to latest Intel ucode versions	2023-08-09 10:35:08 +02:00
Stéphane Lesimple	d013c0a7d2	doc: add kernel src as additional ucode version source	2023-08-01 10:22:15 +02:00
Stéphane Lesimple	cbe8ba10ce	fix: inteldb: cpuid 0x00090660 and 0x000A0680	2023-07-30 13:21:38 +02:00
Stéphane Lesimple	9c2587bca5	enh: when CPUID can't be read, built it by ourselves	2023-07-30 12:21:12 +02:00
Stéphane Lesimple	2a5ddc87bf	feat: add Intel known affected processors DB	2023-07-30 12:21:12 +02:00
Stéphane Lesimple	2ef6c1c80e	enh: factorize file download func	2023-07-28 20:03:16 +02:00
Stéphane Lesimple	3c224018f4	chore: update disclaimer and FAQ	2023-07-28 20:03:16 +02:00