amd64-microcode (3.20250311.1)
[PTS] [DDPO]
COMMITS: VCS has seen 10 commits since the debian/3.20250311.1 tag
- Git: https://salsa.debian.org/hmh/amd64-microcode.git
-
- Branch: main
- Path: debian/changelog
- Repo size: 389120
- Browser: https://salsa.debian.org/hmh/amd64-microcode
- Last scan: 2025-11-23 22:12:06+00
- Next scan: 2025-12-01 15:08:00+00
- Merge requests: 4
- Debian changelog in Git:
amd64-microcode (3.20250311.1) unstable; urgency=medium
* Update package data from linux-firmware 20250311
* New AMD-SEV firmware from AMD upstream (20250221)
* SECURITY UPDATE (AMD-SB-3019 / CVE-2024-56161):
Update remote attestation to be compatible with AMD systems with
up-to-date firmware (i.e. which fixes "EntrySign"), and update
AMD-SEV for AMD-SB-3019 mitigations. Note that this AMD-SEV
update DOES NOT FIX the microcode "EntrySign" vulnerability.
(closes: #1095470)
+ Updated SEV firmware:
Family 17h models 30h-3fh: version 0.24 build 20
Family 19h models 00h-0fh: version 1.55 build 29
Family 19h models 10h-1fh: version 1.55 build 39
Family 19h models a0h-afh: version 1.55 build 39
+ New SEV firmware:
Family 1ah models 00h-0fh: version 1.55 build 54
* New AMD microcode updates from AMD upstream (20241121)
+ Add patches for many (non-server) family 19h processors
* Updated Microcode patches:
+ Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a
* New Microcode patches:
+ Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d
+ Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108
+ Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034
+ Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c
+ Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108
+ Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d
+ Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210
+ Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107
+ Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011
+ Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209
+ Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107
+ Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206
+ Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007
+ Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005
-- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 23 Mar 2025 21:13:20 -0300
- This branch is 10 commits ahead of tag debian/3.20250311.1
- Git log:
commit d6b1a973a214d9c729be69ea552baabd594a637f
Merge: acdc22d 9949bc4
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu Oct 23 21:14:45 2025 -0300
Merge branch 'topic/upstream-20250729'
commit 9949bc49fa46ad635b5fcfe3d9886b90fd6c1436
Merge: 9dd947f 9c0ab4b
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu Oct 23 21:14:15 2025 -0300
Merge branch 'upstream' into topic/upstream-20250729
commit 9c0ab4ba7982b57d5e082de2823abffd73e901fa
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu Oct 23 21:13:27 2025 -0300
README: update with new commit entry
commit 1bcbad1991f66a2a951cb22fca7df7c326293ecd
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu Oct 23 20:45:19 2025 -0300
amd-ucode: add documentation patch from linux-firmware 2025-10-21
commit 3a49a7356a8c83a33d0214edfc5d8fd835caa93a
Author: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Tue Oct 21 14:20:56 2025 +0100
amd-ucode: Fix minimum revisions in README
... to match the minimum revisions stated in the binaries.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
commit acdc22d65f9d9ae21112176d467a7521c9025688
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun Oct 19 20:44:00 2025 -0300
initramfs: avoid copying non-microcode data into the early-initramfs
Ensure only microcode_amd*.bin files will be concatenated into the
early-initramfs microcode data file. Otherwise, non-microcode data
files that happen to be present in the firmware source directory will
corrupt the data stream, and the kernel will most likely fail to find
the desired microcode update in the resulting mess.
While this doesn't happen when using *only* microcode data from
unmodified Debian packages, it will happen should the full contents of
the amd-ucode/ directory from upstream linux-firmware (which contains a
README and some .asc gnupg signature files) be used as the source of the
microcode data.
Thanks to Eric Valette for reporting the issue, tracking down the root
cause, and suggesting a fix.
Reported-by: Eric Valette <eric.valette@free.fr>
Closes: #1101350
commit c214039cdbc3773415414348619bf46a16b55c46
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun Oct 19 19:58:43 2025 -0300
README: update for new release
Update README with the updated AMD-UCODE release.
Note: this is the first microcode release for AMD processors with the
new-style microcode signature scheme.
It will NOT work on systems with outdated firmware missing the new-style
signature support. Attempting to load these microcode updates on
systems with the outdated and vulnerable firmware will NOT work: the
microcode update will be refused by the processor, since it cannot
understand the new-style signatures.
Refer to AMD-SB-7033 for details:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
commit 7047840a7e3d7283dfea8d881758e5b7ace5f784
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun Oct 19 19:48:06 2025 -0300
amd-ucode: update amd-ucode to release 2025-07-29
Compose a 20250729 amd-ucode release from linux-firmware
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
commit 3768c184de68a85b9df6697e7f93a2f61de90a99
Author: John Allen <john.allen@amd.com>
Date: Tue Jul 29 10:21:29 2025 -0500
linux-firmware: Update AMD cpu microcode
* Update AMD cpu microcode for processor family 19h
* Add AMD cpu microcode for processor family 1ah
Key Name = AMD Microcode Signing Key (for signing microcode
container files only)
Key ID = F328AE73
Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
Signed-off-by: John Allen <john.allen@amd.com>
commit 0fbca5752224df3a37c9c46e1c0a5b50cebb65ac
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun Oct 19 19:42:11 2025 -0300
README: update for new release
Update README with the updated AMD-TEE and AMD-UCODE releases.
Note: this is the final microcode release for AMD processors with the
old-style microcode signature scheme.
Refer to AMD-SB-7033 for details:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
commit a7a67b93bc772ab19ca7b2613ec26eb256cc760a
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun Oct 19 19:35:01 2025 -0300
amd-ucode: update amd-ucode to release 2025-07-08
Compose a 20250708 amd-ucode release from linux-firmware
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
commit 331eac9144402d6cfa02ff3b2888a40bb9a7a01a
Author: John Allen <john.allen@amd.com>
Date: Mon Jul 7 18:56:23 2025 +0000
linux-firmware: Update AMD cpu microcode
* Update AMD cpu microcode for processor family 19h
Key Name = AMD Microcode Signing Key (for signing microcode container files only)
Key ID = F328AE73
Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
Signed-off-by: John Allen <john.allen@amd.com>
Signed-off-by: Josh Boyer <jwboyer@kernel.org>
commit 78c19f88fed257fe97fbb2298ca0cff328e64172
Author: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun Oct 19 19:18:27 2025 -0300
amd-tee: update AMD PMF TA Firmware to v3.1
Compose a amd-tee release 20250507 from linux-firmware
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
commit 86d528c261657497967cb2b2051374639e6ad476
Author: Shyam Sundar S K <shyam-sundar.s-k@amd.com>
Date: Wed May 7 14:22:26 2025 +0000
amd_pmf: Update AMD PMF TA Firmware to v3.1
