ubuntu/+source/amd64-microcode:applied/ubuntu/bionic

Last commit made on 2018-01-10
Get this branch:
git clone -b applied/ubuntu/bionic https://git.launchpad.net/ubuntu/+source/amd64-microcode
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/bionic
Repository:
lp:ubuntu/+source/amd64-microcode

Recent commits

4854378... by Henrique de Moraes Holschuh on 2018-01-08

Import patches-applied version 3.20171205.1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 8da2c7a7a1049b583f0f3f0b12c4590cdd2f7564
Unapplied parent: ee499606f350bb4f9fb72cf0b108aca073a30ce7

New changelog entries:
  * New microcode updates (closes: #886382):
    sig 0x00800f12, patch id 0x08001213, 2017-12-05
    Thanks to SuSE for distributing these ahead of AMD's official release!
  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
  * README: describe source for faml17h microcode update
  * Upload to unstable to match IBPB microcode support on Intel in Debian
    unstable.
  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
    backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
    "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
    it will not be applied to the processor.

ee49960... by Henrique de Moraes Holschuh on 2018-01-08

Import patches-unapplied version 3.20171205.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d862959038f1d0f02834f6408fd11384cf10b776

New changelog entries:
  * New microcode updates (closes: #886382):
    sig 0x00800f12, patch id 0x08001213, 2017-12-05
    Thanks to SuSE for distributing these ahead of AMD's official release!
  * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
  * README: describe source for faml17h microcode update
  * Upload to unstable to match IBPB microcode support on Intel in Debian
    unstable.
  * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
    backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
    "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
    it will not be applied to the processor.

d862959... by Henrique de Moraes Holschuh on 2016-11-30

Import patches-unapplied version 3.20160316.3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c69ac1920123f24db2194c3be0c57535e45a687e

New changelog entries:
  * initramfs: Make the early initramfs reproducible (closes: #845194)
  * rules: switch to simplified dh-based build (debhelper v9)

c69ac19... by Henrique de Moraes Holschuh on 2016-10-09

Import patches-unapplied version 3.20160316.2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5fa2b511a0bbe520ca43a937373b2240bf299874

New changelog entries:
  * NEWS.debian: fix minor typo
  * debian/control, debian/compat: bump debhelper compat mode to 9
  * debian/control: bump standards version to 3.9.8 (no changes needed)
  * debian/: prefix binary-package control files with package name
  * debian/control: recommend tiny-initramfs as an alternative to
    initramfs-tools tiny-initramfs specifically supports early microcode
    updates, so it is a viable alternative to initramfs-tools
    (closes: #839882)

5fa2b51... by Henrique de Moraes Holschuh on 2016-04-10

Import patches-unapplied version 3.20160316.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d278c9b54239c2e40df4168dad58e95c704aa67a

New changelog entries:
  * Bump major version number to 3: early-initramfs support
  * Support is now restricted to Linux kernel 3.14 and later. For older
    kernels, please use the version 2 (older) branch of the package.
  * Implement early-initramfs mode, and remove normal mode
    * debian/control: add versioned recommends for initramfs-tools and
      dracut. Note that dracut 044 is required for Linux 4.4 and later,
      otherwise dracut 040 would be enough
    * debian/default: add early mode, remove normal mode from comments
    * initramfs hook: use cpio to generate an early-initramfs with
      microcode for all processors, blacklist kernels older than 3.14,
      and remove normal mode support.
    * initramfs.init-premount: remove, not needed for early-initramfs
    * debian/rules: don't install init-premount initramfs script.
  * initramfs.hook: detect a missing microcode.ko and don't attempt to
    force_load() it. In verbose mode, log when the microcode driver is
    modular. For Linux 4.4 and later, skip the module loading logic
    (closes: #809444)
  * README.Debian: update for early initramfs support, and add information
    on how to disable early updates using the dis_ucode_ldr kernel boot
    parameter
  * Support for x32 was enabled in debian/control for the 2.20160316.1
    upload, but the changelog did not record this by mistake. The missing
    entry was retroactively added to debian/changelog by this upload

d278c9b... by Henrique de Moraes Holschuh on 2016-03-19

Import patches-unapplied version 2.20160316.1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 40fd6f805ff2fea4c941edb4754dffb8d51a02e7

New changelog entries:
  * Upstream release 20160316 built from linux-firmware:
    + Updated Microcodes:
      sig 0x00600f20, patch id 0x0600084f, 2016-01-25
    + This microcode updates fixes a critical erratum on NMI handling
      introduced by microcode patch id 0x6000832 from the 20141028 update.
      The erratum is also present on microcode patch id 0x6000836.
    + THIS IS A CRITICAL STABILITY AND SECURITY UPDATE FOR THE EARLIER
      AMD PILEDRIVER PROCESSORS, including:
      + AMD Opteron 3300, 4300, 6300
      + AMD FX "Vishera" (43xx, 63xx, 83xx, 93xx, 95xx)
      + AMD processors with family 21, model 2, stepping 0
  * Robert Święcki, while fuzzing the kernel using the syzkaller tool,
    uncovered very strange behavior on an AMD FX-8320, later reproduced on
    other AMD Piledriver model 2, stepping 0 processors including the Opteron
    6300. Robert discovered, using his proof-of-concept exploit code, that
    the incorrect behavior allows an unpriviledged attacker on an unpriviledged
    VM to corrupt the return stack of the host kernel's NMI handler. At best,
    this results in unpredictable host behavior. At worst, it allows for an
    unpriviledged user on unpriviledged VM to carry a sucessful host-kernel
    ring 0 code injection attack.
  * The erratum is timing-dependant, easily triggered by workloads that cause
    a high number of NMIs, such as running the "perf" tool.

40fd6f8... by Henrique de Moraes Holschuh on 2014-12-18

Import patches-unapplied version 2.20141028.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 075e370861fd5e8595fa2991bb26a6eab2c36709

New changelog entries:
  * Upstream release 20141028 built from linux-firmware:
    + Updated microcode patches for family 0x15 processors
    + Added microcode patches for family 0x16 processors
  * AMD did not update the relevant microcode documentation (errata fixed,
    microcode patch levels, etc), so there is no documentation for the
    family 0x16 microcode patches, and the documentation for family 0x15 is
    stale.
  * postinst: do not update microcode on upgrades:
    Remove code that triggers a microcode update on package upgrade. The
    resulting postinst script is now identical to the one in Debian jessie's
    intel-microcode, and thus known-good.
    NOTE: this code was already disabled for the majority of the users due
    to Debian bug #723975 (closes: #723975, #723081)
  * kpreinst: remove, we don't update microcode on postinst anymore
  * blacklist automated loading of the microcode module:
    This is in line with the desired behavior of only updating microcode
    *automatically* during system boot, when it is safer to do so. The
    local admin can still load the microcode module and update the microcode
    manually at any time, of course. This is in sync with the intel-microcode
    packages in Debian jessie, which will also blacklist the microcode module.
    Note that the initramfs will force-load the microcode module in a safe
    condition, the blacklist avoids module autoloading outside the initramfs
  * control: bump standards version (no changes required)
  * copyright: update upstream URL and upstream copyright date
    (closes: #753593)
  * docs: future-proof by using a glob pattern for per-family README files
  * initramfs hook: support forced installation of amd64-microcode:
    Add a config file (/etc/default/amd64-microcode) to select the mode of
    operation: do nothing, force install to initramfs, install only when
    running on an amd64 processor (closes: #726854)
  * initramfs hook: fix (likely unexploitable) issues found by shellcheck
  * Add a NEWS.Debian file to warn users we will no longer update the
    microcode on package upgrade (note that we were not doing it on any
    Debian kernels anyway). Also document the existence of the new
    /etc/default/amd64-microcode file

075e370... by Henrique de Moraes Holschuh on 2013-09-08

Import patches-unapplied version 2.20131007.1+really20130710.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8024d8ce3ea1860337cfaa48b4e93b23c2420b7b

New changelog entries:
  * Fix M-D-Y issue that leaked to the package version number
  * The real upstream release date is 2013-07-10

8024d8c... by Henrique de Moraes Holschuh on 2013-09-07

Import patches-unapplied version 2.20131007.1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6253208e0f2a74456d4214fff4b660bf62fc4d45

New changelog entries:
  * New upstream release, received through linux-firmware and LKML
    + updated microcode:
      sig 0x00500F10, id 0x05000029: erratum (+) 784;
      sig 0x00500F20, id 0x05000119: erratum (+) 784;
      sig 0x00600F12, id 0x0600063D: errata (-) 668, (+) 759, 778;
    + new microcode:
      sig 0x00200F31, id 0x02000032: errata 311, 316;
      sig 0x00600F20, id 0x06000822: errata 691, 699, 704, 708, 709, 734,
          740, 778;
    + This update fixes important processor bugs that cause data corruption
      or unpredictable system behaviour. It also fixes a performance issue
      and several issues that cause system lockup.
  * Switch to native package, since there is no upstream tarball

6253208... by Henrique de Moraes Holschuh on 2013-08-18

Import patches-unapplied version 2.20120910-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8f3ee6c479c4c857bf4a61c4cc4cea74197191db

New changelog entries:
  * debian/control: update Breaks for new intel-microcode version scheme
  * Bump major version number, this will allow us to also update the stable
    branch of amd64-microcode in the future without clashing with the stable
    branch of intel-microcode. The real issue is that amd64-microcode
    1.20120910-3 and intel-microcode 1.20130222.6 have changed (in lockstep)
    to a different initramfs cooperation protocol, but I failed to bump the
    major version at that time
  * Urgency high to avoid delaying a series of high-priority intel-microcode
    updates being done at the moment: we need this version in testing before
    I can upload stable backports of intel-microcode or amd64-microcode