-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Aug 2024 09:37:38 -0300 Source: amd64-microcode Architecture: source Version: 3.20240710.2~deb12u1 Distribution: bookworm Urgency: high Maintainer: Henrique de Moraes Holschuh <hmh@debian.org> Changed-By: Henrique de Moraes Holschuh <hmh@debian.org> Closes: 1000193 1062678 1074514 1076128 Changes: amd64-microcode (3.20240710.2~deb12u1) bookworm; urgency=high . * Rebuild for bookworm (revert merged-usr changes from unstable) . amd64-microcode (3.20240710.2) unstable; urgency=high . * postrm: activate the update-initramfs dpkg trigger on remove/purge instead of always executing update-initramfs directly, just like it was done for postinst in 3.20240710.1: call update-initramfs directly only if the dpkg-trigger activation call fails. . amd64-microcode (3.20240710.1) unstable; urgency=high . * Update package data from linux-firmware 20240709-141-g59460076 (closes: #1076128) * SECURITY UPDATE: Mitigates "Sinkclose" CVE-2023-31315 (AMD-SB-7014) on AMD Epyc processors: SMM lock bypass - Improper validation in a model specific register (MSR) could allow a malicious program with ring 0 access (kernel) to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. Note: a firmware update is recommended for AMD Epyc (to protect the system as early as possible). Many other AMD processor models are also vulnerable to SinkClose, and can only be fixed by a firmware update at this time. * Updated Microcode patches: + Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 * README.Debian: "late" microcode updates are unsupported in Debian (closes: #1074514) * postinst: use dpkg-trigger to activate update-initramfs, this enables dracut integration (closes: #1000193) . amd64-microcode (3.20240116.2) unstable; urgency=medium . * Add AMD-TEE firmware to the package (closes: #1062678) + amdtee: add amd_pmf TA firmware 20230906 * debian: install amdtee to /lib/firmware/amdtee * debian/control: update short and long descriptions * debian/copyright: update with amd-pmf license . amd64-microcode (3.20240116.1) unstable; urgency=medium . * Update package data from linux-firmware 20240115-80-gb4b04a5c * Updated Microcode patches: + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107b + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d3 + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001236 . amd64-microcode (3.20231019.1) unstable; urgency=medium . * Update package data from linux-firmware 20231019 * Updated Microcode patches: + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144 + Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244 + Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213 . amd64-microcode (3.20230823.1) unstable; urgency=medium . * Update package data from linux-firmware 20230919 * New AMD-SEV firmware from AMD upstream (20230823) + Updated SEV firmware: Family 19h models 00h-0fh: version 1.55 build 8 + New SEV firmware: Family 19h models 10h-1fh: version 1.55 build 21 * amd-ucode: Add note on fam19h warnings. Checksums-Sha1: c2a782cb645433429d0caac5a26dd2b2a55c85fc 1727 amd64-microcode_3.20240710.2~deb12u1.dsc 4030a4706163e673a4386554cf03630cb04e928b 172240 amd64-microcode_3.20240710.2~deb12u1.tar.xz 857c2d59a271097c0d8b843d0c4744b73c7f42ed 6204 amd64-microcode_3.20240710.2~deb12u1_amd64.buildinfo Checksums-Sha256: 8acbe51a2676c63c80797bf94520fcc436c46798ecc9d35b719da3e8a93007a6 1727 amd64-microcode_3.20240710.2~deb12u1.dsc af1cfb112a1941c00766dd76d02c8d6981411b2965c4b9173b0b3d97827faf3e 172240 amd64-microcode_3.20240710.2~deb12u1.tar.xz 84328fe962026d1e9b68e6ab1ad6071cd1113681695d88f99f8c7cc4a783f65a 6204 amd64-microcode_3.20240710.2~deb12u1_amd64.buildinfo Files: 3137ce32d49017b7a46f46236c88a273 1727 non-free-firmware/admin standard amd64-microcode_3.20240710.2~deb12u1.dsc 2048413a3fee46a68b90ed0234b351db 172240 non-free-firmware/admin standard amd64-microcode_3.20240710.2~deb12u1.tar.xz df4110121e213f79cf4f6a9f2aff8329 6204 non-free-firmware/admin standard amd64-microcode_3.20240710.2~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAma6CPYACgkQlOXoPKam j0d/2xAAzwm5366s9Vt6MRvSJDKPxw6S/V0+a0X+y3t944cgcoS6mfBVq2x4dK9m 9PoZZ7zV0jCTHY3HsiwLinMFowo/XC3MSyOpOg+bg0YXBNkGUYKJ01m0Ah8ckGo9 +tRujmDEDl8TBm7P4sQQDKFNpMQO5PyOGZnCy2LsKhOmAY2HPkEPLu/s+DREZ5sB OZuday8oGC2XStkh0k4XPL5OKlQYWj67rEPPWkEjaytlbGQF0SGLaT6hHdxwLXGo cc39eaNEipHVcyWQyc7bhnuNAGk8KmSXf4BG0kxdkYJZYhRUJYR3+ugzbO8rfhFu WgOVw3mZLRbCXVqhwhJeapw5V4jbjOSq4cBIxkpe40Qt5l8o0yWu3F5yhsZ5SFm6 Ho5RiVi8zi+dAuEwac2bjCqe8E2a90YFeekHmkw1ixEi3EnBIzzlwCux+OEAwsDX F8REEgqyU+CToZjxUOftk4mRUbDhNmuYmUUb8ZF3ZbwriNdo2JET4IN1IcVeLoyx MltwdLpljCoDo6mwFYzD67vVXe08ulWENfaErxXTFJ4zu3flKsT4mBLvjHlZ2pT6 OGTl35udRboqX1Yk/ZnSZ2FtwCNBYMUY9QX+AvD0qYI5wap2LvID4TW+19PS9P43 iU1xZFb02c4HKZuR96QxXEBeqhVIE8U8OKHl0wnVxBUAO8WgM/o= =KjSl -----END PGP SIGNATURE-----