Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package amd64-microcode
This is a freeze policy exception request, for which I apologise.
The package is in non-free, it is a leaf package, and it is system firmware.
This is a pre-approval request, I have not uploaded the updated package to
non-free unstable yet.
The changes look a bit more extensive than one would like, however they:
1. Have been tested in the sister "intel-microcode" package that is in
jessie already. In fact, the maintainer scripts are now nearly identical
between the two packages. The code that runs inside the initramfs *was
not changed* (so it is also known good and there is no chance of
regressions). The code that runs when building the initramfs is simple,
and tested.
I have piped all shell scripts in the package through the ShellCheck
static checker, and fixed a few issues that existed in the *previous*
package (currently in jessie) as well, so it is actually safer now.
This includes the maintainer scripts, as well as all the initramfs
scripts.
2. Reduced complexity, as code to update the microcode during package
upgrade was removed. This made the package much safer, by fixing
the issue described in (3) below for all users, and not just by those
running a Debian-built kernel.
3. Reduce the chances of system lockup on package upgrade, as the code that
would trigger a microcode update in postinst was removed. This code was
buggy, and wouldn't trigger on Debian-built kernels (which is a *good*
thing) but it would properly trigger on custom kernels, and cause rare,
hard-to-debug interruptible hangs due to an elusive microcode kernel
driver bug.
4. Add the new upstream microcode. AMD pulled an "Intel" on us, so I don't
have the usual hard facts with AMD errata numbers. However, there are
new, severe errata listed both in the family 15h and family 16h processor
revision guides for which the fix listed is "Contact your AMD
representative for information on a BIOS update request". This is AMD
speak for "fixed/worked around either by new microcode, or by disabling
something via a MSR".
Unfortunately, it took a lot of time for the linux-firmware guys to pull the
microcode update from AMD, it was added to the linux-firmware tree only on
"Sun Nov 30 21:20:05 2014 -0500". There was not enough time to send this
before the 5th of December deadline, so I took some extra time to do it
properly.
Here's the debdiff diffstat:
amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin |binary
amd64-microcode-2.20141028.1/microcode_amd_fam16h.bin |binary
amd64-microcode-2.20141028.1/LICENSE.amd-ucode | 2
amd64-microcode-2.20141028.1/README | 74 +++-----
amd64-microcode-2.20141028.1/debian/NEWS | 20 ++
amd64-microcode-2.20141028.1/debian/changelog | 40 ++++
amd64-microcode-2.20141028.1/debian/control | 2
amd64-microcode-2.20141028.1/debian/copyright | 8
amd64-microcode-2.20141028.1/debian/default | 16 +
amd64-microcode-2.20141028.1/debian/dirs | 2
amd64-microcode-2.20141028.1/debian/docs | 2
amd64-microcode-2.20141028.1/debian/initramfs.hook | 84 ++++++----
amd64-microcode-2.20141028.1/debian/install | 4
amd64-microcode-2.20141028.1/debian/kpreinst | 16 -
amd64-microcode-2.20141028.1/debian/modprobe-blacklist | 3
amd64-microcode-2.20141028.1/debian/postinst | 46 -----
amd64-microcode-2.20141028.1/debian/rules | 11 -
amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin.asc | 16 -
amd64-microcode-2.20141028.1/microcode_amd_fam16h.bin.asc | 11 +
19 files changed, 206 insertions(+), 151 deletions(-)
Half the changes in the initramfs.hook are noise because a large block of
code was unindented (it was inside an if clause that was removed), which
doesn't play well with debdiff's non-whitespace-ignoring use of diff/wdiff.
I have attached a separate "git diff -w" output for initramfs.hook (which
ignores white-space changes) for your convenience: it is MUCH more readable,
and half the size.
Thank you.
unblock amd64-microcode/2.20141028.1
-- System Information:
Debian Release: 7.7
APT prefers proposed-updates
APT policy: (990, 'proposed-updates'), (990, 'stable'), (500,
'stable-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10.63+ (SMP w/8 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
diff --git a/debian/initramfs.hook b/debian/initramfs.hook
index 513a161..269f701 100755
--- a/debian/initramfs.hook
+++ b/debian/initramfs.hook
@@ -1,6 +1,6 @@
#!/bin/sh
# amd64-microcode initramfs-tools hook script
-# Copyright (C) 2012,2013 Henrique de Moraes Holschuh <h...@debian.org>
+# Copyright (C) 2012-2014 Henrique de Moraes Holschuh <h...@debian.org>
# Released under the GPL v2 or later license
#
# Generates a copy of the minimal microcode for the current system if
@@ -8,6 +8,7 @@
#
PREREQ=""
+AMD64UCODE_CONFIG=/etc/default/amd64-microcode
prereqs()
{
@@ -26,19 +27,45 @@ esac
verbose()
{
if [ "${verbose}" = "y" ] ; then
- echo "amd64-microcode: $@"
+ echo "amd64-microcode: $*"
fi
:
}
AUCODE_FW_DIR=/lib/firmware/amd-ucode
+AMD64UCODE_INITRAMFS=auto
+[ -r ${AMD64UCODE_CONFIG} ] && . ${AMD64UCODE_CONFIG}
+
+[ -z "${AMD64UCODE_INITRAMFS}" ] && AMD64UCODE_INITRAMFS=no
if [ ! -d "${AUCODE_FW_DIR}" ] ; then
verbose "no AMD64 processor microcode datafiles to install"
exit 0;
fi
-if grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo;
then
+case "${AMD64UCODE_INITRAMFS}" in
+ no|0)
+ verbose "disabled by ${AMD64UCODE_CONFIG}"
+ exit 0
+ ;;
+ early)
+ echo "W: amd64-microcode: early mode not supported, forcing late
initramfs mode" >&2
+ AMD64UCODE_INITRAMFS=yes
+ ;;
+ yes|1|auto)
+ ;;
+ *)
+ echo "E: amd64-microcode: invalid AMD64UCODE_INITRAMFS, using
automatic mode" >&2
+ AMD64UCODE_INITRAMFS=auto
+esac
+
+if [ "${AMD64UCODE_INITRAMFS}" = "auto" ] ; then
+ grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD"
/proc/cpuinfo || {
+ verbose "no AMD processors detected, nothing to do"
+ exit 0
+ }
+fi
+
# See Debian bug #716917. Blacklist all non-LTS/non-Debian kernel versions
# before kernel 3.4 Only known-bad kernel is 2.6.38.
#
@@ -46,11 +73,11 @@ if grep -q
"^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo; th
# information at the initramfs-tools layer, due to the way Debian and Ubuntu
version
# kernel packages.
- if dpkg --compare-versions ${version} le 3.4 && \
- { dpkg --compare-versions ${version} lt 2.6.32 || \
- { dpkg --compare-versions ${version} ge 2.6.33 && dpkg
--compare-versions ${version} lt 3.0 ; } || \
- { dpkg --compare-versions ${version} ge 3.1 && dpkg
--compare-versions ${version} lt 3.2 ; } || \
- dpkg --compare-versions ${version} ge 3.3 ; \
+if dpkg --compare-versions "${version}" le 3.4 && \
+ { dpkg --compare-versions "${version}" lt 2.6.32 || \
+ { dpkg --compare-versions "${version}" ge 2.6.33 && dpkg
--compare-versions "${version}" lt 3.0 ; } || \
+ { dpkg --compare-versions "${version}" ge 3.1 && dpkg --compare-versions
"${version}" lt 3.2 ; } || \
+ dpkg --compare-versions "${version}" ge 3.3 ; \
}; then
echo "E: amd64-microcode: unsupported kernel version!" >&2
exit 0
@@ -67,6 +94,5 @@ if grep -q
"^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo; th
verbose "installing AMD64 processor microcode update support into
initramfs..."
force_load microcode
fi
-fi
:
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/changelog amd64-microcode-2.20141028.1/debian/changelog
--- amd64-microcode-2.20131007.1+really20130710.1/debian/changelog 2013-09-07 22:42:46.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/changelog 2014-12-18 13:36:29.000000000 -0200
@@ -1,3 +1,43 @@
+amd64-microcode (2.20141028.1) unstable; urgency=medium
+
+ * Upstream release 20141028 built from linux-firmware:
+ + Updated microcode patches for family 0x15 processors
+ + Added microcode patches for family 0x16 processors
+ * AMD did not update the relevant microcode documentation (errata fixed,
+ microcode patch levels, etc), so there is no documentation for the
+ family 0x16 microcode patches, and the documentation for family 0x15 is
+ stale.
+ * postinst: do not update microcode on upgrades:
+ Remove code that triggers a microcode update on package upgrade. The
+ resulting postinst script is now identical to the one in Debian jessie's
+ intel-microcode, and thus known-good.
+ NOTE: this code was already disabled for the majority of the users due
+ to Debian bug #723975 (closes: #723975, #723081)
+ * kpreinst: remove, we don't update microcode on postinst anymore
+ * blacklist automated loading of the microcode module:
+ This is in line with the desired behavior of only updating microcode
+ *automatically* during system boot, when it is safer to do so. The
+ local admin can still load the microcode module and update the microcode
+ manually at any time, of course. This is in sync with the intel-microcode
+ packages in Debian jessie, which will also blacklist the microcode module.
+ Note that the initramfs will force-load the microcode module in a safe
+ condition, the blacklist avoids module autoloading outside the initramfs
+ * control: bump standards version (no changes required)
+ * copyright: update upstream URL and upstream copyright date
+ (closes: #753593)
+ * docs: future-proof by using a glob pattern for per-family README files
+ * initramfs hook: support forced installation of amd64-microcode:
+ Add a config file (/etc/default/amd64-microcode) to select the mode of
+ operation: do nothing, force install to initramfs, install only when
+ running on an amd64 processor (closes: #726854)
+ * initramfs hook: fix (likely unexploitable) issues found by shellcheck
+ * Add a NEWS.Debian file to warn users we will no longer update the
+ microcode on package upgrade (note that we were not doing it on any
+ Debian kernels anyway). Also document the existence of the new
+ /etc/default/amd64-microcode file
+
+ -- Henrique de Moraes Holschuh <h...@debian.org> Thu, 18 Dec 2014 13:36:27 -0200
+
amd64-microcode (2.20131007.1+really20130710.1) unstable; urgency=low
* Fix M-D-Y issue that leaked to the package version number
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/control amd64-microcode-2.20141028.1/debian/control
--- amd64-microcode-2.20131007.1+really20130710.1/debian/control 2013-09-07 21:28:49.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/control 2014-12-18 13:29:09.000000000 -0200
@@ -4,7 +4,7 @@
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Uploaders: Giacomo Catenazzi <c...@debian.org>
Build-Depends: debhelper (>= 7)
-Standards-Version: 3.9.4
+Standards-Version: 3.9.6
Vcs-Git: git://git.debian.org/users/hmh/amd64-microcode.git
Vcs-Browser: http://git.debian.org/?p=users/hmh/amd64-microcode.git
XS-Autobuild: yes
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/copyright amd64-microcode-2.20141028.1/debian/copyright
--- amd64-microcode-2.20131007.1+really20130710.1/debian/copyright 2013-09-07 17:21:48.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/copyright 2014-12-18 13:29:09.000000000 -0200
@@ -1,9 +1,9 @@
This package was debianized by Henrique de Moraes Holschuh <h...@debian.org> on
Sun Jun 10 10:54:36 BRT 2012
-It was downloaded from http://www.amd64.org/support/microcode.html up to version
-20120910. It was built from the linux-firmware git tree for version 20131007
-onwards.
+It was downloaded from http://www.amd64.org/support/microcode.html up to
+version 20120910 (now: http://www.amd64.org/microcode.html). It was built from
+the linux-firmware git tree at for version 20131007 onwards.
Debian only distributes the AMD64 microcode file in its unaltered form.
@@ -13,7 +13,7 @@
Upstream Copyright:
- Copyright (C) 2010-2013 Advanced Micro Devices, Inc.,
+ Copyright (C) 2010-2014 Advanced Micro Devices, Inc.,
All rights reserved.
Upstream License:
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/default amd64-microcode-2.20141028.1/debian/default
--- amd64-microcode-2.20131007.1+really20130710.1/debian/default 1969-12-31 21:00:00.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/default 2014-12-18 13:17:22.000000000 -0200
@@ -0,0 +1,16 @@
+# Configuration script for amd64-microcode version 2
+
+#
+# initramfs helper
+#
+
+# Set this to "no" to disable automatic microcode updates on boot;
+# Set this to "yes" to always install microcode updates to the initramfs;
+# Set this to "auto" to use initramfs mode automatically (default);
+#
+# Note: "early" mode is not yet supported in amd64-microcode version 2.
+# It will be implemented in version 3, at which point "yes" will alias
+# to "early", and only "early microcode updates" will be supported.
+#
+#AMD64UCODE_INITRAMFS=auto
+
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/dirs amd64-microcode-2.20141028.1/debian/dirs
--- amd64-microcode-2.20131007.1+really20130710.1/debian/dirs 2013-09-07 15:20:18.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/dirs 2014-12-18 13:17:22.000000000 -0200
@@ -1 +1,3 @@
+etc/default
+etc/modprobe.d
lib/firmware/amd-ucode
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/docs amd64-microcode-2.20141028.1/debian/docs
--- amd64-microcode-2.20131007.1+really20130710.1/debian/docs 2013-09-07 15:20:18.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/docs 2014-12-18 13:29:09.000000000 -0200
@@ -1,3 +1,3 @@
README
microcode_amd.bin.README
-microcode_amd_fam15h.bin.README
+microcode_amd_fam*.README
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/initramfs.hook amd64-microcode-2.20141028.1/debian/initramfs.hook
--- amd64-microcode-2.20131007.1+really20130710.1/debian/initramfs.hook 2013-09-07 21:28:49.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/initramfs.hook 2014-12-18 13:30:03.000000000 -0200
@@ -1,6 +1,6 @@
#!/bin/sh
# amd64-microcode initramfs-tools hook script
-# Copyright (C) 2012,2013 Henrique de Moraes Holschuh <h...@debian.org>
+# Copyright (C) 2012-2014 Henrique de Moraes Holschuh <h...@debian.org>
# Released under the GPL v2 or later license
#
# Generates a copy of the minimal microcode for the current system if
@@ -8,6 +8,7 @@
#
PREREQ=""
+AMD64UCODE_CONFIG=/etc/default/amd64-microcode
prereqs()
{
@@ -26,47 +27,72 @@
verbose()
{
if [ "${verbose}" = "y" ] ; then
- echo "amd64-microcode: $@"
+ echo "amd64-microcode: $*"
fi
:
}
AUCODE_FW_DIR=/lib/firmware/amd-ucode
+AMD64UCODE_INITRAMFS=auto
+[ -r ${AMD64UCODE_CONFIG} ] && . ${AMD64UCODE_CONFIG}
+
+[ -z "${AMD64UCODE_INITRAMFS}" ] && AMD64UCODE_INITRAMFS=no
if [ ! -d "${AUCODE_FW_DIR}" ] ; then
verbose "no AMD64 processor microcode datafiles to install"
exit 0;
fi
-if grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo; then
- # See Debian bug #716917. Blacklist all non-LTS/non-Debian kernel versions
- # before kernel 3.4 Only known-bad kernel is 2.6.38.
- #
- # This doesn't blacklist early kernels in the LTS branches, we don't have enough
- # information at the initramfs-tools layer, due to the way Debian and Ubuntu version
- # kernel packages.
-
- if dpkg --compare-versions ${version} le 3.4 && \
- { dpkg --compare-versions ${version} lt 2.6.32 || \
- { dpkg --compare-versions ${version} ge 2.6.33 && dpkg --compare-versions ${version} lt 3.0 ; } || \
- { dpkg --compare-versions ${version} ge 3.1 && dpkg --compare-versions ${version} lt 3.2 ; } || \
- dpkg --compare-versions ${version} ge 3.3 ; \
- }; then
- echo "E: amd64-microcode: unsupported kernel version!" >&2
- exit 0
- fi
+case "${AMD64UCODE_INITRAMFS}" in
+ no|0)
+ verbose "disabled by ${AMD64UCODE_CONFIG}"
+ exit 0
+ ;;
+ early)
+ echo "W: amd64-microcode: early mode not supported, forcing late initramfs mode" >&2
+ AMD64UCODE_INITRAMFS=yes
+ ;;
+ yes|1|auto)
+ ;;
+ *)
+ echo "E: amd64-microcode: invalid AMD64UCODE_INITRAMFS, using automatic mode" >&2
+ AMD64UCODE_INITRAMFS=auto
+esac
- verbose "installing all microcode datafiles for AMD64 processors"
+if [ "${AMD64UCODE_INITRAMFS}" = "auto" ] ; then
+ grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo || {
+ verbose "no AMD processors detected, nothing to do"
+ exit 0
+ }
+fi
- # Generate firmware dir
- mkdir -m 755 -p "${DESTDIR}${AUCODE_FW_DIR}" || true
- cp -fr "${AUCODE_FW_DIR}/." "${DESTDIR}${AUCODE_FW_DIR}/."
-
- if ! rmdir "${DESTDIR}${AUCODE_FW_DIR}" 2>/dev/null ; then
- # The directory was not empty, so we have work to do
- verbose "installing AMD64 processor microcode update support into initramfs..."
- force_load microcode
- fi
+# See Debian bug #716917. Blacklist all non-LTS/non-Debian kernel versions
+# before kernel 3.4 Only known-bad kernel is 2.6.38.
+#
+# This doesn't blacklist early kernels in the LTS branches, we don't have enough
+# information at the initramfs-tools layer, due to the way Debian and Ubuntu version
+# kernel packages.
+
+if dpkg --compare-versions "${version}" le 3.4 && \
+ { dpkg --compare-versions "${version}" lt 2.6.32 || \
+ { dpkg --compare-versions "${version}" ge 2.6.33 && dpkg --compare-versions "${version}" lt 3.0 ; } || \
+ { dpkg --compare-versions "${version}" ge 3.1 && dpkg --compare-versions "${version}" lt 3.2 ; } || \
+ dpkg --compare-versions "${version}" ge 3.3 ; \
+ }; then
+ echo "E: amd64-microcode: unsupported kernel version!" >&2
+ exit 0
+fi
+
+verbose "installing all microcode datafiles for AMD64 processors"
+
+# Generate firmware dir
+mkdir -m 755 -p "${DESTDIR}${AUCODE_FW_DIR}" || true
+cp -fr "${AUCODE_FW_DIR}/." "${DESTDIR}${AUCODE_FW_DIR}/."
+
+if ! rmdir "${DESTDIR}${AUCODE_FW_DIR}" 2>/dev/null ; then
+ # The directory was not empty, so we have work to do
+ verbose "installing AMD64 processor microcode update support into initramfs..."
+ force_load microcode
fi
:
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/install amd64-microcode-2.20141028.1/debian/install
--- amd64-microcode-2.20131007.1+really20130710.1/debian/install 2013-09-07 15:20:18.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/install 2014-12-17 18:33:44.000000000 -0200
@@ -1,2 +1,2 @@
-microcode_amd.bin /lib/firmware/amd-ucode
-microcode_amd_fam15h.bin /lib/firmware/amd-ucode
+microcode_amd.bin /lib/firmware/amd-ucode
+microcode_amd_fam*.bin /lib/firmware/amd-ucode
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/kpreinst amd64-microcode-2.20141028.1/debian/kpreinst
--- amd64-microcode-2.20131007.1+really20130710.1/debian/kpreinst 2013-09-07 21:28:49.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/kpreinst 1969-12-31 21:00:00.000000000 -0300
@@ -1,16 +0,0 @@
-#!/bin/sh
-#
-# /etc/kernel/preinst.d amd64-microcode script
-# Copyright (C) 2013 Henrique de Moraes Holschuh <h...@hmh.eng.br>
-# Released under the GPL v2 or later license
-#
-# This script makes sure the microcode module is loaded, before the
-# kernel image has a chance to replace it with a new one that might not
-# be compatible with the current kernel.
-#
-# We need the microcode module to update microcode on postinst.
-#
-
-modprobe -q microcode || true
-
-:
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/modprobe-blacklist amd64-microcode-2.20141028.1/debian/modprobe-blacklist
--- amd64-microcode-2.20131007.1+really20130710.1/debian/modprobe-blacklist 1969-12-31 21:00:00.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/modprobe-blacklist 2014-12-18 13:17:22.000000000 -0200
@@ -0,0 +1,3 @@
+# The microcode module attempts to apply a microcode update when
+# it autoloads. This is not always safe, so we block it by default.
+blacklist microcode
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/NEWS amd64-microcode-2.20141028.1/debian/NEWS
--- amd64-microcode-2.20131007.1+really20130710.1/debian/NEWS 1969-12-31 21:00:00.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/NEWS 2014-12-18 13:30:11.000000000 -0200
@@ -0,0 +1,20 @@
+amd64-microcode (2.20141028.1) unstable; urgency=medium
+
+ This release drops support for automatically applying microcode updates
+ without a reboot. The microcode updates can still be applied without a
+ reboot through manual action of the system administrator.
+
+ This is a defensive measure. At this time, there are no reported
+ issues caused by the AMD microcode update itself when done outside of
+ the boot process.
+
+ However, updating only on boot works around a very elusive issue in the
+ the Linux kernel microcode update driver for AMD processors, which may
+ or may not have been fixed in the latest stable/long-term kernels.
+
+ It is now possible to configure how the amd64-microcode package should
+ behave through the /etc/default/amd64-microcode file. By default, it
+ will install microcode update support to the initramfs only when
+ running in a system with an AMD processor.
+
+ -- Henrique de Moraes Holschuh <h...@debian.org> Wed, 17 Dec 2014 19:17:30 -0200
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/postinst amd64-microcode-2.20141028.1/debian/postinst
--- amd64-microcode-2.20131007.1+really20130710.1/debian/postinst 2013-09-07 21:28:49.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/postinst 2014-12-18 13:17:22.000000000 -0200
@@ -19,47 +19,13 @@
case "$1" in
configure)
- # See Debian bug #716917. Blacklist all non-LTS/non-Debian kernel versions
- # before kernel 3.4 that don't have all microcode fixes as of 2013-07-17.
- # Only known-bad kernel is 2.6.38. 2.6.32.37 presumed good based on lack of
- # reports by Debian squeeze backport users.
- kversion=$(uname -r)
- if dpkg --compare-versions ${kversion} le 3.4.21 && \
- { dpkg --compare-versions ${kversion} lt 2.6.32.58 || \
- { dpkg --compare-versions ${kversion} ge 2.6.33 && dpkg --compare-versions ${kversion} lt 3.0.54 ; } || \
- { dpkg --compare-versions ${kversion} ge 3.1 && dpkg --compare-versions ${kversion} lt 3.2.35 ; } || \
- dpkg --compare-versions ${kversion} ge 3.3 ; \
- }; then
- echo "W: amd64-microcode: unsupported kernel version ${kversion}" >&2
- else
- grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo && {
- # try to load the microcode module just in case. If we succeed,
- # it will trigger a microcode update by itself
- if modprobe -q --first-time microcode ; then
- echo "Updating microcode on all online processors..." >&2
- else
- # we have to trigger the microcode update manually
- if [ -e /sys/devices/system/cpu/microcode/reload ] ; then
- echo "Updating microcode on all online processors..." >&2
- echo 1 > /sys/devices/system/cpu/microcode/reload || {
- echo "Kernel reported failure while updating microcode!" >&2
- }
- else
- # Try all online processors, broken kernels need this,
- # fixed kernels will accept it only on the BSP and update
- # all processors anyway, and -EINVAL all others... but we
- # don't know which one is the BSP, so we try all of them
- # and hide errors, the kernel will log any real problem.
- echo "Using per-core interface to update microcode on online processors..." >&2
- find /sys/devices/system/cpu -noleaf -type f -path '/sys/devices/system/cpu/cpu*/microcode/reload' | \
- while read i ; do echo -n 1 2>/dev/null >"$i" || true ; done
- fi
- fi
+ # do it like udev and firmware-linux-*
+ if [ -x /usr/sbin/update-initramfs ] && [ -e /etc/initramfs-tools/initramfs.conf ] ; then
+ update-initramfs -u && {
+ echo "amd64-microcode: microcode will be updated at next boot" >&2
}
- # do it like udev and firmware-linux-*
- if [ -x /usr/sbin/update-initramfs -a -e /etc/initramfs-tools/initramfs.conf ] ; then
- update-initramfs -u
- fi
+ else
+ echo "amd64-microcode: initramfs support missing" >&2
fi
;;
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/debian/rules amd64-microcode-2.20141028.1/debian/rules
--- amd64-microcode-2.20131007.1+really20130710.1/debian/rules 2013-09-07 21:28:49.000000000 -0300
+++ amd64-microcode-2.20141028.1/debian/rules 2014-12-18 13:17:22.000000000 -0200
@@ -1,6 +1,6 @@
#!/usr/bin/make -f
# debian/rules for amd64-microcode
-# Copyright (C) 2012 by Henrique de Moraes Holschuh
+# Copyright (C) 2012-2014 by Henrique de Moraes Holschuh
# Published under the GNU GPL license version 2 or any later versions
PACKAGE := amd64-microcode
@@ -37,9 +37,12 @@
mkdir -p "$(PKGDIR)/usr/share/initramfs-tools/scripts/init-premount"
install -m 755 "$(DEBDIR)/initramfs.init-premount" \
"$(PKGDIR)/usr/share/initramfs-tools/scripts/init-premount/$(INITRAMFS_NAME)"
- mkdir -p "$(PKGDIR)/etc/kernel/preinst.d"
- install -m 755 "$(DEBDIR)/kpreinst" \
- "$(PKGDIR)/etc/kernel/preinst.d/$(PACKAGE)"
+
+ # We have a /etc/default file, but no initscript
+ install -m 644 "$(DEBDIR)/default" "$(PKGDIR)/etc/default/$(PACKAGE)"
+
+ # modprobe.d blacklist
+ install -m 644 "$(DEBDIR)/modprobe-blacklist" "$(PKGDIR)/etc/modprobe.d/$(PACKAGE)-blacklist.conf"
binary: install
dh_testdir
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/LICENSE.amd-ucode amd64-microcode-2.20141028.1/LICENSE.amd-ucode
--- amd64-microcode-2.20131007.1+really20130710.1/LICENSE.amd-ucode 2013-09-07 17:21:48.000000000 -0300
+++ amd64-microcode-2.20141028.1/LICENSE.amd-ucode 2014-12-17 18:30:04.000000000 -0200
@@ -1,4 +1,4 @@
-Copyright (C) 2010-2013 Advanced Micro Devices, Inc., All rights reserved.
+Copyright (C) 2010-2014 Advanced Micro Devices, Inc., All rights reserved.
Permission is hereby granted by Advanced Micro Devices, Inc. ("AMD"),
free of any license fees, to any person obtaining a copy of this
Binary files /tmp/ynTKfGhpWp/amd64-microcode-2.20131007.1+really20130710.1/microcode_amd_fam15h.bin and /tmp/9Fxgjddxjr/amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin differ
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/microcode_amd_fam15h.bin.asc amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin.asc
--- amd64-microcode-2.20131007.1+really20130710.1/microcode_amd_fam15h.bin.asc 2013-09-07 17:21:48.000000000 -0300
+++ amd64-microcode-2.20141028.1/microcode_amd_fam15h.bin.asc 2014-12-17 18:30:04.000000000 -0200
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
+Version: GnuPG v1
-iQEcBAABAgAGBQJR3dkfAAoJEKXo28mMAQi0iTsIAJ5nCgz/+jFYag2W/OH+kOQe
-BDXYSC5diXQR5wF/HUkXWh0sl+jNK/OrRVxT7sFaEgAUhEXhK6Df/h7qnJAYQGFr
-5+CKhfSr/0Qbk1ziWYAXVKMOXbuLWSSIov1SCcwLsps7A7puITK6xDemLby7KDGC
-xCUfKIM/BO6DyFpNhKQ+xJdDi+yVxUKQhbdk/8gY94VdUnVZq3CTK9UStpBuaXu0
-qJNfhbaU+OzgZmnmLq5+xGsCML1xfbgF6sexVRx7oT/Jv30tm97YQJWR0h4DU7jU
-zjID8kGtYRVV7+i8jC+jVpFo21yDVUkHUcqtNXXRB/lbOYFAm+UJviAEc4NEdSw=
-=JaWY
+iQEcBAABAgAGBQJUTqLvAAoJEOS+UznzKK5zyaIIAKZcXmU+sBO4YGH5Aq2SdRYe
+rlwE5oeYNh+AdzzLm9EqHwSC+MciFI7HqQz8PvKAsfaoD17mQjonIXga8l2/w3OW
+/vIJjJnu9QB2C9XpjAiQCxS5QaMtIfEEjVld+MeHs6Ld3PwGuAXCkxKcJ2sHLZd3
+UcwwHxcm98KYouogjVZoJeb226cjz6fzUVJK9t9yi2S+SWmIvkjSZEI6W0WFoFCL
+x0jM7lFNcusGtg5K6UsyAdwPwvfbBN5FoV29/DaP+/HA4GP/W/cgbQxS72skDJg5
+c/icP0ntAND2iprtTQXF9//mWdX2FLYD55eu+pShZmO8t4Qvq4tJgiVz3hJiK+U=
+=KBP3
-----END PGP SIGNATURE-----
Binary files /tmp/ynTKfGhpWp/amd64-microcode-2.20131007.1+really20130710.1/microcode_amd_fam16h.bin and /tmp/9Fxgjddxjr/amd64-microcode-2.20141028.1/microcode_amd_fam16h.bin differ
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/microcode_amd_fam16h.bin.asc amd64-microcode-2.20141028.1/microcode_amd_fam16h.bin.asc
--- amd64-microcode-2.20131007.1+really20130710.1/microcode_amd_fam16h.bin.asc 1969-12-31 21:00:00.000000000 -0300
+++ amd64-microcode-2.20141028.1/microcode_amd_fam16h.bin.asc 2014-12-17 18:30:04.000000000 -0200
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJUTtyFAAoJEOS+UznzKK5z4mwIAKEoRVZfNlqlsD2SR6Sfy3Cw
+8SgsmUk0Wtdt4AmIMn3O4cZ+ONN9knMrJyLcDk+dH2dGsWPutNCE73diC7jP+P2W
+hPy++6o9EBgCVBGxa/9ltuIAsS6N7HXPX2StZHcSaZEy+QWFX9rLmX9YF2lHzhwr
+mbgK9/LLL2mV9BzBeuLAWBpzijIIrYgBfxDQS5gLwyveJMrWFO4WqupXd6XyrFur
+ixe4paWNqHf82Llz7Yy55H8TAlES4eCg/wpxKVFAMDrs25MEXLoIGlAwLoTZBRkQ
+bX+HsHfN3IcOi67UxwbRzTkb+hBvT13yJN4TymKhXstx4A/a3jF2sMlUD4aRs88=
+=YwHU
+-----END PGP SIGNATURE-----
diff -Nru amd64-microcode-2.20131007.1+really20130710.1/README amd64-microcode-2.20141028.1/README
--- amd64-microcode-2.20131007.1+really20130710.1/README 2013-09-07 17:21:48.000000000 -0300
+++ amd64-microcode-2.20141028.1/README 2014-12-17 18:30:04.000000000 -0200
@@ -1,46 +1,30 @@
-This package provides latest microcode patches
-for AMD processor families >= 0x10.
-
-See http://www.amd64.org/support/microcode.html
-for details.
-
-Microcode patches are included in container files:
-- 'microcode_amd.bin' (for AMD CPU families 10h - 14h)
-- 'microcode_amd_fam15h.bin' (for AMD CPU family 15h)
-
-Please read the file INSTALL for install instructions.
-Please read the file LICENSE for licensing information.
-
-The container files include following microcode patches:
-
- mc_patch_01000083_PUB-v4/mc_patch_01000083.asm
- mc_patch_01000084_PUB-v4/mc_patch_01000084.asm
- mc_patch_010000C7_PUB-v1/mc_patch_010000C7.asm
- mc_patch_010000C8_PUB-v1/mc_patch_010000C8.asm
- mc_patch_010000D9_PUB-v1/mc_patch_010000D9.asm
- mc_patch_010000DA_PUB-v1/mc_patch_010000DA.asm
- mc_patch_010000DB_PUB-v1/mc_patch_010000DB.asm
- mc_patch_010000DC_PUB-v1/mc_patch_010000DC.asm
- mc_patch_02000032_PUB-v3/mc_patch_02000032.asm
- mc_patch_03000027_PUB-v1/mc_patch_03000027.asm
- mc_patch_05000029_PUB-v1/mc_patch_05000029.asm
- mc_patch_05000119_PUB-v1/mc_patch_05000119.asm
- mc_patch_0600063D_PUB-v1/mc_patch_0600063D.asm
- mc_patch_06000822_PUB-v1/mc_patch_06000822.asm
- mc_patch_06001119_PUB-v2/mc_patch_06001119.asm
-
-***********************************************************************
-Copyright 2008-2013 ADVANCED MICRO DEVICES, INC. All Rights Reserved.
-
-AMD is granting you permission to use this software and documentation
-(if any) (collectively, the “Materials”) pursuant to the terms and
-conditions of the Software License Agreement included with the
-Materials. This header does NOT give you permission to use the
-Materials or any rights under AMD’s intellectual property. Your use
-of any portion of these Materials shall constitute your acceptance of
-those terms and conditions. If you do not agree to the terms and
-conditions of the Software License Agreement, you do not have
-permission to use any portion of these Materials. If you do not have
-a copy of the Software License Agreement, contact your AMD
-representative for a copy.
+This amd64-microcode release was based on the linux-firmware tree.
+commit 8ac569dd3ca3ca685bd47ee86c1eeb6050864db3
+Author: Sherry Hurwitz <sherry.hurw...@amd.com>
+Date: Thu Nov 6 19:38:26 2014 -0600
+
+ linux-firmware: Update AMD microcode patch firmware files
+
+ For AMD Family 15h Processors
+ file: amd-ucode/microcode_amd_family15h.bin
+ md5sum: ee3f0f46936aa1788dc31ca3487e0ff3
+
+ For AMD Family 16h Processors
+ file: amd-ucode/microcode_amd_family16h.bin
+ md5sum: 6a47a6393c52ddfc0b5b044efc076a77
+
+ Version: 2014_10_28
+ Signed-off-by: Sherry Hurwitz <sherry.hurw...@amd.com>
+ Signed-off-by: Kyle McMartin <k...@kernel.org>
+
+LICENSE.amd-ucode | 2 +-
+amd-ucode/microcode_amd_fam15h.bin |binary
+amd-ucode/microcode_amd_fam15h.bin.asc | 16 ++++++++--------
+amd-ucode/microcode_amd_fam16h.bin |binary
+amd-ucode/microcode_amd_fam16h.bin.asc | 11 +++++++++++
+6 files changed, 23 insertions(+), 10 deletions(-)
+
+AMD did not update the relevant microcode documentation (errata fixed,
+microcode patch levels, etc), so there is no documentation for the family 0x16
+microcode patches, and the documentation for family 0x15 might be stale.
