Hi,
On Thu, Jan 01, 2026 at 09:01:22PM +0100, Salvatore Bonaccorso wrote:
> hi Henrique,
>
> On Sun, Nov 09, 2025 at 06:14:23PM -0300, Henrique de Moraes Holschuh wrote:
> > AMD changes to avoid regressing outdated family 19h systems have
> > showed up on linux-firmware recently, and there are patches to the
> > kernel microcode driver on their way to mainline (they can be seen
> > on the "tip" tree).
> >
> > I am packaging the new microcode update to upload to *unstable*, but
> > systems with outdated firmware are supposed to regress unless they
> > also have the kernel changes, so updates to stable are still in the
> > future.
> >
> > It has also become very clear that:
> >
> > 1. Family 0x19 (Zen 2 to Zen 4) will have the choice of staying on
> > the last Entrysign-vulnerable microcode release. Obviously, they
> > will remain vulnerable to Entrysign and everything else fixed since
> > Entrysign, since they will *not* receive any new microcode updates.
> >
> > 2. Zen 5 systems have no such choice: all systems must update the
> > firmware to fix Entrysign in order to receive microcode updates.
> >
> > We can issue partial security updates to stable covering only family
> > 0x1a (Zen 5) while we wait for the kernel-side changes that will
> > enable us to ship the fixes for family 0x19 without regressing
> > systems with outdated firmware.
>
> I pondered your mail for a while now.
>
> I think there is no urgency to do a partial update and we can look
> forward if and when the changes will trickle into stable series
> upstream (if at all). The relevant series for the changes only entered
> v6.19-rc1 so far.
>
> In particular as the older back we go, Zen 5 Linux support get less
> relevant, so it does make less sense to issue updates with only that
> part, well maybe as stable-proposed-update indeed for trixie and
> 6.12.y based kernel but not older (not considering backports kernel).
Just an update, at last 8d171045069c ("x86/microcode/AMD: Select which
microcode patch to load") has now been backported to 6.18.4 and
6.12.64.
The Linux upload to unsable will come soon, 6.12.64 an later can be
expected latest on the 13.4 point release for trixie.
Regards,
Salvatore
