** Description changed: + [Impact] + + AMD TEE firmware is provided by both linux-firmware and amd64-microcode. + We've been 'lucky' so far that there's no file collision because linux- + firmware provides a compressed blob and amd64-microcode doesn't. But + that also means that the compressed blobs (from the wrong package) are + used. + + + [Fix] + + Don't ship AMD TEE firmware with linux-firmware. + + + [Test Case] + + Inspect package content and verify that it doesn't not provide + /usr/lib/amdtee firmware. + + + [Where Problems Could Occur] + + initramfs could contain wrong amdtee firmware and kernel could load + wrong firmware. This can result in the usual kernel firmware problems: + Unpatched issues due to wrong firmware loaded, kernel crashes, oops, + hangs, ... + + + [Original Description] + Hi, the amdtee firmwares are provided both by amd64-microcode: $ dpkg -L amd64-microcode | grep amdtee /usr/lib/firmware/amdtee /usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin /usr/lib/firmware/amdtee/amd_pmf_v3.bin and by linux-firmware: $ dpkg -L linux-firmware | grep amdtee /lib/firmware/amdtee /lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst /lib/firmware/amdtee/amd_pmf_v3.bin.zst - - one compressed and the other uncompressed - - one in /lib and the other in /usr/lib + - one compressed and the other uncompressed + - one in /lib and the other in /usr/lib Would it be possible to better coordinate both packages? ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: amd64-microcode 3.20240820.1ubuntu1 ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0 Uname: Linux 6.14.0-15-generic x86_64 ApportVersion: 2.32.0-0ubuntu5.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Jun 4 18:29:30 2025 SourcePackage: amd64-microcode UpgradeStatus: No upgrade log present (probably fresh install)
** Description changed: [Impact] AMD TEE firmware is provided by both linux-firmware and amd64-microcode. We've been 'lucky' so far that there's no file collision because linux- - firmware provides a compressed blob and amd64-microcode doesn't. But - that also means that the compressed blobs (from the wrong package) are - used. - + firmware provides compressed blobs and amd64-microcode doesn't. But that + also means that the compressed blobs (from the wrong package) are used. [Fix] Don't ship AMD TEE firmware with linux-firmware. - [Test Case] - Inspect package content and verify that it doesn't not provide + Inspect package content and verify that it doesn't provide /usr/lib/amdtee firmware. - [Where Problems Could Occur] initramfs could contain wrong amdtee firmware and kernel could load wrong firmware. This can result in the usual kernel firmware problems: Unpatched issues due to wrong firmware loaded, kernel crashes, oops, hangs, ... - [Original Description] Hi, the amdtee firmwares are provided both by amd64-microcode: $ dpkg -L amd64-microcode | grep amdtee /usr/lib/firmware/amdtee /usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin /usr/lib/firmware/amdtee/amd_pmf_v3.bin and by linux-firmware: $ dpkg -L linux-firmware | grep amdtee /lib/firmware/amdtee /lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst /lib/firmware/amdtee/amd_pmf_v3.bin.zst - one compressed and the other uncompressed - one in /lib and the other in /usr/lib Would it be possible to better coordinate both packages? ProblemType: Bug DistroRelease: Ubuntu 25.04 Package: amd64-microcode 3.20240820.1ubuntu1 ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0 Uname: Linux 6.14.0-15-generic x86_64 ApportVersion: 2.32.0-0ubuntu5.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed Jun 4 18:29:30 2025 SourcePackage: amd64-microcode UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112488 Title: amdtee firmwares provided by both amd64-microcode and linux-firmware To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2112488/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
