On 21/10/2025 10:18 am, Jan Beulich wrote: > On 20.10.2025 15:19, Andrew Cooper wrote: >> For Zen3-5 microcode blobs signed with the updated signature scheme, the >> checksum field has been reused to be a min_revision field, referring to the >> microcode revision which fixed Entrysign (SB-7033, CVE-2024-36347). >> >> Cross-check this when trying to load microcode, but allow --force to override >> it. If the signature scheme is genuinely different, a #GP will occur. >> >> Signed-off-by: Andrew Cooper <[email protected]> > Acked-by: Jan Beulich <[email protected]>
Thanks. > > Might be upgradable to R-b if only I knew where - if anywhere - this is > documented. I can't spot anything in PM vol 2 in particular. Like everything else about the ucode format, It's not documented at all. In fact, this was discovered by people on the WinRaid forums, because even https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=3768c184de68a85b9df6697e7f93a2f61de90a99 doesn't say that the internal headers have been adjusted. I've confirmed with AMD that it's intentional and expected to continue like this for the lifetime of the Zen3-5 blobs. ~Andrew
