LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH 1/1] Update AMD cpu microcode for family 15h
@ 2018-05-25  1:57 Sherry Hurwitz
  2018-05-25 12:10 ` Josh Boyer
  0 siblings, 1 reply; 9+ messages in thread
From: Sherry Hurwitz @ 2018-05-25  1:57 UTC (permalink / raw)
  To: linux-firmware
  Cc: linux-kernel, jwboyer, hmh, r.marek, suravee.suthikulpanit,
	sherry.hurwitz

* Processor Revision ID 0x00610f01 was accidently not included in the previous
  submitted microcode container file.
* Update the Version for family 15h microcode .bin file

Key Name        = AMD Microcode Signing Key (for signing microcode container files only)
Key ID          = F328AE73
Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73

Signed-off-by: Sherry Hurwitz <sherry.hurwitz@amd.com>
---
 WHENCE                                 |   2 +-
 amd-ucode/microcode_amd_fam15h.bin     | Bin 5356 -> 7876 bytes
 amd-ucode/microcode_amd_fam15h.bin.asc |  14 +++++++-------
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/WHENCE b/WHENCE
index 7cf7026..4aa5c20 100644
--- a/WHENCE
+++ b/WHENCE
@@ -3100,7 +3100,7 @@ Driver: microcode_amd - AMD CPU Microcode Update Driver for Linux
 File: amd-ucode/microcode_amd.bin
 Version: 2013-07-10
 File: amd-ucode/microcode_amd_fam15h.bin
-Version: 2018-05-15
+Version: 2018-05-24
 File: amd-ucode/microcode_amd_fam16h.bin
 Version: 2014-10-28
 File: amd-ucode/microcode_amd_fam17h.bin
diff --git a/amd-ucode/microcode_amd_fam15h.bin b/amd-ucode/microcode_amd_fam15h.bin
index d0629acf0974171050550d96968573015774451a..f12ff79a538dd12d0e8c3a8eef7a3dbf27c77312 100644
GIT binary patch
delta 2657
zcmV-n3ZC`sDa1VqL`^{e00000K#>U}4iXPw000000000001{xaieeOh0RR91APN8g
z5+D-?84&;m0)PMj0000000000000000bu|D00000ogu(HHycN25q(do`h3+7M)O@J
zEpg?bPI4<&#4e3AAc6dqrEb}j2N|<A<#aWN3z;+=Z5rF&T)Aw7I`YfkvW&8HMxAQ-
zxJ?ug*Tn066$$Q-b}4RubU^V;6L8rY&b<yA%`$)Dv%UA^@-qA1HVw>t5ug@xGG*Pc
zPLRZv%X_N=XU9gX?8-G`&lLFKV((A`s*OtTp#w-bl!&NidtZg8XUL;#dsX4&+02z8
zT6HNg9!y1wQizsF#w<22n-c-xIvk_&7ao}x!YH<l3`g{3YQ?O790-wl&>O)lCgbz?
zh}J%yZrltrN%OLgNFZhR8Q>u5!Dt`xksSrf5diY(lS0xw+uP3#z5{Ynw>=NqdRM*`
zR6qSD*;T>oq!M%E@I`T&+ebTO?ri=ARPG#W^+avZYdIW;=b34Q|1#&lRA`|A@Hjn`
zIS2iR8;3R(?NknbShB2heCck>>N3+SmmO_Db>VNNP1oFHx>5qgapqOP#^XOxj{>MA
zj)D#{_-2JBx@LeYpNhA$VUDAvL!b(0SF}1mhhP!x=DUSfCq`&<*1(6;-cjr!XbO>~
zkr8&t4vN5_dbEPSgBYOI;wZ(2pBOW$SU?n2fw4@^3B*l*0euyVy8Q*BL$s|k+zVMN
zo3e4LOeQm6O|w&R+xH>7OB47v^^~_p5S>_i;V&0fgl9=ZFQpJ!VPMiMHagaMDcrJ$
z4|aF5($d%XY!m$K^-#2$Uq<7^<i7Wal6pxe-M*y+FfZ;eXMst0@1%!D0OvB*J(F8@
z)Rz{%X=nL=={DF63w2Ppdamu1K=IM$Wzek@IDVZUkeha-v=%_wXqe2msV^m~!KA09
z?Rbn{)o8h-X5Hrn-x!2iF`CnkVZuNX^ebQr^jgYr_Xg%3-KFu5^mDNgtKj<;*ttBd
zdQ)PLq!W<5q%Ic$ml-$eYQHt1<ajTpr3a>9lP#TpVbOj10?4Y%dwGQ7<KsFMU3*T6
z7AGxR+0BQLCGj-7N;tzc=ztFxFoz(XwGLG=TQieov(j$OI=E(?T<42Rkne2!Qs=Rl
znm!2NOQ8W+=Adv3r5VG6`nn577`Moz4J+SK^+eJ-ot7<rj!6K6I&{SLuLqF^FBo#F
z%*lj*7&FHWqz$gt*2RYk<-FC3Zp2rd1vqA02k8)8A`>Y8Q~PifVi$1oU21BDY=MdU
z7ytJ&v23bi*iqikk&h)~W)}Y;-jj6lKtSCl?bQu*Fpb0*us|qf|9Cbvepo#!j6Oh?
z48l4Y<)tQ8$mOEpe%7sf3+iBBtKp!oZ;hgVk0Ctfm5io(M(~H)I$y=U^KJ~q=p#2l
zoaqU;j?H?QPceS}f_r!Mu4k>irD4HV+%_uIrfZV93y4_tftOMq*5yyo_0q8_7p_&%
z5UiQ=H_{)oPE1|wdNQuH*hagy`t0Qnq@W<0-OGrrVDuXG1K9dm3G7}DOs^GzX)%s}
z!6#Gsd&Q8+)&VtB+1>!(`Y5%#!5MVe0D>*8K--je?4OSSOPeOO=hqmvx4GiA;!)ru
z3ENiS!lOj}GpkW)NZ=!TwtchxqhD=*SU(D)bx9(L5AOWK;l7m9!~H1H@#DnFOW60F
zgaSQ0((G7+NU&kql+~motfxqgSXtA5;^3`e2sO{)ak%Y&*){7F773^))1F19)$>Kf
zUmy;j$yV)js#j@cLn02<fqoIplwiIp<#HK_pK#1G4?+u4yJg?fnCaqk^s6k10N7`|
zpX}q&o>PsAOMT;4ODYx`>Um|@WN)HxY^zboS>I)Gy}i3lboa^}jq84=93_2!SQr=V
zN+>s4@S%_j4!Vtz6O9Fr?X~qy(;U>EVB?kms>X#D*)K4C6$g~7_s}GiwG413q|r3L
zb~5p-E?!N_Gr1S*s!>YqDJbV2@ndgZx!iEelrrfy5TC%?>^&AhpJIT_gOU5v`vR90
zzOzrZG!yAQex!Kw7q9Ux@$F}SnUchjX28Y86cEyCQGYii-3pZCTI31Tbu#jNhMm;C
zWemR;n=G)MtVlfPUP?sg(VNR+um-+4Sj8w~lIGAp@aD#>ZNl|i-1PGLp6O%iGBz6*
zv~Ld}`|wfI(BWsdC&<W+d`Gh49}loL13#l0+hPu%UBiO|g90)y#MbbCPh@PK{bm3Q
z<saeY?A3yoLB#Q<{?&CkFCLp@41k4x1+CTn0T^}ZZN?Z~%6fc+Yw(^rM$C=fFOT=#
zt74BU>6xa&TGcH^FMHE>H%lP#cU<L$*BO`Ys7yPG7jYf$(g+Ra*s=#ZHl}p+2aT@4
z&SnnwUSp#`|H|e$LWrY(-ql4(jG~6nMv-sglGJxbK*M5;6wK6LUQyq<_3g@OsRBFh
zua6d%QZ!+xTq>&$r4RVrX77?rIt!r0rT!Dw+AL0e;FHkB@MsjTYb7U%L6r_g0<P3T
zNhqsU>YRebc2^jc56{tynYh83-G0y9lupbtLum{_cG<+tG@3zwR6A$6N}{f!%rk)q
zOCtLujK%FM(Y|%g4<(DC)Fy1Lu{iSsotl9&@-)zb!OMXbTC;&i2^hTrkOzSZ^uEI8
z8*o5Xgy^2b3PEk*DUp4qsC`k(52$Z{T&k%Lj}n85Z517k>vG0wLLOU3;yvHpLVyaQ
z6-J7uf~HKP0D8KA9}W8n{m_F(6?9Y&Ot#d~!(9-|H)@yaG*wSOMkwt)yvhOtUXzm$
zeHSt86cqS>4N@1%H#hd>WuDq}6CCWUsJuC+42ay5z_q0fFLIVdVe3JAnUfN!r2Zk1
z3lE48Xd5S$08P(KM6_+(G{}tlh@sFlhOGVFWT2#2<xNF@^ZX5GwykJ+y;aAe1CNxL
z8$aRDSn<M&Qiml?a7GVDs9wdfg_kh#B>-1f!~qJqd{~buoy@bH%pW;cIDwEd!9?HW
zX!6AhoCZ2pfIC2~$%rg!I*TXBqzt;o6E3`tKs<jZuGCLRn_cz&ENTMH1+bo*2!%?P
zjYg#<>Q=OW#Ux_2_K3(TsgSg|!qqr5t*=e*iPG=~coWAx@^FYJB&ReC>~#-4PlCFb
zlB}t*FnWvAw>Kbobl(XD8LEOrMS1jNOJRY`wY@2Pi#bD^mgSwi0mpRw2n?tZPH;T|
zRpv-7$%ou;PM;14mV89>zRBhuljyfSuHfu{?ms7go1S4AshAvzJxJmC&X`<VbnfE_
zP2vVVhP>+YZfsN<j4R}E?w7N1MJ()q6WcKk_~|iO*fQaqqD0+Orwy;Om~_92y9Vv2
zws1Z4H3=V74+Gu`oogB5zXYxqL4PL2E;iF`hP;PKilW|!(&Rp7`C2;*7`*Gb%8Mu*
zw4<v$LNh_z^3~v=*zb9_U9VU3%^modDr7o&zWS5RaD3j;d|uJD0*Jo)q(7BGM2rES
PStNF5<GR0AO%(V(lAji$

delta 116
zcmX?N`$m(~#n+Jm1SU-6RE}fhF935u1S60s#Ge4?3jvve{0(rvAdo49#1{hcg^~Ee
OAf-rrhK7w+Ng@C~oeYWq

diff --git a/amd-ucode/microcode_amd_fam15h.bin.asc b/amd-ucode/microcode_amd_fam15h.bin.asc
index b10865f..cf6b810 100644
--- a/amd-ucode/microcode_amd_fam15h.bin.asc
+++ b/amd-ucode/microcode_amd_fam15h.bin.asc
@@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
-iQEcBAABAgAGBQJa+7WFAAoJEOS+UznzKK5zu7sH/A1IGyMXU/OuUnJVdIN9VNW9
-mtTRbymKK0PdL3gSbK30pVMMMR2rLUZQm96OAcHyN3ETp3OSXA291zqZ1PEQnLNM
-8sXCVsKmU+kogUy+anoxyLPaiYnnO9Z7Ga+hTKuq4u107XPp+t/z6m/bjc7opbkP
-TABokyIkkXLa9miP6OWqgWizb4ucGvx+tm7USzUulLf2OVpNz7pBnldILli7HgK0
-naLiCijRwPl/KFRXdkbrQfQvS8Nnwe8+qrY9/ooESahWoEr8sd0HlRLLULzsuLJi
-MuAIASWbaNSKptqv4ucp6AvzbALAOmsxSHRR0rQ68+ddxe16f7xDiv7HQMWe/O4=
-=5C/J
+iQEcBAABAgAGBQJbB09SAAoJEOS+UznzKK5z8kAIAK1In82D88fGFbhluAl13UFu
+rs8BhXKL2w7B2KAspBNTmYpIQnfvVDrZzn6t6nqssuJ4bnWH8sf0mC/w5dSQLG4M
+WdpDd+qkdkDGJFlbl3zkr14Q7ZCQPV44pT7BOF07VPflOeQQjRWug9cdyqRIfO4n
+XGR5wvBOJZ2BlriRkYagQHn6iB/UJWXodmTr8CRGIHTApQg6K0NPNvmbwa/W5Z9X
+bS6eniACMfFDH7NXG2uTpFiGa3DYbDyNZiZeM7Uv3BFxtAOGY8vTFghtRyk0qxAl
+o6d8fT6ozkTUxE40Lgb6MegDJPwJ+uDfB7jKVPnYsbDAp6K7L8k/7PQQQRJ69Pc=
+=k2EA
 -----END PGP SIGNATURE-----
-- 
2.7.4

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-05-25  1:57 [PATCH 1/1] Update AMD cpu microcode for family 15h Sherry Hurwitz
@ 2018-05-25 12:10 ` Josh Boyer
  2018-05-30 14:16   ` Ivan Ivanov
  0 siblings, 1 reply; 9+ messages in thread
From: Josh Boyer @ 2018-05-25 12:10 UTC (permalink / raw)
  To: Sherry Hurwitz
  Cc: Linux Firmware, Linux-Kernel@Vger. Kernel. Org, hmh, r.marek,
	suravee.suthikulpanit

On Thu, May 24, 2018 at 10:13 PM Sherry Hurwitz <sherry.hurwitz@amd.com>
wrote:

> * Processor Revision ID 0x00610f01 was accidently not included in the
previous
>    submitted microcode container file.
> * Update the Version for family 15h microcode .bin file

> Key Name        = AMD Microcode Signing Key (for signing microcode
container files only)
> Key ID          = F328AE73
> Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73

> Signed-off-by: Sherry Hurwitz <sherry.hurwitz@amd.com>
> ---
>   WHENCE                                 |   2 +-
>   amd-ucode/microcode_amd_fam15h.bin     | Bin 5356 -> 7876 bytes
>   amd-ucode/microcode_amd_fam15h.bin.asc |  14 +++++++-------
>   3 files changed, 8 insertions(+), 8 deletions(-)

Applied and pushed out.

josh

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-05-25 12:10 ` Josh Boyer
@ 2018-05-30 14:16   ` Ivan Ivanov
  2018-05-31 22:05     ` Henrique de Moraes Holschuh
  0 siblings, 1 reply; 9+ messages in thread
From: Ivan Ivanov @ 2018-05-30 14:16 UTC (permalink / raw)
  To: Josh Boyer
  Cc: Sherry Hurwitz, Linux Firmware, Linux-Kernel@Vger. Kernel. Org,
	hmh, Rudolf Marek, suravee.suthikulpanit

This is still not addressing the outdated 15h microcode version issue
that Rudolf Marek has pointed out. Also, we still hope to see an
updated microcode for 16h architecture as well - it has not received
any updates for two years already

Best regards,
Ivan Ivanov

2018-05-25 15:10 GMT+03:00 Josh Boyer <jwboyer@kernel.org>:
> On Thu, May 24, 2018 at 10:13 PM Sherry Hurwitz <sherry.hurwitz@amd.com>
> wrote:
>
>> * Processor Revision ID 0x00610f01 was accidently not included in the
> previous
>>    submitted microcode container file.
>> * Update the Version for family 15h microcode .bin file
>
>> Key Name        = AMD Microcode Signing Key (for signing microcode
> container files only)
>> Key ID          = F328AE73
>> Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
>
>> Signed-off-by: Sherry Hurwitz <sherry.hurwitz@amd.com>
>> ---
>>   WHENCE                                 |   2 +-
>>   amd-ucode/microcode_amd_fam15h.bin     | Bin 5356 -> 7876 bytes
>>   amd-ucode/microcode_amd_fam15h.bin.asc |  14 +++++++-------
>>   3 files changed, 8 insertions(+), 8 deletions(-)
>
> Applied and pushed out.
>
> josh

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-05-30 14:16   ` Ivan Ivanov
@ 2018-05-31 22:05     ` Henrique de Moraes Holschuh
  2018-06-04 19:27       ` Rudolf Marek
  0 siblings, 1 reply; 9+ messages in thread
From: Henrique de Moraes Holschuh @ 2018-05-31 22:05 UTC (permalink / raw)
  To: Ivan Ivanov
  Cc: Josh Boyer, Sherry Hurwitz, Linux Firmware,
	Linux-Kernel@Vger. Kernel. Org, Rudolf Marek,
	suravee.suthikulpanit

On Wed, 30 May 2018, Ivan Ivanov wrote:
> This is still not addressing the outdated 15h microcode version issue
> that Rudolf Marek has pointed out. Also, we still hope to see an
> updated microcode for 16h architecture as well - it has not received
> any updates for two years already

True, but now at least it won't regress old boxes anymore, so we can
ship it in the stable branches of the distros with less restrictions.

It would be really good to be able to actually mitigate spectre v2/v4 on
most AMD systems, though.  And current experience shows this is only
going to happen if we can have the required microcode update also going
through the operating system update channels.

-- 
  Henrique Holschuh

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-05-31 22:05     ` Henrique de Moraes Holschuh
@ 2018-06-04 19:27       ` Rudolf Marek
  2018-06-05 14:27         ` Hurwitz, Sherry
  0 siblings, 1 reply; 9+ messages in thread
From: Rudolf Marek @ 2018-06-04 19:27 UTC (permalink / raw)
  To: Henrique de Moraes Holschuh, Ivan Ivanov
  Cc: Josh Boyer, Sherry Hurwitz, Linux Firmware,
	Linux-Kernel@Vger. Kernel. Org, suravee.suthikulpanit,
	Tom Lendacky, Jon Grimm

Hi Sherry,

Any news on this please? It seems we still miss updated microcode for certain fam15h/16h for Linux.

Thanks
Rudolf


Dne 1.6.2018 v 00:05 Henrique de Moraes Holschuh napsal(a):
> On Wed, 30 May 2018, Ivan Ivanov wrote:
>> This is still not addressing the outdated 15h microcode version issue
>> that Rudolf Marek has pointed out. Also, we still hope to see an
>> updated microcode for 16h architecture as well - it has not received
>> any updates for two years already
> 
> True, but now at least it won't regress old boxes anymore, so we can
> ship it in the stable branches of the distros with less restrictions.
> 
> It would be really good to be able to actually mitigate spectre v2/v4 on
> most AMD systems, though.  And current experience shows this is only
> going to happen if we can have the required microcode update also going
> through the operating system update channels.



> Dne 24.5.2018 v 16:48 Hurwitz, Sherry napsal(a):
>> Thank you for pointing this out.  Let me investigate and send out an updated fam15h container.
> 
> Thanks I have seen the patch. However it still contains "old" microcode from 2012, patch level
> 0x06001119. Do you plan to update it to 0x0600111f, which will support IBPB?
> 
> Thanks
> Rudolf
> 
> 

> I noticed in commit [1], that 0x00610f01 microcode is removed completely. It has only entry in the equivalence table,
> but the actual microcode is gone. As this update fixes important errata (and it was latest supported microcode officially released), what is the reason behind that?
> 
> Maybe it is a mistake? Or new microcode will be provided? I seen in the wild one with patch level 0x0600111f, but it does not
> seem to be available?
> 
> Please can someone throw some light on that? 
> 
> Many thanks
> Rudolf
> 
> 
> [1]
> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode/microcode_amd_fam15h.bin?id=77101513943ef198e2050667c87abf19e6cbb1d8

^ permalink raw reply	[flat|nested] 9+ messages in thread

* RE: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-06-04 19:27       ` Rudolf Marek
@ 2018-06-05 14:27         ` Hurwitz, Sherry
  2018-06-05 17:55           ` Rudolf Marek
  2018-09-01 15:46           ` Rudolf Marek
  0 siblings, 2 replies; 9+ messages in thread
From: Hurwitz, Sherry @ 2018-06-05 14:27 UTC (permalink / raw)
  To: Rudolf Marek, Henrique de Moraes Holschuh, Ivan Ivanov
  Cc: Josh Boyer, Linux Firmware, Linux-Kernel@Vger. Kernel. Org,
	Suthikulpanit, Suravee, Lendacky, Thomas, Grimm, Jon

Hi Rudolf,
I have been investigating the status with the AMD release management, but I have not been given approval to publish any other microcode.  I have been trying to track down why there might be a version in the wild that I have not been given for public publishing.  It might have come from a BIOS update and not a OS microcode load but I don't have the definitive details on that either.  I will publish whatever is released to me as soon as possible.

Sherry

> -----Original Message-----
> From: Rudolf Marek [mailto:r.marek@assembler.cz]
> Sent: Monday, June 04, 2018 2:27 PM
> To: Henrique de Moraes Holschuh <hmh@hmh.eng.br>; Ivan Ivanov
> <qmastery16@gmail.com>
> Cc: Josh Boyer <jwboyer@kernel.org>; Hurwitz, Sherry
> <sherry.hurwitz@amd.com>; Linux Firmware <linux-firmware@kernel.org>;
> Linux-Kernel@Vger. Kernel. Org <linux-kernel@vger.kernel.org>;
> Suthikulpanit, Suravee <Suravee.Suthikulpanit@amd.com>; Lendacky,
> Thomas <Thomas.Lendacky@amd.com>; Grimm, Jon
> <Jon.Grimm@amd.com>
> Subject: Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
> 
> Hi Sherry,
> 
> Any news on this please? It seems we still miss updated microcode for certain
> fam15h/16h for Linux.
> 
> Thanks
> Rudolf
> 
> 
> Dne 1.6.2018 v 00:05 Henrique de Moraes Holschuh napsal(a):
> > On Wed, 30 May 2018, Ivan Ivanov wrote:
> >> This is still not addressing the outdated 15h microcode version issue
> >> that Rudolf Marek has pointed out. Also, we still hope to see an
> >> updated microcode for 16h architecture as well - it has not received
> >> any updates for two years already
> >
> > True, but now at least it won't regress old boxes anymore, so we can
> > ship it in the stable branches of the distros with less restrictions.
> >
> > It would be really good to be able to actually mitigate spectre v2/v4
> > on most AMD systems, though.  And current experience shows this is
> > only going to happen if we can have the required microcode update also
> > going through the operating system update channels.
> 
> 
> 
> > Dne 24.5.2018 v 16:48 Hurwitz, Sherry napsal(a):
> >> Thank you for pointing this out.  Let me investigate and send out an
> updated fam15h container.
> >
> > Thanks I have seen the patch. However it still contains "old"
> > microcode from 2012, patch level 0x06001119. Do you plan to update it to
> 0x0600111f, which will support IBPB?
> >
> > Thanks
> > Rudolf
> >
> >
> 
> > I noticed in commit [1], that 0x00610f01 microcode is removed
> > completely. It has only entry in the equivalence table, but the actual
> microcode is gone. As this update fixes important errata (and it was latest
> supported microcode officially released), what is the reason behind that?
> >
> > Maybe it is a mistake? Or new microcode will be provided? I seen in
> > the wild one with patch level 0x0600111f, but it does not seem to be
> available?
> >
> > Please can someone throw some light on that?
> >
> > Many thanks
> > Rudolf
> >
> >
> > [1]
> > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmwar
> > e.git/commit/amd-
> ucode/microcode_amd_fam15h.bin?id=77101513943ef198e20
> > 50667c87abf19e6cbb1d8

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-06-05 14:27         ` Hurwitz, Sherry
@ 2018-06-05 17:55           ` Rudolf Marek
  2018-09-01 15:46           ` Rudolf Marek
  1 sibling, 0 replies; 9+ messages in thread
From: Rudolf Marek @ 2018-06-05 17:55 UTC (permalink / raw)
  To: Hurwitz, Sherry, Henrique de Moraes Holschuh, Ivan Ivanov
  Cc: Josh Boyer, Linux Firmware, Linux-Kernel@Vger. Kernel. Org,
	Suthikulpanit, Suravee, Lendacky, Thomas, Grimm, Jon

Hi Sherry,

Many thanks for your efforts. Are there any technical restriction(s) of why the OS bundled updates are not the latest available
version? I think we can't count much on hardware vendors to release microcode updates in the BIOS in the timely manner. I also
think especially for older families that BIOS updates won't be ever released. It is in the public interest 
to always have latest update available - and it is also in line with AMD phrase "At AMD, security is a top priority".

Please consider having the latest microcode version available for OS updates too.

I would also appreciate of having the latest microcode available for the coreboot.org project.

Many thanks
Rudolf

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-06-05 14:27         ` Hurwitz, Sherry
  2018-06-05 17:55           ` Rudolf Marek
@ 2018-09-01 15:46           ` Rudolf Marek
  2018-09-01 17:09             ` Rudolf Marek
  1 sibling, 1 reply; 9+ messages in thread
From: Rudolf Marek @ 2018-09-01 15:46 UTC (permalink / raw)
  To: Hurwitz, Sherry, Henrique de Moraes Holschuh, Ivan Ivanov
  Cc: Josh Boyer, Linux Firmware, Linux-Kernel@Vger. Kernel. Org,
	Suthikulpanit, Suravee, Lendacky, Thomas, Grimm, Jon

Hi Sherry,

Dne 5.6.2018 v 16:27 Hurwitz, Sherry napsal(a):
> Hi Rudolf, I have been investigating the status with the AMD release
> management, but I have not been given approval to publish any other
> microcode.  I have been trying to track down why there might be a
> version in the wild that I have not been given for public publishing.
> It might have come from a BIOS update and not a OS microcode load but

Yes exactly. Why this exists? Is there some technical restriction that will prevent
microcode loading just in Linux? I think it would be beneficial to have at least
the IBPB protection in place via microcode updates.

> I don't have the definitive details on that either.  I will publish
> whatever is released to me as soon as possible.

Any news on this? The family 15h microcode revision provided for Linux is 0x06001119 but I know that 0x0600111f
exists, which provides the IBPB.

Btw I also think that Family 17h (0x00800F11) Linux microcode update has a same problem.

It does not include IBPB support right? It is included in the "BIOS" only microcode revision 0x08001137.

Thanks,
Rudolf

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: [PATCH 1/1] Update AMD cpu microcode for family 15h
  2018-09-01 15:46           ` Rudolf Marek
@ 2018-09-01 17:09             ` Rudolf Marek
  0 siblings, 0 replies; 9+ messages in thread
From: Rudolf Marek @ 2018-09-01 17:09 UTC (permalink / raw)
  To: Hurwitz, Sherry, Henrique de Moraes Holschuh, Ivan Ivanov
  Cc: Josh Boyer, Linux Firmware, Linux-Kernel@Vger. Kernel. Org,
	Suthikulpanit, Suravee, Lendacky, Thomas, Grimm, Jon

Hi again,

Here is a short summary of what is missing in the microcode containers [1] [2]. I only included AMD family 15h and 17h.
Similar could be done for Intel CPUs. 

I do believe having a latest microcode is a vital for the userspace security because it provides
IBPB barrier.

Family 15h [1] container parsed with [4] (with some lines omitted)

-- Processor Signature:       : 0x00600f20
-- Processor Revision ID:     : 0x00006020

-- Processor Signature:       : 0x00610f01
-- Processor Revision ID:     : 0x00006101

-- Processor Signature:       : 0x00600f12
-- Processor Revision ID:     : 0x00006012

Contains following microcodes:

| # | eqrev| urev     |    date    | latest|
| 1 | 6012 | 0600063E | 2018/02/07 |  yes  |
| 2 | 6020 | 06000852 | 2018/02/06 |  yes  |
| 3 | 6101 | 06001119 | 2012/07/13 |  no   |

Note the #3 is what I have been complaining about.

Family 17h [2] parsed with [4]

The container seems to include the equivalent versions for various CPUs (not even a family17h) but only a microcode for a "Naples/EPYC" chips.

Container Processor Signature Table: 
-- Processor Signature:       : 0x00600f20 (not even a fam17h)
-- Processor Revision ID:     : 0x00006020

-- Processor Signature:       : 0x00610f01 (not even a fam17h)
-- Processor Revision ID:     : 0x00006101

-- Processor Signature:       : 0x00700f01 (not even a fam17h)
-- Processor Revision ID:     : 0x00007001

-- Processor Signature:       : 0x00800f12 (update is OK)
-- Processor Revision ID:     : 0x00008012

-- Processor Signature:       : 0x00800f11 (update is missing!)
-- Processor Revision ID:     : 0x00008011

-- Processor Signature:       : 0x00600f12 (not even a fam17h)
-- Processor Revision ID:     : 0x00006012

-- Processor Signature:       : 0x00800f13 (future CPU?)
-- Processor Revision ID:     : 0x00008013

-- Processor Signature:       : 0x00800f00 (perhaps ES?)
-- Processor Revision ID:     : 0x00008000

Microcode Type:               : 0x00000001
Microcode Size:               : 0x00000c80
Date                          : 2018/02/09
Patch ID                      : 0x08001227
Patch Data ID                 : 0x00008004

| # | eqrev| urev     |    date    | latest|
| 1 | 8004 | 08001227 | 2018/02/09 | yes   |

It misses microcode update for 00800F11 - latest known should be 2018/02/14 and for other CPUs like Pinacle Ridge 00800F82 - latest known should be 2018/02/12
Or Ryzen mobile 00810F10 etc...

Thanks
Rudolf

Resources used to construct this tables:

[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/microcode_amd_fam15h.bin
[2] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode/microcode_amd_fam17h.bin
[3] http://users.atw.hu/instlatx64/
[4] https://github.com/ddcc/microparse


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2018-09-01 17:10 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-25  1:57 [PATCH 1/1] Update AMD cpu microcode for family 15h Sherry Hurwitz
2018-05-25 12:10 ` Josh Boyer
2018-05-30 14:16   ` Ivan Ivanov
2018-05-31 22:05     ` Henrique de Moraes Holschuh
2018-06-04 19:27       ` Rudolf Marek
2018-06-05 14:27         ` Hurwitz, Sherry
2018-06-05 17:55           ` Rudolf Marek
2018-09-01 15:46           ` Rudolf Marek
2018-09-01 17:09             ` Rudolf Marek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).