On Sat, Dec 7, 2019 at 7:22 PM Adam Carter <adamcart...@gmail.com> wrote: > > On Sun, Dec 8, 2019 at 9:39 AM Daniel Frey <djqf...@gmail.com> wrote: >> >> Does anyone know of a list of microcode versions? > > I dont know, so i just use the ~amd64 linux-firmware version. For my 3900X > its currently; > microcode: CPU0: patch_level=0x08701013 > > The last update came through in October; > firmware-md5s-2019-09-09.txt:fef89be989f6a160b340027a24cd0a16 > /lib/firmware/amd-ucode/microcode_amd_fam17h.bin > firmware-md5s-2019-09-25.txt:fef89be989f6a160b340027a24cd0a16 > /lib/firmware/amd-ucode/microcode_amd_fam17h.bin > firmware-md5s-2019-10-23.txt:a30e5f81d37ed38faf039b75bc376197 > /lib/firmware/amd-ucode/microcode_amd_fam17h.bin > firmware-md5s-2019-11-12.txt:a30e5f81d37ed38faf039b75bc376197 > /lib/firmware/amd-ucode/microcode_amd_fam17h.bin >
AMD's documentation is pretty terrible on this front. I don't think they actually release the microcode binaries anywhere officially. It seems like they patch them through windows, and these versions end up floating around (probably via enterprise support contracts), and then somebody snags one and sticks it in the linux-firmware package. Oh, and there is basically zero official info as far as a changelog goes. So, if you want to know if some particular version addresses some particular CVE you're just going to have to trust whatever somebody said on lkml or on some random internet forum. These aren't even linux-specific drivers. They're just microcode blobs. Nobody but AMD can create them or work on them. The least AMD could do is stick them on their website along with official hashes and release notes. I'm sure the linux-firmware maintainers know what they're doing and do the necessary detective work to ensure nothing gets missing, but something like this should really have formal vendor support. -- Rich
