This bug was fixed in the package linux-meta-hwe-edge - 4.15.0.20.42
---------------
linux-meta-hwe-edge (4.15.0.20.42) xenial; urgency=medium
* Fix transitional linux-signed* packages to use the proper suffix.
linux-meta-hwe-edge (4.15.0.20.41) xenial; urgency=medium
* Bump ABI 4.15.0-20
* signing: only install a signed kernel (LP: #1764794)
- switch to linux-image as signed when available
- convert linux-signed* into transitional packages
* need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates
-- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Wed, 25 Apr
2018 08:51:35 -0300
** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259
Title:
need to ensure microcode updates are available to all bare-metal
installs of Ubuntu
Status in linux-meta package in Ubuntu:
Triaged
Status in linux-meta-hwe package in Ubuntu:
New
Status in linux-meta-hwe-edge package in Ubuntu:
New
Status in linux-meta-lts-xenial package in Ubuntu:
Invalid
Status in linux-meta-oem package in Ubuntu:
Invalid
Status in linux-meta source package in Precise:
New
Status in linux-meta source package in Trusty:
Fix Committed
Status in linux-meta source package in Xenial:
Fix Committed
Status in linux-meta-hwe source package in Xenial:
Fix Committed
Status in linux-meta-hwe-edge source package in Xenial:
Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
Fix Committed
Status in linux-meta-oem source package in Xenial:
Fix Committed
Status in linux-meta source package in Zesty:
Invalid
Status in linux-meta source package in Artful:
Fix Committed
Status in linux-meta source package in Bionic:
Triaged
Bug description:
From time to time, CPU vendors release updates to microcode that can
be loaded into the CPU from the OS. For x86, we have these updates
available in the archive as amd64-microcode and intel-microcode.
Sometimes, these microcode updates have addressed security issues with
the CPU. They almost certainly will again in the future.
We should ensure that all users of Ubuntu on baremetal x86 receive
these security updates, and have them applied to the CPU in early boot
where at all feasible.
Because these are hardware-dependent packages which we don't want to
install except on baremetal (so: not in VMs or containers), the
logical place to pull them into the system is via the kernel, so that
only the kernel baremetal flavors pull them in. This is analogous to
linux-firmware, which is already a dependency of the linux-
image-{lowlatency,generic} metapackages, and whose contents are
applied to the hardware by the kernel similar to microcode.
So, please update the linux-image-{lowlatency,generic} metapackages to
add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
and the corresponding hwe metapackages also.
Please time this change to coincide with the next updates of the
microcode packages in the archive.
I believe we will also need to promote the *-microcode packages to
main from restricted as part of this (again, by analogy with linux-
firmware).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
