[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 3.2.0.150.164 --- linux-meta (3.2.0.150.164) precise; urgency=medium * Bump ABI 3.2.0-150 -- Thadeu Lima de Souza Cascardo Mon, 05 Apr 2021 15:02:41 -0300 ** Changed in: linux-meta (Ubuntu Precise) Status: Won't Fix => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: Fix Released Status in linux-meta-hwe-edge package in Ubuntu: Fix Released Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: Fix Released Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Released Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Changed in: linux-meta (Ubuntu Precise) Status: New => Won't Fix ** Changed in: linux-meta-hwe (Ubuntu) Status: New => Fix Released ** Changed in: linux-meta-hwe-edge (Ubuntu) Status: New => Fix Released ** Changed in: linux-meta-lts-xenial (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: Fix Released Status in linux-meta-hwe-edge package in Ubuntu: Fix Released Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: Won't Fix Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Released Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This microcode forced update bricked my Samsung APU until I could flash the bios back using DOS to a clear flag state. This should be down- graded until better ucode tools are available. It fails on AMD-K1-1500 APU and AMD-A12 with Radeon ATI GPUs. I was forced to downgrade to x32-bit machine just to fix this. It also locks up the USB-ports making them unusable for reboot over USB. This leaves most users confused. (amd64 ucode 3.20180524.1) why is this update also on my Intel machines? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
+1 to @explorer09. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
Look like my comment gets ignored. In short: Please revert this and fix it properly. Don't let linux-image-generic package depend on amd64-microcode or intel-microcode! Change the relationship to "Recommends" instead! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.15.0.23.25 --- linux-meta (4.15.0.23.25) bionic; urgency=medium * Need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates linux-meta (4.15.0.23.24) bionic; urgency=medium * Bump ABI 4.15.0-23 -- Stefan Bader Wed, 30 May 2018 17:35:06 +0200 ** Changed in: linux-meta (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
@sdeziel, I agree 100%. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.15.0.23.25 --- linux-meta (4.15.0.23.25) bionic; urgency=medium * Need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates linux-meta (4.15.0.23.24) bionic; urgency=medium * Bump ABI 4.15.0-23 -- Stefan Bader Wed, 30 May 2018 17:35:06 +0200 ** Changed in: linux-meta (Ubuntu Bionic) Status: Fix Committed => Fix Released ** Changed in: linux-meta (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.15.0.23.25 --- linux-meta (4.15.0.23.25) bionic; urgency=medium * Need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates linux-meta (4.15.0.23.24) bionic; urgency=medium * Bump ABI 4.15.0-23 -- Stefan Bader Wed, 30 May 2018 17:35:06 +0200 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
@rlaager, for the VM case, considering that QEMU/KVM only supports a few watchdog devices, I think it would make sense to ship this i6300esb driver in linux-image-virtual directly. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Committed Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This is particularly annoying for me too. All of my virtual machines use linux-image-generic because I need linux- image-extra to get the i6300esb watchdog driver for the KVM watchdog. This change forces the amd64-microcode and intel-microcode packages to be installed on all of my VMs. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Committed Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
Agree with Explorer09. Why are my Intel systems now getting AMD microcode packages and why are my AMD systems getting Intel microcode packages?? This is a bug. I would rather it see that I already have one of them installed that matches my CPU and call it good. If that isn't an option, then just a recommends. In the meantime, I just blocked these meta packages from updating on my systems. Thanks. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Committed Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Changed in: linux-meta (Ubuntu Bionic) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Committed Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
Um, excuse me. When I check the updates on my Ubuntu Trusty machine, I found out it now asks for new install of the amd64-microcode package. May I ask why? My CPU is not AMD's but Intel's, and it seems that amd64-microcode had no use for me. Why does the linux-image-generic package hard depend on it? This way when I have linux-image-generic just for wish for the kernel update, a useless package is installed on me. I mean, wouldn't that be better if linux-image-generic just "Recommends" the microcode package, without "Depending" on it? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-oem - 4.13.0.1028.33 --- linux-meta-oem (4.13.0.1028.33) xenial; urgency=medium * Bump ABI 4.13.0-1028 linux-meta-oem (4.13.0.1027.32) xenial; urgency=medium * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates linux-meta-oem (4.13.0.1027.31) xenial; urgency=medium * Bump ABI 4.13.0-1027 -- Stefan BaderFri, 18 May 2018 10:17:58 +0200 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-oem - 4.15.0.1006.8 --- linux-meta-oem (4.15.0.1006.8) bionic; urgency=medium * Bump ABI 4.15.0-1006 linux-meta-oem (4.15.0.1005.7) bionic; urgency=medium * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates linux-meta-oem (4.15.0.1005.6) bionic; urgency=medium * Bump ABI 4.15.0-1005 -- Stefan BaderFri, 18 May 2018 09:13:24 +0200 ** Changed in: linux-meta-oem (Ubuntu) Status: Invalid => Fix Released ** Changed in: linux-meta-oem (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Released Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-hwe - 4.13.0.41.60 --- linux-meta-hwe (4.13.0.41.60) xenial; urgency=medium * Bump ABI 4.13.0-41 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta-hwe (4.13.0.40.59) xenial; urgency=medium * Bump ABI 4.13.0-40 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Kleber Sacilotto de SouzaThu, 03 May 2018 11:35:12 +0200 ** Changed in: linux-meta (Ubuntu Artful) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.13.0.41.44 --- linux-meta (4.13.0.41.44) artful; urgency=medium * Bump ABI 4.13.0-41 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (4.13.0.40.43) artful; urgency=medium * Bump ABI 4.13.0-40 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Kleber Sacilotto de SouzaWed, 02 May 2018 12:46:37 +0200 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.124.104 --- linux-meta-lts-xenial (4.4.0.124.104) trusty; urgency=medium * Bump ABI 4.4.0-124 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" -- Stefan BaderThu, 03 May 2018 09:17:50 +0200 ** Changed in: linux-meta (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 3.13.0.147.157 --- linux-meta (3.13.0.147.157) trusty; urgency=medium * Bump ABI 3.13.0-147 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (3.13.0.146.156) trusty; urgency=medium * Bump ABI 3.13.0-146 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Kleber Sacilotto de SouzaWed, 02 May 2018 17:09:27 +0200 ** Changed in: linux-meta (Ubuntu Trusty) Status: Fix Committed => Fix Released ** Changed in: linux-meta (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.4.0.124.130 --- linux-meta (4.4.0.124.130) xenial; urgency=medium * Bump ABI 4.4.0-124 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" -- Stefan BaderWed, 02 May 2018 14:28:37 +0200 ** Changed in: linux-meta (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.124.104 --- linux-meta-lts-xenial (4.4.0.124.104) trusty; urgency=medium * Bump ABI 4.4.0-124 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" -- Stefan BaderThu, 03 May 2018 09:17:50 +0200 ** Changed in: linux-meta-lts-xenial (Ubuntu) Status: Invalid => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 3.13.0.147.157 --- linux-meta (3.13.0.147.157) trusty; urgency=medium * Bump ABI 3.13.0-147 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (3.13.0.146.156) trusty; urgency=medium * Bump ABI 3.13.0-146 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Kleber Sacilotto de SouzaWed, 02 May 2018 17:09:27 +0200 ** Changed in: linux-meta-lts-xenial (Ubuntu) Status: Invalid => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.13.0.41.44 --- linux-meta (4.13.0.41.44) artful; urgency=medium * Bump ABI 4.13.0-41 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (4.13.0.40.43) artful; urgency=medium * Bump ABI 4.13.0-40 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Kleber Sacilotto de SouzaWed, 02 May 2018 12:46:37 +0200 ** Changed in: linux-meta (Ubuntu Artful) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.4.0.124.130 --- linux-meta (4.4.0.124.130) xenial; urgency=medium * Bump ABI 4.4.0-124 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" -- Stefan BaderWed, 02 May 2018 14:28:37 +0200 ** Changed in: linux-meta-hwe (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-hwe - 4.13.0.41.60 --- linux-meta-hwe (4.13.0.41.60) xenial; urgency=medium * Bump ABI 4.13.0-41 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta-hwe (4.13.0.40.59) xenial; urgency=medium * Bump ABI 4.13.0-40 * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Kleber Sacilotto de SouzaThu, 03 May 2018 11:35:12 +0200 ** Changed in: linux-meta-hwe (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-hwe-edge - 4.15.0.20.42 --- linux-meta-hwe-edge (4.15.0.20.42) xenial; urgency=medium * Fix transitional linux-signed* packages to use the proper suffix. linux-meta-hwe-edge (4.15.0.20.41) xenial; urgency=medium * Bump ABI 4.15.0-20 * signing: only install a signed kernel (LP: #1764794) - switch to linux-image as signed when available - convert linux-signed* into transitional packages * need to ensure microcode updates are available to all bare-metal installs of Ubuntu (LP: #1738259) - Make kernel image packages depend on cpu microcode updates -- Thadeu Lima de Souza CascardoWed, 25 Apr 2018 08:51:35 -0300 ** Changed in: linux-meta-hwe-edge (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Invalid Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Committed Status in linux-meta source package in Xenial: Fix Committed Status in linux-meta-hwe source package in Xenial: Fix Committed Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Committed Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Also affects: linux-meta-oem (Ubuntu) Importance: Undecided Status: New ** Changed in: linux-meta-oem (Ubuntu) Status: New => Invalid ** Changed in: linux-meta-oem (Ubuntu Xenial) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Invalid Status in linux-meta-oem package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Committed Status in linux-meta source package in Xenial: Fix Committed Status in linux-meta-hwe source package in Xenial: Fix Committed Status in linux-meta-hwe-edge source package in Xenial: Fix Committed Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta-oem source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Committed Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
linux-meta-lts-xenial should be nominated for trusty, not xenial ** Changed in: linux-meta (Ubuntu Artful) Status: Triaged => Fix Committed ** Changed in: linux-meta (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux-meta (Ubuntu Xenial) Status: Triaged => Fix Committed ** Changed in: linux-meta (Ubuntu Artful) Importance: Undecided => Medium ** Changed in: linux-meta-hwe (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux-meta-hwe (Ubuntu Xenial) Status: Triaged => Fix Committed ** Changed in: linux-meta-hwe-edge (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux-meta-hwe-edge (Ubuntu Xenial) Status: Triaged => Fix Committed ** Changed in: linux-meta-lts-xenial (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux-meta-lts-xenial (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: linux-meta-lts-xenial (Ubuntu) Status: Triaged => Invalid ** Changed in: linux-meta (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: linux-meta (Ubuntu Trusty) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Invalid Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Committed Status in linux-meta source package in Xenial: Fix Committed Status in linux-meta-hwe source package in Xenial: Fix Committed Status in linux-meta-hwe-edge source package in Xenial: Fix Committed Status in linux-meta-lts-xenial source package in Xenial: Fix Committed Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Committed Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Changed in: linux-meta (Ubuntu Artful) Status: Fix Released => Triaged ** Changed in: linux-meta (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux-meta (Ubuntu Trusty) Status: Fix Released => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Triaged Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Triaged Status in linux-meta source package in Xenial: Triaged Status in linux-meta-hwe source package in Xenial: Triaged Status in linux-meta-hwe-edge source package in Xenial: Triaged Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Triaged Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
Indeed, this was reverted and does not appear to have re-landed yet; resetting the bug state. ** Changed in: linux-meta-lts-xenial (Ubuntu) Status: Fix Released => Triaged ** Changed in: linux-meta-hwe-edge (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux-meta-hwe (Ubuntu Xenial) Status: Fix Released => Triaged ** Changed in: linux-meta (Ubuntu Bionic) Status: Fix Released => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Triaged Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Triaged Status in linux-meta-hwe-edge source package in Xenial: Triaged Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
Zesty EOL reached ** Changed in: linux-meta (Ubuntu Zesty) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: Invalid Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
How can this be marked as various "Fix Released" when the kernel depend was reverted?? Also note that ubuntu-drivers-common removed the micocode detection based on these so-called changes. ** Tags added: reverted -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Tags added: id-5a20305cc21096d164992af9 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.13.0.32.34 --- linux-meta (4.13.0.32.34) artful; urgency=medium * Bump ABI 4.13.0-32 -- Stefan BaderThu, 25 Jan 2018 09:43:53 +0100 ** Changed in: linux-meta (Ubuntu Bionic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Fix Released Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Fix Released Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-hwe-edge - 4.13.0.31.33 --- linux-meta-hwe-edge (4.13.0.31.33) xenial; urgency=medium * Bump ABI 4.13.0-31 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta-hwe-edge (4.13.0.25.32) xenial; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Marcelo Henrique CerriFri, 19 Jan 2018 14:54:30 -0200 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-hwe-edge - 4.13.0.31.33 --- linux-meta-hwe-edge (4.13.0.31.33) xenial; urgency=medium * Bump ABI 4.13.0-31 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta-hwe-edge (4.13.0.25.32) xenial; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Marcelo Henrique CerriFri, 19 Jan 2018 14:54:30 -0200 ** Changed in: linux-meta-hwe-edge (Ubuntu Xenial) Status: New => Fix Released ** Changed in: linux-meta-hwe-edge (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: Fix Released Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.111.95 --- linux-meta-lts-xenial (4.4.0.111.95) trusty; urgency=medium * Bump ABI 4.4.0-111 linux-meta-lts-xenial (4.4.0.110.94) trusty; urgency=medium * Bump ABI 4.4.0-110 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta-lts-xenial (4.4.0.109.93) trusty; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Kleber Sacilotto de SouzaMon, 15 Jan 2018 16:22:12 +0100 ** Changed in: linux-meta-lts-xenial (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 4.4.0.112.118 --- linux-meta (4.4.0.112.118) xenial; urgency=medium * Bump ABI 4.4.0-112 linux-meta (4.4.0.111.117) xenial; urgency=medium * Bump ABI 4.4.0-111 linux-meta (4.4.0.110.116) xenial; urgency=medium * Bump ABI 4.4.0-110 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (4.4.0.109.115) xenial; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Stefan BaderFri, 19 Jan 2018 11:20:51 +0100 ** Changed in: linux-meta (Ubuntu Trusty) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 3.13.0.141.151 --- linux-meta (3.13.0.141.151) trusty; urgency=medium * Bump ABI 3.13.0-141 linux-meta (3.13.0.140.150) trusty; urgency=medium * Bump ABI 3.13.0-140 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (3.13.0.139.149) trusty; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Stefan BaderFri, 19 Jan 2018 13:38:42 +0100 ** Changed in: linux-meta (Ubuntu Trusty) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta - 3.13.0.141.151 --- linux-meta (3.13.0.141.151) trusty; urgency=medium * Bump ABI 3.13.0-141 linux-meta (3.13.0.140.150) trusty; urgency=medium * Bump ABI 3.13.0-140 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta (3.13.0.139.149) trusty; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Stefan BaderFri, 19 Jan 2018 13:38:42 +0100 ** Changed in: linux-meta-hwe (Ubuntu Xenial) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.111.95 --- linux-meta-lts-xenial (4.4.0.111.95) trusty; urgency=medium * Bump ABI 4.4.0-111 linux-meta-lts-xenial (4.4.0.110.94) trusty; urgency=medium * Bump ABI 4.4.0-110 * Miscellaneous upstream changes - Revert "UBUNTU: Make kernel image packages depend on cpu microcode updates" linux-meta-lts-xenial (4.4.0.109.93) trusty; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Kleber Sacilotto de SouzaMon, 15 Jan 2018 16:22:12 +0100 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
This bug was fixed in the package linux-meta-hwe - 4.13.0.31.51 --- linux-meta-hwe (4.13.0.31.51) xenial; urgency=medium * Bump ABI 4.13.0-31 linux-meta-hwe (4.13.0.30.50) xenial; urgency=medium * Bump ABI 4.13.0-30 linux-meta-hwe (4.13.0.29.49) xenial; urgency=medium * Remove dependency on the cpu microcode updates. (LP: #1738259) linux-meta-hwe (4.13.0.29.48) xenial; urgency=medium * Bump ABI 4.13.0-29 linux-meta-hwe (4.13.0.26.47) xenial; urgency=medium * Make the kernel image packages depend on the cpu microcode updates, to ensure they are pulled into all host installs of Ubuntu on upgrade. LP: #1738259. -- Marcelo Henrique CerriFri, 19 Jan 2018 14:40:08 -0200 ** Changed in: linux-meta-lts-xenial (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: Fix Released Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: Fix Released Status in linux-meta source package in Xenial: Fix Released Status in linux-meta-hwe source package in Xenial: Fix Released Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: Fix Released Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
There are microcode packages available in the security team PPA here: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages They will be published today or tomorrow once we get the corresponding linux-meta packages. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: New Status in linux-meta source package in Xenial: Triaged Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: New Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
Intel released microcode updates https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File I think all microcode-20180108.tgz needs critically fast SRU. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: New Status in linux-meta source package in Xenial: Triaged Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: New Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Tags added: kernel-da-key -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: New Status in linux-meta source package in Xenial: Triaged Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: New Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Changed in: linux-meta (Ubuntu Xenial) Status: Incomplete => Triaged ** Changed in: linux-meta (Ubuntu Bionic) Status: Incomplete => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Triaged Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: New Status in linux-meta source package in Xenial: Triaged Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: New Status in linux-meta source package in Bionic: Triaged Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Package changed: linux (Ubuntu Bionic) => linux-meta (Ubuntu Bionic) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux-meta package in Ubuntu: Incomplete Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux-meta source package in Precise: New Status in linux-meta source package in Trusty: New Status in linux-meta source package in Xenial: Incomplete Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux-meta source package in Zesty: New Status in linux-meta source package in Artful: New Status in linux-meta source package in Bionic: Incomplete Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Package changed: linux-meta (Ubuntu) => linux (Ubuntu) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux package in Ubuntu: New Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: New Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux source package in Zesty: New Status in linux source package in Artful: New Status in linux source package in Bionic: New Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-meta in Ubuntu. https://bugs.launchpad.net/bugs/1738259 Title: need to ensure microcode updates are available to all bare-metal installs of Ubuntu Status in linux package in Ubuntu: New Status in linux-meta-hwe package in Ubuntu: New Status in linux-meta-hwe-edge package in Ubuntu: New Status in linux-meta-lts-xenial package in Ubuntu: New Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: New Status in linux-meta-hwe source package in Xenial: New Status in linux-meta-hwe-edge source package in Xenial: New Status in linux-meta-lts-xenial source package in Xenial: New Status in linux source package in Zesty: New Status in linux source package in Artful: New Status in linux source package in Bionic: New Bug description: From time to time, CPU vendors release updates to microcode that can be loaded into the CPU from the OS. For x86, we have these updates available in the archive as amd64-microcode and intel-microcode. Sometimes, these microcode updates have addressed security issues with the CPU. They almost certainly will again in the future. We should ensure that all users of Ubuntu on baremetal x86 receive these security updates, and have them applied to the CPU in early boot where at all feasible. Because these are hardware-dependent packages which we don't want to install except on baremetal (so: not in VMs or containers), the logical place to pull them into the system is via the kernel, so that only the kernel baremetal flavors pull them in. This is analogous to linux-firmware, which is already a dependency of the linux- image-{lowlatency,generic} metapackages, and whose contents are applied to the hardware by the kernel similar to microcode. So, please update the linux-image-{lowlatency,generic} metapackages to add a dependency on amd64-microcode [amd64], intel-microcode [amd64], and the corresponding hwe metapackages also. Please time this change to coincide with the next updates of the microcode packages in the archive. I believe we will also need to promote the *-microcode packages to main from restricted as part of this (again, by analogy with linux- firmware). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738259/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp