[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 3.2.0.150.164

---
linux-meta (3.2.0.150.164) precise; urgency=medium

  * Bump ABI 3.2.0-150

 -- Thadeu Lima de Souza Cascardo   Mon, 05 Apr
2021 15:02:41 -0300

** Changed in: linux-meta (Ubuntu Precise)
   Status: Won't Fix => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  Fix Released
Status in linux-meta-hwe-edge package in Ubuntu:
  Fix Released
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  Fix Released
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Released
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Marc Deslauriers]

** Changed in: linux-meta (Ubuntu Precise)
   Status: New => Won't Fix

** Changed in: linux-meta-hwe (Ubuntu)
   Status: New => Fix Released

** Changed in: linux-meta-hwe-edge (Ubuntu)
   Status: New => Fix Released

** Changed in: linux-meta-lts-xenial (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  Fix Released
Status in linux-meta-hwe-edge package in Ubuntu:
  Fix Released
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  Won't Fix
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Released
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[lee berry]

This microcode forced update bricked my Samsung APU until I could flash
the bios back using DOS to a clear flag state. This should be down-
graded until better ucode tools are available. It fails on AMD-K1-1500
APU and AMD-A12 with Radeon ATI GPUs. I was forced to downgrade to
x32-bit machine just to fix this. It also locks up the USB-ports making
them unusable for reboot over USB. This leaves most users confused.
(amd64 ucode 3.20180524.1) why is this update also on my Intel machines?

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Alexey]

+1 to @explorer09.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Explorer09]

Look like my comment gets ignored.
In short: Please revert this and fix it properly. Don't let linux-image-generic 
package depend on amd64-microcode or intel-microcode! Change the relationship 
to "Recommends" instead!

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.15.0.23.25

---
linux-meta (4.15.0.23.25) bionic; urgency=medium

  * Need to ensure microcode updates are available to all bare-metal installs
of Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

linux-meta (4.15.0.23.24) bionic; urgency=medium

  * Bump ABI 4.15.0-23

 -- Stefan Bader   Wed, 30 May 2018 17:35:06
+0200

** Changed in: linux-meta (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Richard Laager]

@sdeziel, I agree 100%.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.15.0.23.25

---
linux-meta (4.15.0.23.25) bionic; urgency=medium

  * Need to ensure microcode updates are available to all bare-metal installs
of Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

linux-meta (4.15.0.23.24) bionic; urgency=medium

  * Bump ABI 4.15.0-23

 -- Stefan Bader   Wed, 30 May 2018 17:35:06
+0200

** Changed in: linux-meta (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

** Changed in: linux-meta (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.15.0.23.25

---
linux-meta (4.15.0.23.25) bionic; urgency=medium

  * Need to ensure microcode updates are available to all bare-metal installs
of Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

linux-meta (4.15.0.23.24) bionic; urgency=medium

  * Bump ABI 4.15.0-23

 -- Stefan Bader   Wed, 30 May 2018 17:35:06
+0200

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Simon Déziel]

@rlaager, for the VM case, considering that QEMU/KVM only supports a few
watchdog devices, I think it would make sense to ship this i6300esb
driver in linux-image-virtual directly.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Committed

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Richard Laager]

This is particularly annoying for me too.

All of my virtual machines use linux-image-generic because I need linux-
image-extra to get the i6300esb watchdog driver for the KVM watchdog.
This change forces the amd64-microcode and intel-microcode packages to
be installed on all of my VMs.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Committed

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[EdLesMann]

Agree with Explorer09. Why are my Intel systems now getting AMD
microcode packages and why are my AMD systems getting Intel microcode
packages?? This is a bug.

I would rather it see that I already have one of them installed that
matches my CPU and call it good. If that isn't an option, then just a
recommends.

In the meantime, I just blocked these meta packages from updating on my
systems.

Thanks.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Committed

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Stefan Bader]

** Changed in: linux-meta (Ubuntu Bionic)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Committed

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Explorer09]

Um, excuse me. When I check the updates on my Ubuntu Trusty machine, I
found out it now asks for new install of the amd64-microcode package.
May I ask why? My CPU is not AMD's but Intel's, and it seems that
amd64-microcode had no use for me. Why does the linux-image-generic
package hard depend on it?

This way when I have linux-image-generic just for wish for the kernel
update, a useless package is installed on me. I mean, wouldn't that be
better if linux-image-generic just "Recommends" the microcode package,
without "Depending" on it?

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-oem - 4.13.0.1028.33

---
linux-meta-oem (4.13.0.1028.33) xenial; urgency=medium

  * Bump ABI 4.13.0-1028

linux-meta-oem (4.13.0.1027.32) xenial; urgency=medium

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

linux-meta-oem (4.13.0.1027.31) xenial; urgency=medium

  * Bump ABI 4.13.0-1027

 -- Stefan Bader   Fri, 18 May 2018 10:17:58
+0200

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-oem - 4.15.0.1006.8

---
linux-meta-oem (4.15.0.1006.8) bionic; urgency=medium

  * Bump ABI 4.15.0-1006

linux-meta-oem (4.15.0.1005.7) bionic; urgency=medium

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

linux-meta-oem (4.15.0.1005.6) bionic; urgency=medium

  * Bump ABI 4.15.0-1005

 -- Stefan Bader   Fri, 18 May 2018 09:13:24
+0200

** Changed in: linux-meta-oem (Ubuntu)
   Status: Invalid => Fix Released

** Changed in: linux-meta-oem (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Released
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-hwe - 4.13.0.41.60

---
linux-meta-hwe (4.13.0.41.60) xenial; urgency=medium

  * Bump ABI 4.13.0-41

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta-hwe (4.13.0.40.59) xenial; urgency=medium

  * Bump ABI 4.13.0-40

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Kleber Sacilotto de Souza   Thu, 03 May
2018 11:35:12 +0200

** Changed in: linux-meta (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.13.0.41.44

---
linux-meta (4.13.0.41.44) artful; urgency=medium

  * Bump ABI 4.13.0-41

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (4.13.0.40.43) artful; urgency=medium

  * Bump ABI 4.13.0-40

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Kleber Sacilotto de Souza   Wed, 02 May
2018 12:46:37 +0200

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.124.104

---
linux-meta-lts-xenial (4.4.0.124.104) trusty; urgency=medium

  * Bump ABI 4.4.0-124

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

 -- Stefan Bader   Thu, 03 May 2018 09:17:50
+0200

** Changed in: linux-meta (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 3.13.0.147.157

---
linux-meta (3.13.0.147.157) trusty; urgency=medium

  * Bump ABI 3.13.0-147

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (3.13.0.146.156) trusty; urgency=medium

  * Bump ABI 3.13.0-146

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Kleber Sacilotto de Souza   Wed, 02 May
2018 17:09:27 +0200

** Changed in: linux-meta (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** Changed in: linux-meta (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.4.0.124.130

---
linux-meta (4.4.0.124.130) xenial; urgency=medium

  * Bump ABI 4.4.0-124

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

 -- Stefan Bader   Wed, 02 May 2018 14:28:37
+0200

** Changed in: linux-meta (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.124.104

---
linux-meta-lts-xenial (4.4.0.124.104) trusty; urgency=medium

  * Bump ABI 4.4.0-124

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

 -- Stefan Bader   Thu, 03 May 2018 09:17:50
+0200

** Changed in: linux-meta-lts-xenial (Ubuntu)
   Status: Invalid => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 3.13.0.147.157

---
linux-meta (3.13.0.147.157) trusty; urgency=medium

  * Bump ABI 3.13.0-147

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (3.13.0.146.156) trusty; urgency=medium

  * Bump ABI 3.13.0-146

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Kleber Sacilotto de Souza   Wed, 02 May
2018 17:09:27 +0200

** Changed in: linux-meta-lts-xenial (Ubuntu)
   Status: Invalid => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.13.0.41.44

---
linux-meta (4.13.0.41.44) artful; urgency=medium

  * Bump ABI 4.13.0-41

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (4.13.0.40.43) artful; urgency=medium

  * Bump ABI 4.13.0-40

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Kleber Sacilotto de Souza   Wed, 02 May
2018 12:46:37 +0200

** Changed in: linux-meta (Ubuntu Artful)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.4.0.124.130

---
linux-meta (4.4.0.124.130) xenial; urgency=medium

  * Bump ABI 4.4.0-124

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

 -- Stefan Bader   Wed, 02 May 2018 14:28:37
+0200

** Changed in: linux-meta-hwe (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-hwe - 4.13.0.41.60

---
linux-meta-hwe (4.13.0.41.60) xenial; urgency=medium

  * Bump ABI 4.13.0-41

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta-hwe (4.13.0.40.59) xenial; urgency=medium

  * Bump ABI 4.13.0-40

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Kleber Sacilotto de Souza   Thu, 03 May
2018 11:35:12 +0200

** Changed in: linux-meta-hwe (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-hwe-edge - 4.15.0.20.42

---
linux-meta-hwe-edge (4.15.0.20.42) xenial; urgency=medium

  * Fix transitional linux-signed* packages to use the proper suffix.

linux-meta-hwe-edge (4.15.0.20.41) xenial; urgency=medium

  * Bump ABI 4.15.0-20

  * signing: only install a signed kernel (LP: #1764794)
- switch to linux-image as signed when available
- convert linux-signed* into transitional packages

  * need to ensure microcode updates are available to all bare-metal installs of
Ubuntu (LP: #1738259)
- Make kernel image packages depend on cpu microcode updates

 -- Thadeu Lima de Souza Cascardo   Wed, 25 Apr
2018 08:51:35 -0300

** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Invalid
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Committed
Status in linux-meta source package in Xenial:
  Fix Committed
Status in linux-meta-hwe source package in Xenial:
  Fix Committed
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Committed
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Timo Aaltonen]

** Also affects: linux-meta-oem (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: linux-meta-oem (Ubuntu)
   Status: New => Invalid

** Changed in: linux-meta-oem (Ubuntu Xenial)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Invalid
Status in linux-meta-oem package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Committed
Status in linux-meta source package in Xenial:
  Fix Committed
Status in linux-meta-hwe source package in Xenial:
  Fix Committed
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Committed
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta-oem source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Committed
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Stefan Bader]

linux-meta-lts-xenial should be nominated for trusty, not xenial

** Changed in: linux-meta (Ubuntu Artful)
   Status: Triaged => Fix Committed

** Changed in: linux-meta (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux-meta (Ubuntu Xenial)
   Status: Triaged => Fix Committed

** Changed in: linux-meta (Ubuntu Artful)
   Importance: Undecided => Medium

** Changed in: linux-meta-hwe (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux-meta-hwe (Ubuntu Xenial)
   Status: Triaged => Fix Committed

** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
   Status: Triaged => Fix Committed

** Changed in: linux-meta-lts-xenial (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux-meta-lts-xenial (Ubuntu Xenial)
   Status: New => Fix Committed

** Changed in: linux-meta-lts-xenial (Ubuntu)
   Status: Triaged => Invalid

** Changed in: linux-meta (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: linux-meta (Ubuntu Trusty)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Invalid
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Committed
Status in linux-meta source package in Xenial:
  Fix Committed
Status in linux-meta-hwe source package in Xenial:
  Fix Committed
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Committed
Status in linux-meta-lts-xenial source package in Xenial:
  Fix Committed
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Committed
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Steve Langasek]

** Changed in: linux-meta (Ubuntu Artful)
   Status: Fix Released => Triaged

** Changed in: linux-meta (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux-meta (Ubuntu Trusty)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Triaged
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Triaged
Status in linux-meta source package in Xenial:
  Triaged
Status in linux-meta-hwe source package in Xenial:
  Triaged
Status in linux-meta-hwe-edge source package in Xenial:
  Triaged
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Triaged
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Steve Langasek]

Indeed, this was reverted and does not appear to have re-landed yet;
resetting the bug state.

** Changed in: linux-meta-lts-xenial (Ubuntu)
   Status: Fix Released => Triaged

** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux-meta-hwe (Ubuntu Xenial)
   Status: Fix Released => Triaged

** Changed in: linux-meta (Ubuntu Bionic)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Triaged
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Triaged
Status in linux-meta-hwe-edge source package in Xenial:
  Triaged
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[dino99]

Zesty EOL reached

** Changed in: linux-meta (Ubuntu Zesty)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  Invalid
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Doug McMahon]

How can this be marked as various "Fix Released" when the kernel depend was 
reverted??
Also note that ubuntu-drivers-common removed the micocode detection based on 
these so-called changes.

** Tags added: reverted

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Francis Ginther]

** Tags added: id-5a20305cc21096d164992af9

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.13.0.32.34

---
linux-meta (4.13.0.32.34) artful; urgency=medium

  * Bump ABI 4.13.0-32

 -- Stefan Bader   Thu, 25 Jan 2018 09:43:53
+0100

** Changed in: linux-meta (Ubuntu Bionic)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Fix Released
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Fix Released

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-hwe-edge - 4.13.0.31.33

---
linux-meta-hwe-edge (4.13.0.31.33) xenial; urgency=medium

  * Bump ABI 4.13.0-31

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta-hwe-edge (4.13.0.25.32) xenial; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Marcelo Henrique Cerri   Fri, 19 Jan
2018 14:54:30 -0200

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-hwe-edge - 4.13.0.31.33

---
linux-meta-hwe-edge (4.13.0.31.33) xenial; urgency=medium

  * Bump ABI 4.13.0-31

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta-hwe-edge (4.13.0.25.32) xenial; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Marcelo Henrique Cerri   Fri, 19 Jan
2018 14:54:30 -0200

** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
   Status: New => Fix Released

** Changed in: linux-meta-hwe-edge (Ubuntu Xenial)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  Fix Released
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.111.95

---
linux-meta-lts-xenial (4.4.0.111.95) trusty; urgency=medium

  * Bump ABI 4.4.0-111

linux-meta-lts-xenial (4.4.0.110.94) trusty; urgency=medium

  * Bump ABI 4.4.0-110

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta-lts-xenial (4.4.0.109.93) trusty; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Kleber Sacilotto de Souza   Mon, 15 Jan
2018 16:22:12 +0100

** Changed in: linux-meta-lts-xenial (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 4.4.0.112.118

---
linux-meta (4.4.0.112.118) xenial; urgency=medium

  * Bump ABI 4.4.0-112

linux-meta (4.4.0.111.117) xenial; urgency=medium

  * Bump ABI 4.4.0-111

linux-meta (4.4.0.110.116) xenial; urgency=medium

  * Bump ABI 4.4.0-110

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (4.4.0.109.115) xenial; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Stefan Bader   Fri, 19 Jan 2018 11:20:51
+0100

** Changed in: linux-meta (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 3.13.0.141.151

---
linux-meta (3.13.0.141.151) trusty; urgency=medium

  * Bump ABI 3.13.0-141

linux-meta (3.13.0.140.150) trusty; urgency=medium

  * Bump ABI 3.13.0-140

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (3.13.0.139.149) trusty; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Stefan Bader   Fri, 19 Jan 2018 13:38:42
+0100

** Changed in: linux-meta (Ubuntu Trusty)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta - 3.13.0.141.151

---
linux-meta (3.13.0.141.151) trusty; urgency=medium

  * Bump ABI 3.13.0-141

linux-meta (3.13.0.140.150) trusty; urgency=medium

  * Bump ABI 3.13.0-140

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta (3.13.0.139.149) trusty; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Stefan Bader   Fri, 19 Jan 2018 13:38:42
+0100

** Changed in: linux-meta-hwe (Ubuntu Xenial)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-lts-xenial - 4.4.0.111.95

---
linux-meta-lts-xenial (4.4.0.111.95) trusty; urgency=medium

  * Bump ABI 4.4.0-111

linux-meta-lts-xenial (4.4.0.110.94) trusty; urgency=medium

  * Bump ABI 4.4.0-110

  * Miscellaneous upstream changes
- Revert "UBUNTU: Make kernel image packages depend on cpu microcode 
updates"

linux-meta-lts-xenial (4.4.0.109.93) trusty; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Kleber Sacilotto de Souza   Mon, 15 Jan
2018 16:22:12 +0100

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Launchpad Bug Tracker]

This bug was fixed in the package linux-meta-hwe - 4.13.0.31.51

---
linux-meta-hwe (4.13.0.31.51) xenial; urgency=medium

  * Bump ABI 4.13.0-31

linux-meta-hwe (4.13.0.30.50) xenial; urgency=medium

  * Bump ABI 4.13.0-30

linux-meta-hwe (4.13.0.29.49) xenial; urgency=medium

  * Remove dependency on the cpu microcode updates. (LP: #1738259)

linux-meta-hwe (4.13.0.29.48) xenial; urgency=medium

  * Bump ABI 4.13.0-29

linux-meta-hwe (4.13.0.26.47) xenial; urgency=medium

  * Make the kernel image packages depend on the cpu microcode updates,
to ensure they are pulled into all host installs of Ubuntu on upgrade.
LP: #1738259.

 -- Marcelo Henrique Cerri   Fri, 19 Jan
2018 14:40:08 -0200

** Changed in: linux-meta-lts-xenial (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  Fix Released
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  Fix Released
Status in linux-meta source package in Xenial:
  Fix Released
Status in linux-meta-hwe source package in Xenial:
  Fix Released
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  Fix Released
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Marc Deslauriers]

There are microcode packages available in the security team PPA here:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

They will be published today or tomorrow once we get the corresponding
linux-meta packages.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  New
Status in linux-meta source package in Xenial:
  Triaged
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  New
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Norbert]

Intel released microcode updates 
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
 
I think all microcode-20180108.tgz needs critically fast SRU.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  New
Status in linux-meta source package in Xenial:
  Triaged
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  New
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Joseph Salisbury]

** Tags added: kernel-da-key

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  New
Status in linux-meta source package in Xenial:
  Triaged
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  New
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Steve Langasek]

** Changed in: linux-meta (Ubuntu Xenial)
   Status: Incomplete => Triaged

** Changed in: linux-meta (Ubuntu Bionic)
   Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Triaged
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  New
Status in linux-meta source package in Xenial:
  Triaged
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  New
Status in linux-meta source package in Bionic:
  Triaged

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Steve Langasek]

** Package changed: linux (Ubuntu Bionic) => linux-meta (Ubuntu Bionic)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux-meta package in Ubuntu:
  Incomplete
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux-meta source package in Precise:
  New
Status in linux-meta source package in Trusty:
  New
Status in linux-meta source package in Xenial:
  Incomplete
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux-meta source package in Zesty:
  New
Status in linux-meta source package in Artful:
  New
Status in linux-meta source package in Bionic:
  Incomplete

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Ubuntu Kernel Bot]

** Package changed: linux-meta (Ubuntu) => linux (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux package in Ubuntu:
  New
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux source package in Precise:
  New
Status in linux source package in Trusty:
  New
Status in linux source package in Xenial:
  New
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux source package in Zesty:
  New
Status in linux source package in Artful:
  New
Status in linux source package in Bionic:
  New

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1738259] Re: need to ensure microcode updates are available to all bare-metal installs of Ubuntu

[Steve Langasek]

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1738259

Title:
  need to ensure microcode updates are available to all bare-metal
  installs of Ubuntu

Status in linux package in Ubuntu:
  New
Status in linux-meta-hwe package in Ubuntu:
  New
Status in linux-meta-hwe-edge package in Ubuntu:
  New
Status in linux-meta-lts-xenial package in Ubuntu:
  New
Status in linux source package in Precise:
  New
Status in linux source package in Trusty:
  New
Status in linux source package in Xenial:
  New
Status in linux-meta-hwe source package in Xenial:
  New
Status in linux-meta-hwe-edge source package in Xenial:
  New
Status in linux-meta-lts-xenial source package in Xenial:
  New
Status in linux source package in Zesty:
  New
Status in linux source package in Artful:
  New
Status in linux source package in Bionic:
  New

Bug description:
  From time to time, CPU vendors release updates to microcode that can
  be loaded into the CPU from the OS.  For x86, we have these updates
  available in the archive as amd64-microcode and intel-microcode.

  Sometimes, these microcode updates have addressed security issues with
  the CPU.  They almost certainly will again in the future.

  We should ensure that all users of Ubuntu on baremetal x86 receive
  these security updates, and have them applied to the CPU in early boot
  where at all feasible.

  Because these are hardware-dependent packages which we don't want to
  install except on baremetal (so: not in VMs or containers), the
  logical place to pull them into the system is via the kernel, so that
  only the kernel baremetal flavors pull them in.  This is analogous to
  linux-firmware, which is already a dependency of the linux-
  image-{lowlatency,generic} metapackages, and whose contents are
  applied to the hardware by the kernel similar to microcode.

  So, please update the linux-image-{lowlatency,generic} metapackages to
  add a dependency on amd64-microcode [amd64], intel-microcode [amd64],
  and the corresponding hwe metapackages also.

  Please time this change to coincide with the next updates of the
  microcode packages in the archive.

  I believe we will also need to promote the *-microcode packages to
  main from restricted as part of this (again, by analogy with linux-
  firmware).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1738259/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp