There has been no further feedback from other members of the SRU team (neither in this bug nor in the ubuntu-release@ ML thread). In order to make progress I'm proceeding with my decision as the position of the SRU team. We can re-evaluate if new technical considerations come to light, or if others in the SRU team or TB want to interject.
On this basis we are not proceeding with xnox's backports for Xenial and Yakkety, since they change more than just the microcode. xnox's Zesty upload I reluctantly accept. It doesn't introduce any packaging changes (as it's close enough to the latest in Artful and in Debian sid) so I concede that it cannot introduce any additional regression risk over just a blob update. It is stylistically a backport though (eg. changelog, version string), rather than a blob update, so will end up looking different from Xenial and Yakkety if X and Y do get blob-only updates in the end. I don't like this, but as xnox has pointed out pushing the update to Zesty will help with phasing the update to mitigate risk to users, so I am accepting it. Please note that packages in Ubuntu are team maintained. As xnox has unassigned himself for now, I'll seek another developer to prepare the updates for Xenial and Yakkety. I would do it myself, but I'm not supposed to wear both hats. Once we have another developer looking at this, we can examine the Trusty situation and make a decision about Trusty. ** Description changed: [Impact] * A security fix has been made available as part of intel-microcode * It is advisable to apply it * Thus an SRU of the latest intel-microcode is desirable for all stable releases [Test Case] * Upgrade intel-microcode package, if it is already installed / one is running on Intel CPUs * Reboot and verify no averse results, and/or that microcode for your cpu was loaded by expecting [Test case reporting] * Please paste the output of: dpkg-query -W intel-microcode + grep -E 'model|stepping' /proc/cpuinfo | sort -u journalctl -k | grep microcode [Regression Potential] Microcode are proprietary blobs, and can cause any number of new errors and regressions. Microcode bugs have been reported before, therefore longer than usual phasing and monitoring of intel-microcode bugs should be done with extra care. [Original bug report] NB: I am *not* directly affected by this bug. Henrique emailed a warning to Debian devel today [1] on a potentially serious issue with (sky|kaby)lake processors. Excerpt: "This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix." It is probably a good idea to: (1) issue a warning to our users about this; (2) update intel-microcode on all our supported releases I leave the discussion on whether this can have security implications to others. [1] https://lists.debian.org/debian-devel/2017/06/msg00308.html ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: intel-microcode 3.20161104.1 ProcVersionSignature: Ubuntu 4.10.0-24.28-generic 4.10.15 Uname: Linux 4.10.0-24-generic x86_64 ApportVersion: 2.20.4-0ubuntu4.1 Architecture: amd64 CurrentDesktop: Unity:Unity7 Date: Sun Jun 25 10:14:19 2017 InstallationDate: Installed on 2017-05-26 (30 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: intel-microcode UpgradeStatus: No upgrade log present (probably fresh install) ** Changed in: intel-microcode (Ubuntu Zesty) Status: Confirmed => Fix Committed ** Tags added: verification-needed verification-needed-zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700373 Title: Please update microcode to version 20170511 on all supported platforms To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1700373/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
