Bug#1101350: amd64-microcode: microcode update check keeps telling me I'm not using the latest microcode
Package: amd64-microcode
Version: 3.20250311.1
Followup-For: Bug #1101350
X-Debbugs-Cc: debian-amd64@lists.debian.org
Control: tags -1 patch
User: debian-amd64@lists.debian.org
Usertags: amd64
I'm in the same boat with the README + *.asc files that I have because I tend to go
for linux-firmware.git as /usr/lib/firmware directly.
To that end, I'm including a patch. I would have liked this more of a wish-list thing.
Since of course, this is not a problem with the package/hook itself. But it should make
the afromentioned off-label use more >fool-proof<. Please maintainer consider it :) .
Thank you!
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, powerpc
Kernel: Linux 6.17.0+ (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
amd64-microcode depends on no packages.
Versions of packages amd64-microcode recommends:
ii initramfs-tools 0.150
amd64-microcode suggests no packages.
-- no debconf information
From dc8fc10e04d28693a911de56117a23a5b5858a69 Mon Sep 17 00:00:00 2001
From: Christian Lamparter <chunkeey@gmail.com>
Date: Sun, 19 Oct 2025 10:22:45 +0200
Subject: [PATCH] initramfs.hook: only include microcode blobs into
early-initramfs.cpio
For testing, I use linux-firmware.git as /usr/lib/firmware and I ran
into the issue that the kernel's early microcode loader choked on the
ASCII armored signature verification files which are shipped in the
same directory by AMD... and as a result it aborts before loading the
microcode into the CPU (since it's an fam19 and is placed much futher
back in the early-initramfs.cpio file).
|
|[ 0.000000] microcode: CPU0, base_rev: 0xa601200
|[ 0.000000] microcode: Patch-ID 0x01000083: family: 0x10
|[...]
|[ 0.000000] microcode: Patch-ID 0x05000119: family: 0x14
|[ 0.000000] microcode: Invalid type field (0x2d2d2d2d) in container file section header.
|[ 0.000000] microcode: Invalid magic value (0x2d2d2d2d).
|[ 0.000000] Linux version 6.17.0+ (user@shift) (gcc (Debian 15.2.0-4) ...
|
The "Invalid type field (0x2d2d2d2d)" is the "----" from the
"-----BEGIN PGP SIGNATURE-----" string at the beginning of the file.
This isn't a problem if one uses the amd64-microcode, since it
only installs the microcode*.bin files into the directory.
---
debian/initramfs.hook | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/initramfs.hook b/debian/initramfs.hook
index 1f6b696..aadf714 100755
--- a/debian/initramfs.hook
+++ b/debian/initramfs.hook
@@ -96,7 +96,7 @@ EFWF="${EFWCD}/AuthenticAMD.bin"
# firmware file, as well as the timestamp and ordering of
# all cpio members.
mkdir -p "${EFWCD}" && \
- find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | LC_ALL=C sort -z | xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
+ find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -name "microcode_amd*.bin" -print0 | LC_ALL=C sort -z | xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
find "${EFWD}" -print0 | xargs -0r touch --no-dereference --date="@${CHANGELOG_TS}" && { \
# --reproducible requires cpio >= 2.12
cpio --usage | grep -qs -- "--reproducible" && cpio_reproducible="--reproducible" || true
--
2.51.0
Reply to: