[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firmware - what are we going to do about it?

On Tue, Apr 19, 2022 at 01:43:39PM +0200, Christian Kastner wrote:

In case my own wasn't clear, what I meant was: (a) all of the x86_64
hosts in our infrastructure use CPUs that utilize non-free microcode,
and (b) unless we're crazy, those hosts also use the non-free
intel-microcode or amd64-microcode packages to get security fixes.


I hadn't even noticed that there was an amd64-microcode package.
Although I see that it is older than my CPU (3945WX), so I'm not sure
that it is (yet) a problem (for me). That said…


Here's an even more radical thought: shipping any x86_64 installer CD
without amd64-microcode and intel-microcode installed by default is a
disservice to our users. There's no ideological "Win" when you're paying
for it with the user's security, especially when they might be unaware
of the problem.


I can agree with that, but I think that's a bridge to cross *after* the
change proposed by Steve.


--
Please do not CC me for listmail.

👱🏻	Jonathan Dowland
✎	 jmtd@debian.org
🔗	https://jmtd.net
Reply to: