Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs

["Henrique de Moraes Holschuh" <hmh@debian.org>]

On Sun, Sep 27, 2020, at 18:27, Ben Hutchings wrote:
> On Sun, 2020-09-27 at 13:43 -0300, Henrique de Moraes Holschuh wrote:
> > Answering from my phone, please excuse brevity and other netiquete
> > issues such as poor quoting cleanup.

This is still true :(

> However, we normally take all changes from linux-firmware.git up to a
> specific tag, and that might not be appropriate for the AMD microcode
> given the potential for system-breaking regressions.

So, until a more workable solution is found, if you need amd64-microcode to carry any other data files, please file a bug.  If I am behind an update for any reason, please file a bug.  I will see it and act on it. You don't need to wait to see if I noticed the upstream update or not, file the bug as soon as you're prepared to.

There was a mention about a pending security update of SES firmware in this thread.  If this needs an amd64-microcode release and if the ses firmware should go into that release, please explicitly say so, preferably in a new bug report, so that we can keep this one open until a final decision is done whether we should drop amd64-microcode as a separate package or keep it just for scripts, or keep the status-quo.

-- 
  Henrique de Moraes Holschuh <hmh@debian.org>