Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
Source: firmware-nonfree
Severity: important
Dear maintainer,
first of all thanks for maintaining and packaging the linux-firmware files repository as debian packages.
We currently need to manually obtain the linux-firmware.git:amd/amd_sev_fam17h_model3xh.sbin [1] file on
our AMD EPYC servers. The firmware files containing the AMD SEV firmware closing security vulnerabilities [2]
and fixes bugs and adds improvements to the AMD SEV implementation.
I'm most likely unqualified for legal questions but the LICENSE.amd-sev [3] reads quite similar to the already
added amdgpu license [4]. So I hope this is not the reason, why those files were not added in the past.
The severity was choosen because it fixes a security vulnerability, please change accordingly if you think
it is wrong.
Thanks in advance. Best regards,
michael
[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9836
[3] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amd-sev
[4] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amdgpu
Reply to: