Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: 970395@bugs.debian.org, debian-kernel@lists.debian.org, Michael Musenbrock <michael.musenbrock@gmx.at>
Subject: Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
From: maximilian attems <maks@stro.at>
Date: Fri, 25 Sep 2020 14:14:09 +0200
Message-id: <[🔎] 20200925121409.GA502516@photino.stro.at>
In-reply-to: <[🔎] 20200920083612.GA186746@photino.stro.at>
References: <[🔎] 160018174325.43250.13621988053918949874.reportbug@ipa> <[🔎] 160018174325.43250.13621988053918949874.reportbug@ipa> <[🔎] 20200920083612.GA186746@photino.stro.at>

Dear Henrique,

It be great to get your input, hence repinging (;

Especially as linux-firmware is the common upstream source, it be ideal to ship
the amd64 mircrocode out of our firmware packages.

Thanks for letting us know.

kind regards,
maximilian

On Sun, Sep 20, 2020 at 10:36:12AM +0200, maximilian attems wrote:
> Dear Henrique, dear debian kernel maintainers, Cc: Michael,
> 
> Would you agree to generate the amd64-firmware packages directly out of the debian
> linux-firmware source package?
> 
> This way the microcode would be updated on every linux-firmware non-free upload?
> I am asking as it keeps nugging me to have to outcomment the updates of that
> microcode in the changelog (there is again a new one for the upcoming 20200918).
> 
> Would you want to be added in counterpart to the uploaders of firmware-nonfree?
> 
> Thank you very much for your amd64 microcode work.
> 
> kind regards,
> maximilian
> 
> On Tue, Sep 15, 2020 at 04:55:43PM +0200, Michael Musenbrock wrote:
> > Source: firmware-nonfree
> > Severity: important
> > 
> > Dear maintainer,
> > 
> > first of all thanks for maintaining and packaging the linux-firmware files repository as debian packages.
> > 
> > We currently need to manually obtain the linux-firmware.git:amd/amd_sev_fam17h_model3xh.sbin [1] file on
> > our AMD EPYC servers. The firmware files containing the AMD SEV firmware closing security vulnerabilities [2]
> > and fixes bugs and adds improvements to the AMD SEV implementation.
> > 
> > I'm most likely unqualified for legal questions but the LICENSE.amd-sev [3] reads quite similar to the already
> > added amdgpu license [4]. So I hope this is not the reason, why those files were not added in the past.
> > 
> > The severity was choosen because it fixes a security vulnerability, please change accordingly if you think
> > it is wrong.
> > 
> > Thanks in advance. Best regards,
> > michael
> > 
> > [1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd
> > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9836
> > [3] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amd-sev
> > [4] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amdgpu
> >

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
  - From: "Henrique de Moraes Holschuh" <hmh@debian.org>

References:
- Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
  - From: Michael Musenbrock <michael.musenbrock@gmx.at>
- Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
  - From: maximilian attems <maks@stro.at>

Prev by Date: Processed: reassign 970861 to src:linux
Next by Date: Bug#970736: linux-image-5.7.0-0.bpo.2-amd64 also crashes
Previous by thread: Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
Next by thread: Re: Bug#970395: firmware-nonfree: Please add AMD-SEV firmware files (amd-folder) to close CVE-2019-9836 on specific EPYC-CPUs
Index(es):
- Date
- Thread