Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)

To: debian-security@lists.debian.org, debian-user <debian-user@lists.debian.org>
Subject: Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sun, 8 Sep 2013 12:55:05 -0300
Message-id: <[🔎] 20130908155505.GB5677@khazad-dum.debian.net>
In-reply-to: <[🔎] CAAr43iN8FkrxsHHZjdehGFKEP2HTycWjoXEXEwRfAYrRVzmShA@mail.gmail.com>
References: <[🔎] CAAr43iN8FkrxsHHZjdehGFKEP2HTycWjoXEXEwRfAYrRVzmShA@mail.gmail.com>

On Sun, 08 Sep 2013, Joel Rees wrote:
> I was hoping that AMD was not going to have the license and
> non-visibility issue that plagues the Intel processor microcode
> updates. But I find this original announcement from when Henrique made
> the updater tool available:
> 
> http://lists.debian.org/debian-devel/2012/11/msg00109.html

AMD is better than Intel at telling the general public what a microcode
update fixes.  AMD does publish to the general public the errata each
microcode update fixes.  What each erratum means is also published in the
AMD processor "Revision Guides", which are also public.

Not that it will help you much.  Really.  Most of the errata worth fixing
through a microcode update causes either unpredictable system behaviour,
data corruption, or system hangs/reboots.  Only a few fixes are for "minor"
issues such as power management, performance, or optional features.  And
most of the time, it is very very difficult to access how difficult it is to
hit a given erratum.  So it is a "update or else" deal, because it always
fixes something horrible (even when the chances of you hitting the issue are
very remote -- but you won't be able to know that, you'll have to update
just in case anyway)

AFAIK, Intel does publish the same kind of information but it is not
available to the general public.  Intel does publish to the general public
the list of errata in their processor "specification updates" documentation,
it just almost never writes down in public documentation what errata a
microcode update fixes.

And you could also have internal/non-public errata and fixes, nothing forces
Intel, AMD, or any other vendor to disclose (even to their hardware
partners) the full list of errata and behaviour changes (fixes, etc).

Note that even the internal errata/fix information is bound to be really
uninteresting anyway.  Backdoors would not be documented anywhere, heck, it
is very likely that only the one or two engineers that had to implement them
even know about it.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
  - From: Volker Birk <vb@pibit.ch>
- Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
  - From: Joel Rees <joel.rees@gmail.com>

References:
- Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
  - From: Joel Rees <joel.rees@gmail.com>

Prev by Date: Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
Next by Date: Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
Previous by thread: Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
Next by thread: Re: Microcode update conundrum (was Re: ANNOUNCEMENT: Intel processor microcode security update)
Index(es):
- Date
- Thread