AMD changes to avoid regressing outdated family 19h systems have showed up on linux-firmware recently, and there are patches to the kernel microcode driver on their way to mainline (they can be seen on the "tip" tree).
I am packaging the new microcode update to upload to *unstable*, but systems with outdated firmware are supposed to regress unless they also have the kernel changes, so updates to stable are still in the future. It has also become very clear that: 1. Family 0x19 (Zen 2 to Zen 4) will have the choice of staying on the last Entrysign-vulnerable microcode release. Obviously, they will remain vulnerable to Entrysign and everything else fixed since Entrysign, since they will *not* receive any new microcode updates. 2. Zen 5 systems have no such choice: all systems must update the firmware to fix Entrysign in order to receive microcode updates. We can issue partial security updates to stable covering only family 0x1a (Zen 5) while we wait for the kernel-side changes that will enable us to ship the fixes for family 0x19 without regressing systems with outdated firmware. -- Henrique de Moraes Holschuh <[email protected]>
