hi Henrique, On Sun, Nov 09, 2025 at 06:14:23PM -0300, Henrique de Moraes Holschuh wrote: > AMD changes to avoid regressing outdated family 19h systems have > showed up on linux-firmware recently, and there are patches to the > kernel microcode driver on their way to mainline (they can be seen > on the "tip" tree). > > I am packaging the new microcode update to upload to *unstable*, but > systems with outdated firmware are supposed to regress unless they > also have the kernel changes, so updates to stable are still in the > future. > > It has also become very clear that: > > 1. Family 0x19 (Zen 2 to Zen 4) will have the choice of staying on > the last Entrysign-vulnerable microcode release. Obviously, they > will remain vulnerable to Entrysign and everything else fixed since > Entrysign, since they will *not* receive any new microcode updates. > > 2. Zen 5 systems have no such choice: all systems must update the > firmware to fix Entrysign in order to receive microcode updates. > > We can issue partial security updates to stable covering only family > 0x1a (Zen 5) while we wait for the kernel-side changes that will > enable us to ship the fixes for family 0x19 without regressing > systems with outdated firmware.
I pondered your mail for a while now. I think there is no urgency to do a partial update and we can look forward if and when the changes will trickle into stable series upstream (if at all). The relevant series for the changes only entered v6.19-rc1 so far. In particular as the older back we go, Zen 5 Linux support get less relevant, so it does make less sense to issue updates with only that part, well maybe as stable-proposed-update indeed for trixie and 6.12.y based kernel but not older (not considering backports kernel). Regards, Salvatore
