Dear LTS team, I am doing my first steps in dealing with DLAs. The package amd64-microcode should be updated due to the CVE-2017-5715.
After discussion with the maintainer I decided to backport the latest upstream version, available in Debian (3.20191218.1). Prepared package is available here [1]. Debdiff is attached. If somebody has an access to the amd-hardware, I want to ask you to test this package there. It looks like there was a regression with earlier versions in Ubuntu [2], and it would be good to test this update especially on AMD EPYC 7542, where the regression was detected to escape those boot loops. Any other suggestions are very welcome! Thank you [1] https://people.debian.org/~gladk/amd64-microcode/ [2] https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/1853614 Anton
diff -Nru amd64-microcode-2.20160316.1~deb8u1/LICENSE.amd-ucode
amd64-microcode-3.20191218.1+deb8u1/LICENSE.amd-ucode
--- amd64-microcode-2.20160316.1~deb8u1/LICENSE.amd-ucode 2016-02-28
22:49:29.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/LICENSE.amd-ucode 2019-10-22
23:44:21.000000000 +0000
@@ -1,4 +1,4 @@
-Copyright (C) 2010-2014 Advanced Micro Devices, Inc., All rights reserved.
+Copyright (C) 2010-2018 Advanced Micro Devices, Inc., All rights reserved.
Permission is hereby granted by Advanced Micro Devices, Inc. ("AMD"),
free of any license fees, to any person obtaining a copy of this
diff -Nru amd64-microcode-2.20160316.1~deb8u1/README
amd64-microcode-3.20191218.1+deb8u1/README
--- amd64-microcode-2.20160316.1~deb8u1/README 2016-03-19 17:21:48.000000000
+0000
+++ amd64-microcode-3.20191218.1+deb8u1/README 2019-12-20 21:33:52.000000000
+0000
@@ -1,43 +1,146 @@
This amd64-microcode release was based on the linux-firmware tree.
+The linux-firmware tree can be found in kernel.org.
-From: Sherry Hurwitz <[email protected]>
-Subject: [PATCH 1/1] linux-firmware: Update AMD microcode patch firmware
-Date: 2016-03-17 06:56:11 GMT
+commit c4586ffaac0ca0d7045e06140b6426f2e79e96e6
+Author: John Allen <[email protected]>
+Date: Wed Dec 18 08:27:40 2019 -0600
+
+ linux-firmware: Update AMD cpu microcode
+
+ * Update AMD cpu microcode for processor family 17h
+
+ Key Name = AMD Microcode Signing Key (for signing microcode
container files only)
+ Key ID = F328AE73
+ Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
+
+ Signed-off-by: John Allen <[email protected]>
+ Signed-off-by: Josh Boyer <[email protected]>
+
+commit 2b016afc348ba4b5fb2016ffcb2822f4a293da0c
+Author: Allen, John <[email protected]>
+Date: Mon Oct 21 12:54:40 2019 +0000
+
+ linux-firmware: Update AMD cpu microcode
+
+ * Update AMD cpu microcode for processor family 17h
+
+ Key Name = AMD Microcode Signing Key (for signing microcode
container files only)
+ Key ID = F328AE73
+ Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
+
+ Signed-off-by: John Allen <[email protected]>
+ Signed-off-by: Josh Boyer <[email protected]>
+
+commit 8aa9e3e3886d49b8e1427c1084cbbe567ca2b6ca
+Author: Allen, John <[email protected]>
+AuthorDate: Thu Nov 29 18:39:16 2018 +0000
+Commit: Josh Boyer <[email protected]>
+CommitDate: Fri Dec 14 08:05:34 2018 -0500
+
+ linux-firmware: Update AMD cpu microcode
+
+ * Update AMD cpu microcode for processor family 17h
+
+ Key Name = AMD Microcode Signing Key (for signing microcode
container files only)
+ Key ID = F328AE73
+ Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
+
+ Signed-off-by: John Allen <[email protected]>
+ Signed-off-by: Josh Boyer <[email protected]>
- linux-firmware: Update AMD microcode patch firmware
+commit 7518922bd5b98b137af7aaf3c836f5a498e91609
+Author: Sherry Hurwitz <[email protected]>
+Date: Thu May 24 20:57:59 2018 -0500
+
+ Update AMD cpu microcode for family 15h
+
+ * Processor Revision ID 0x00610f01 was accidently not included in the
previous
+ submitted microcode container file.
+ * Update the Version for family 15h microcode .bin file
+
+ Key Name = AMD Microcode Signing Key (for signing microcode
container files only)
+ Key ID = F328AE73
+ Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
+
+ Signed-off-by: Sherry Hurwitz <[email protected]>
+ Signed-off-by: Josh Boyer <[email protected]>
+
+commit 77101513943ef198e2050667c87abf19e6cbb1d8
+Author: Sherry Hurwitz <[email protected]>
+Date: Wed May 16 18:10:48 2018 -0500
+
+ linux-firmware: Update AMD cpu microcode
+
+ * Add AMD cpu microcode for processor family 17h
+ * Update AMD cpu microcode for processor family 15h
+ * Update the AMD cpu microcode license copyright
+ * Add a Version for both microcode family 15h and 17h
+
+ Key Name = AMD Microcode Signing Key (for signing microcode
container files only)
+ Key ID = F328AE73
+ Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
+
+ Signed-off-by: Sherry Hurwitz <[email protected]>
+ Signed-off-by: Josh Boyer <[email protected]>
+
+commit 5f8ca0c1db6106a2d6d7e85eee778917ff03c3de
+Author: Sherry Hurwitz <[email protected]>
+Date: Thu Mar 17 01:56:11 2016 -0500
+ linux-firmware: Update AMD microcode patch firmware
+
For AMD Family 15h Processors to fix bugs in prior microcode patch
file: amd-ucode/microcode_amd_fam15h.bin
md5sum: 2384ef1d8ec8ca3930b62d82ea5a3813
-
+
Version: 2016_03_16
-
+
Signed-off-by: Sherry Hurwitz <[email protected]>
+ Signed-off-by: Kyle McMartin <[email protected]>
commit 8ac569dd3ca3ca685bd47ee86c1eeb6050864db3
Author: Sherry Hurwitz <[email protected]>
Date: Thu Nov 6 19:38:26 2014 -0600
linux-firmware: Update AMD microcode patch firmware files
-
+
For AMD Family 15h Processors
file: amd-ucode/microcode_amd_family15h.bin
md5sum: ee3f0f46936aa1788dc31ca3487e0ff3
-
+
For AMD Family 16h Processors
file: amd-ucode/microcode_amd_family16h.bin
md5sum: 6a47a6393c52ddfc0b5b044efc076a77
-
+
Version: 2014_10_28
Signed-off-by: Sherry Hurwitz <[email protected]>
Signed-off-by: Kyle McMartin <[email protected]>
-LICENSE.amd-ucode | 2 +-
-amd-ucode/microcode_amd_fam15h.bin |binary
-amd-ucode/microcode_amd_fam15h.bin.asc | 16 ++++++++--------
-amd-ucode/microcode_amd_fam16h.bin |binary
-amd-ucode/microcode_amd_fam16h.bin.asc | 11 +++++++++++
-6 files changed, 23 insertions(+), 10 deletions(-)
+commit 31f6b3076bab3c4b65f67fdb232f4579ed828b4f
+Author: Suravee Suthikulpanit <[email protected]>
+Date: Wed Jul 10 19:42:56 2013 -0500
+
+ linux-firmware: Add AMD microcode patch firmware files
+
+ For AMD Families 10h ~ 14h Processors
+ file: amd-ucode/microcode_amd.bin
+ md5sum: 55ae79b82cbfddcf7142058be3c9ec2d
+
+ For AMD Family 15h Processors
+ file: amd-ucode/microcode_amd_fam15h.bin
+ md5sum: 122ac7e56442c2b7c28eb26978b2d57c
+
+ Version: 07_10_2013
+
+ Signed-off-by: Sherry Hurwitz <[email protected]>
+ Signed-off-by: Suravee Suthikulpanit <[email protected]>
+ [bwh: Include version in WHENCE and GPG signatures as separate files]
+ Signed-off-by: Ben Hutchings <[email protected]>
+
+The microcode update for family 17h came from SuSE, and depends on specific
+kernel support for family 17h to be applied. It implements IBPB support
+for family 17h processors (Zen). Microcode update support for family 17h
+should be present in Linux 4.15, 4.14.13, 4.9.76, 4.4.111, and later.
AMD did not update the relevant microcode documentation (errata fixed,
microcode patch levels, etc), so there is no documentation for the family 0x16
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/NEWS
amd64-microcode-3.20191218.1+deb8u1/debian/NEWS
--- amd64-microcode-2.20160316.1~deb8u1/debian/NEWS 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/NEWS 2019-12-20
21:33:42.000000000 +0000
@@ -8,9 +8,10 @@
issues caused by the AMD microcode update itself when done outside of
the boot process.
- However, updating only on boot works around a very elusive issue in the
- the Linux kernel microcode update driver for AMD processors, which may
- or may not have been fixed in the latest stable/long-term kernels.
+ However, updating only on boot works around a very elusive issue in
+ the Linux kernel microcode update driver for AMD processors, which
+ may or may not have been fixed in the latest stable/long-term
+ kernels.
It is now possible to configure how the amd64-microcode package should
behave through the /etc/default/amd64-microcode file. By default, it
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/README.Debian
amd64-microcode-3.20191218.1+deb8u1/debian/README.Debian
--- amd64-microcode-2.20160316.1~deb8u1/debian/README.Debian 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/README.Debian 2019-12-20
21:33:42.000000000 +0000
@@ -27,20 +27,74 @@
outdated microcode, increasing the chances of incorrect system operation.
Debian can apply microcode updates to the system processors during the
-operating system boot. The following configurations are supported for
-the microcode driver:
+operating system boot automatically. This requires the use of a suitably
+configured Linux kernel 3.14 or later, and an initramfs.
-1. When an initramfs image is used (Debian default), both modular and
- built-in configs for the microcode driver will work, and microcode
- will be updated by the initramfs. You must run "update-initramfs -u"
- when new microcode is manually installed to /lib/firmware (this will
- be done automatically when new microcode is installed by a package
- upgrade).
-
-2. When an initramfs image is not used, only the modular microcode
- driver is supported. If it doesn't autoload by itself in your kernel
- version, you should add it to /etc/modules. You must install either
- the kmod or module-init-tools package, and the root filesystem with
- /lib/firmware must be available when the modules are loaded.
- -- Henrique de Moraes Holschuh <[email protected]>, 2012-07-09
+Installing microcode updates:
+
+For the Debian default kernel, it is enough to install the amd64-microcode
+package as well as the initramfs-tools package and the microcode update
+will be applied automatically at the next reboot.
+
+It is also possible to use "dracut" instead of initramfs-tools, but the
+support for early microcode updates must be enabled manually in
+dracut.conf (set the option "early_microcode=yes"). Force an update of
+the initramfs using dracut, and reboot. Note that since Linux kernel 4.4,
+one must use dracut 044 or later.
+
+Applying the microcode updates without the use of an early initramfs is
+not automatically supported anymore, due to future safety concerns.
+However, the local administrator may trigger an immediate microcode update
+attempt at any time, at her own risk:
+
+ USING AN INITRAMFS+REBOOT IS SAFER. DO THIS ONLY WHEN YOU KNOW BETTER:
+ as root:
+ echo 1 > /sys/devices/system/cpu/microcode/reload
+
+
+RECOVERY PROCEDURE:
+
+It is possible for a microcode update to not work well, or to not work at
+all on specific system models. This is very rare when using the safe
+microcode update procedure described above and an up-to-date Linux kernel,
+but it has happened at least once.
+
+Should you experience problems because of the microcode update, you will
+have to bypass the microcode update process that happens during operating
+system startup (boot), and remove the amd64-microcode package until the
+underlying issue is fixed.
+
+To bypass the microcode update during system startup, you must instruct the
+boot loader (grub, lilo, etc) to pass the "dis_ucode_ldr" parameter
+(without the quotes) to the kernel.
+
+If your system uses grub (the default bootloader in Debian):
+
+ 1. Access the grub menu during boot (press and hold the left "Shift"
+ key right after starting the system up if you don't see a grub menu
+ during boot);
+
+ 2. Move the highlight/cursor to the kernel/boot option you want to
+ use, and press the "e" key to edit it;
+
+ 3. Locate the line that starts with "linux" using the cursor
+ keys. You must add the word "dis_ucode_ldr" (without the quotes) to
+ the end of that line;
+
+ 4. Press "Ctrl+X" to start (boot) the system. The microcode updates
+ will be skipped.
+
+After the system is running, remove or purge the amd64-microcode package.
+
+If removing/purging the package doesn't do it automatically for some
+reason, refresh the initramfs using the "update-initramfs -u" command (as
+the root user), and possibly "update-initramfs -u -k <kernel version>".
+
+"dracut" users, please refer to the dracut documentation on how to update
+the initramfs images for every installed kernel.
+
+Please report any issues caused by microcode updates to the mailing-list or
+to the Debian bug tracker.
+
+ -- Henrique de Moraes Holschuh <[email protected]>, 2016-04-05
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.default
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.default
--- amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.default
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.default
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,13 @@
+# Configuration script for amd64-microcode version 3
+
+#
+# initramfs helper
+#
+
+#
+# Set this to "no" to disable automatic microcode updates on boot;
+# Set this to "early" to always install microcode updates to the early
initramfs
+# Set this to "auto" to autodetect mode for current system (default);
+#
+#AMD64UCODE_INITRAMFS=auto
+
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.dirs
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.dirs
--- amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.dirs
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.dirs
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,3 @@
+etc/default
+etc/modprobe.d
+lib/firmware/amd-ucode
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.docs
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.docs
--- amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.docs
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.docs
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,3 @@
+README
+microcode_amd.bin.README
+microcode_amd_fam*.README
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.install
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.install
--- amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.install
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.install
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,2 @@
+microcode_amd.bin /lib/firmware/amd-ucode
+microcode_amd_fam*.bin /lib/firmware/amd-ucode
diff -Nru
amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.modprobe-blacklist
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.modprobe-blacklist
---
amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.modprobe-blacklist
1970-01-01 00:00:00.000000000 +0000
+++
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.modprobe-blacklist
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,3 @@
+# The microcode module attempts to apply a microcode update when
+# it autoloads. This is not always safe, so we block it by default.
+blacklist microcode
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.postinst
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.postinst
--- amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.postinst
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.postinst
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,46 @@
+#!/bin/sh
+# postinst script for amd64-microcode
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ configure)
+ # do it like udev and firmware-linux-*
+ if [ -x /usr/sbin/update-initramfs ] && [ -e
/etc/initramfs-tools/initramfs.conf ] ; then
+ update-initramfs -u && {
+ echo "amd64-microcode: microcode will be updated at next boot"
>&2
+ }
+ else
+ echo "amd64-microcode: initramfs support missing" >&2
+ fi
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.postrm
amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.postrm
--- amd64-microcode-2.20160316.1~deb8u1/debian/amd64-microcode.postrm
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/amd64-microcode.postrm
2019-12-20 21:33:42.000000000 +0000
@@ -0,0 +1,42 @@
+#!/bin/sh
+# postrm script for amd64-microcode
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ purge|remove)
+ if [ -x /usr/sbin/update-initramfs -a -e
/etc/initramfs-tools/initramfs.conf ] ; then
+ update-initramfs -u
+ fi
+ ;;
+
+ upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/changelog
amd64-microcode-3.20191218.1+deb8u1/debian/changelog
--- amd64-microcode-2.20160316.1~deb8u1/debian/changelog 2016-03-19
17:22:44.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/changelog 2020-03-10
20:18:47.000000000 +0000
@@ -1,8 +1,140 @@
-amd64-microcode (2.20160316.1~deb8u1) stable; urgency=critical
+amd64-microcode (3.20191218.1+deb8u1) UNRELEASED; urgency=high
- * This is exactly the same release as 2.20160316.1
+ * Non-maintainer upload by the LTS team.
+ * New upstream release.
+ * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+ (since 3.20180515.1).
- -- Henrique de Moraes Holschuh <[email protected]> Sat, 19 Mar 2016 14:21:54
-0300
+ -- Anton Gladky <[email protected]> Tue, 10 Mar 2020 21:18:47 +0100
+
+amd64-microcode (3.20191218.1) unstable; urgency=medium
+
+ * New microcode update packages from AMD upstream:
+ + Removed Microcode updates (known to cause issues):
+ sig 0x00830f10, patch id 0x08301025, 2019-07-11
+ * README: update for new release
+
+ -- Henrique de Moraes Holschuh <[email protected]> Fri, 20 Dec 2019 18:36:27
-0300
+
+amd64-microcode (3.20191021.1) unstable; urgency=medium
+
+ * New microcode update packages from AMD upstream:
+ + New Microcodes:
+ sig 0x00830f10, patch id 0x08301025, 2019-07-11
+ + Updated Microcodes:
+ sig 0x00800f12, patch id 0x08001250, 2019-04-16
+ sig 0x00800f82, patch id 0x0800820d, 2019-04-16
+ * README: update for new release
+
+ -- Henrique de Moraes Holschuh <[email protected]> Tue, 22 Oct 2019 21:00:17
-0300
+
+amd64-microcode (3.20181128.1) unstable; urgency=medium
+
+ * New microcode update packages from AMD upstream:
+ + New Microcodes:
+ sig 0x00800f82, patch id 0x0800820b, 2018-06-20
+ * README: update for new release
+
+ -- Henrique de Moraes Holschuh <[email protected]> Sat, 15 Dec 2018 18:42:12
-0200
+
+amd64-microcode (3.20180524.1) unstable; urgency=high
+
+ * New microcode update packages from AMD upstream:
+ + Re-added Microcodes:
+ sig 0x00610f01, patch id 0x06001119, 2012-07-13
+ * This update avoids regressing sig 0x610f01 processors on systems with
+ outdated firmware by adding back exactly the same microcode patch that was
+ present before [for these processors]. It does not implement Spectre-v2
+ mitigation for these processors.
+ * README: update for new release
+
+ -- Henrique de Moraes Holschuh <[email protected]> Fri, 25 May 2018 15:38:22
-0300
+
+amd64-microcode (3.20180515.1) unstable; urgency=high
+
+ * New microcode update packages from AMD upstream:
+ + New Microcodes:
+ sig 0x00800f12, patch id 0x08001227, 2018-02-09
+ + Updated Microcodes:
+ sig 0x00600f12, patch id 0x0600063e, 2018-02-07
+ sig 0x00600f20, patch id 0x06000852, 2018-02-06
+ + Removed Microcodes:
+ sig 0x00610f01, patch id 0x06001119, 2012-07-13
+ * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
+ plus other unspecified fixes/updates.
+ * README, debian/copyright: update for new release
+
+ -- Henrique de Moraes Holschuh <[email protected]> Sat, 19 May 2018 13:51:06
-0300
+
+amd64-microcode (3.20171205.2) unstable; urgency=medium
+
+ * debian/control: update Vcs-* fields for salsa.debian.org
+
+ -- Henrique de Moraes Holschuh <[email protected]> Fri, 04 May 2018 07:51:40
-0300
+
+amd64-microcode (3.20171205.1) unstable; urgency=high
+
+ * New microcode updates (closes: #886382):
+ sig 0x00800f12, patch id 0x08001213, 2017-12-05
+ Thanks to SuSE for distributing these ahead of AMD's official release!
+ * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
+ * README: describe source for faml17h microcode update
+ * Upload to unstable to match IBPB microcode support on Intel in Debian
+ unstable.
+ * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
+ backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
+ "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
+ it will not be applied to the processor.
+
+ -- Henrique de Moraes Holschuh <[email protected]> Mon, 08 Jan 2018 12:19:57
-0200
+
+amd64-microcode (3.20160316.3) unstable; urgency=medium
+
+ * initramfs: Make the early initramfs reproducible (closes: #845194)
+ * rules: switch to simplified dh-based build (debhelper v9)
+
+ -- Henrique de Moraes Holschuh <[email protected]> Tue, 29 Nov 2016 23:54:53
-0200
+
+amd64-microcode (3.20160316.2) unstable; urgency=medium
+
+ * NEWS.debian: fix minor typo
+ * debian/control, debian/compat: bump debhelper compat mode to 9
+ * debian/control: bump standards version to 3.9.8 (no changes needed)
+ * debian/: prefix binary-package control files with package name
+ * debian/control: recommend tiny-initramfs as an alternative to
+ initramfs-tools tiny-initramfs specifically supports early microcode
+ updates, so it is a viable alternative to initramfs-tools
+ (closes: #839882)
+
+ -- Henrique de Moraes Holschuh <[email protected]> Sun, 09 Oct 2016 15:43:16
-0300
+
+amd64-microcode (3.20160316.1) unstable; urgency=low
+
+ * Bump major version number to 3: early-initramfs support
+ * Support is now restricted to Linux kernel 3.14 and later. For older
+ kernels, please use the version 2 (older) branch of the package.
+ * Implement early-initramfs mode, and remove normal mode
+ * debian/control: add versioned recommends for initramfs-tools and
+ dracut. Note that dracut 044 is required for Linux 4.4 and later,
+ otherwise dracut 040 would be enough
+ * debian/default: add early mode, remove normal mode from comments
+ * initramfs hook: use cpio to generate an early-initramfs with
+ microcode for all processors, blacklist kernels older than 3.14,
+ and remove normal mode support.
+ * initramfs.init-premount: remove, not needed for early-initramfs
+ * debian/rules: don't install init-premount initramfs script.
+ * initramfs.hook: detect a missing microcode.ko and don't attempt to
+ force_load() it. In verbose mode, log when the microcode driver is
+ modular. For Linux 4.4 and later, skip the module loading logic
+ (closes: #809444)
+ * README.Debian: update for early initramfs support, and add information
+ on how to disable early updates using the dis_ucode_ldr kernel boot
+ parameter
+ * Support for x32 was enabled in debian/control for the 2.20160316.1
+ upload, but the changelog did not record this by mistake. The missing
+ entry was retroactively added to debian/changelog by this upload
+
+ -- Henrique de Moraes Holschuh <[email protected]> Sun, 10 Apr 2016 16:31:23
-0300
amd64-microcode (2.20160316.1) unstable; urgency=critical
@@ -28,6 +160,7 @@
ring 0 code injection attack.
* The erratum is timing-dependant, easily triggered by workloads that cause
a high number of NMIs, such as running the "perf" tool.
+ * debian/control: enable buiding on x32 (closes: #777233)
-- Henrique de Moraes Holschuh <[email protected]> Sat, 19 Mar 2016 14:02:44
-0300
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/compat
amd64-microcode-3.20191218.1+deb8u1/debian/compat
--- amd64-microcode-2.20160316.1~deb8u1/debian/compat 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/compat 2019-12-20
21:33:42.000000000 +0000
@@ -1 +1 @@
-7
+9
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/control
amd64-microcode-3.20191218.1+deb8u1/debian/control
--- amd64-microcode-2.20160316.1~deb8u1/debian/control 2016-03-19
17:21:48.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/control 2019-12-20
21:33:42.000000000 +0000
@@ -3,14 +3,15 @@
Priority: standard
Maintainer: Henrique de Moraes Holschuh <[email protected]>
Uploaders: Giacomo Catenazzi <[email protected]>
-Build-Depends: debhelper (>= 7)
-Standards-Version: 3.9.6
-Vcs-Git: git://git.debian.org/users/hmh/amd64-microcode.git
-Vcs-Browser: http://git.debian.org/?p=users/hmh/amd64-microcode.git
+Build-Depends: debhelper (>= 9)
+Standards-Version: 3.9.8
+Vcs-Git: https://salsa.debian.org/hmh/amd64-microcode.git
+Vcs-Browser: https://salsa.debian.org/hmh/amd64-microcode
XS-Autobuild: yes
Package: amd64-microcode
Architecture: i386 amd64 x32
+Recommends: initramfs-tools (>= 0.113~) | dracut (>= 044) | tiny-initramfs
Depends: ${misc:Depends}
Breaks: intel-microcode (<< 2)
Description: Processor microcode firmware for AMD CPUs
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/copyright
amd64-microcode-3.20191218.1+deb8u1/debian/copyright
--- amd64-microcode-2.20160316.1~deb8u1/debian/copyright 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/copyright 2019-12-20
21:33:42.000000000 +0000
@@ -2,8 +2,9 @@
Sun Jun 10 10:54:36 BRT 2012
It was downloaded from http://www.amd64.org/support/microcode.html up to
-version 20120910 (now: http://www.amd64.org/microcode.html). It was built from
-the linux-firmware git tree at for version 20131007 onwards.
+version 20120910 (now: http://www.amd64.org/microcode.html). For version
+20131007 onwards, it was built from the linux-firmware git repository at:
+https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
Debian only distributes the AMD64 microcode file in its unaltered form.
@@ -13,7 +14,7 @@
Upstream Copyright:
- Copyright (C) 2010-2014 Advanced Micro Devices, Inc.,
+ Copyright (C) 2010-2018 Advanced Micro Devices, Inc.
All rights reserved.
Upstream License:
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/default
amd64-microcode-3.20191218.1+deb8u1/debian/default
--- amd64-microcode-2.20160316.1~deb8u1/debian/default 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/default 1970-01-01
00:00:00.000000000 +0000
@@ -1,16 +0,0 @@
-# Configuration script for amd64-microcode version 2
-
-#
-# initramfs helper
-#
-
-# Set this to "no" to disable automatic microcode updates on boot;
-# Set this to "yes" to always install microcode updates to the initramfs;
-# Set this to "auto" to use initramfs mode automatically (default);
-#
-# Note: "early" mode is not yet supported in amd64-microcode version 2.
-# It will be implemented in version 3, at which point "yes" will alias
-# to "early", and only "early microcode updates" will be supported.
-#
-#AMD64UCODE_INITRAMFS=auto
-
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/dirs
amd64-microcode-3.20191218.1+deb8u1/debian/dirs
--- amd64-microcode-2.20160316.1~deb8u1/debian/dirs 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/dirs 1970-01-01
00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-etc/default
-etc/modprobe.d
-lib/firmware/amd-ucode
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/docs
amd64-microcode-3.20191218.1+deb8u1/debian/docs
--- amd64-microcode-2.20160316.1~deb8u1/debian/docs 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/docs 1970-01-01
00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-README
-microcode_amd.bin.README
-microcode_amd_fam*.README
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/initramfs.hook
amd64-microcode-3.20191218.1+deb8u1/debian/initramfs.hook
--- amd64-microcode-2.20160316.1~deb8u1/debian/initramfs.hook 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/initramfs.hook 2019-12-20
21:33:42.000000000 +0000
@@ -1,11 +1,10 @@
#!/bin/sh
# amd64-microcode initramfs-tools hook script
-# Copyright (C) 2012-2014 Henrique de Moraes Holschuh <[email protected]>
+# Copyright (C) 2012-2016 Henrique de Moraes Holschuh <[email protected]>
# Released under the GPL v2 or later license
#
-# Generates a copy of the minimal microcode for the current system if
-# possible, and installs it in the initramfs.
-#
+# Generates a copy of the minimal microcode for all AMD processors
+# and installs it to the early initramfs
PREREQ=""
AMD64UCODE_CONFIG=/etc/default/amd64-microcode
@@ -26,10 +25,10 @@
verbose()
{
- if [ "${verbose}" = "y" ] ; then
- echo "amd64-microcode: $*"
- fi
- :
+ if [ "${verbose}" = "y" ] ; then
+ echo "I: amd64-microcode: $*"
+ fi
+ :
}
AUCODE_FW_DIR=/lib/firmware/amd-ucode
@@ -39,8 +38,8 @@
[ -z "${AMD64UCODE_INITRAMFS}" ] && AMD64UCODE_INITRAMFS=no
if [ ! -d "${AUCODE_FW_DIR}" ] ; then
- verbose "no AMD64 processor microcode datafiles to install"
- exit 0;
+ verbose "no AMD64 processor microcode datafiles to install"
+ exit 0
fi
case "${AMD64UCODE_INITRAMFS}" in
@@ -48,11 +47,11 @@
verbose "disabled by ${AMD64UCODE_CONFIG}"
exit 0
;;
- early)
- echo "W: amd64-microcode: early mode not supported, forcing late
initramfs mode" >&2
- AMD64UCODE_INITRAMFS=yes
+ auto|early)
;;
- yes|1|auto)
+ yes|1)
+ echo "W: amd64-microcode: initramfs mode not supported, using
early-initramfs mode" >&2
+ AMD64UCODE_INITRAMFS=early
;;
*)
echo "E: amd64-microcode: invalid AMD64UCODE_INITRAMFS, using
automatic mode" >&2
@@ -60,39 +59,69 @@
esac
if [ "${AMD64UCODE_INITRAMFS}" = "auto" ] ; then
- grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD"
/proc/cpuinfo || {
- verbose "no AMD processors detected, nothing to do"
- exit 0
- }
+ grep -q "^vendor_id[[:blank:]]*:[[:blank:]]*.*AuthenticAMD" /proc/cpuinfo
|| {
+ verbose "no AMD processors detected, nothing to do"
+ exit 0
+ }
fi
-# See Debian bug #716917. Blacklist all non-LTS/non-Debian kernel versions
-# before kernel 3.4 Only known-bad kernel is 2.6.38.
-#
-# This doesn't blacklist early kernels in the LTS branches, we don't have
enough
-# information at the initramfs-tools layer, due to the way Debian and Ubuntu
version
-# kernel packages.
-
-if dpkg --compare-versions "${version}" le 3.4 && \
- { dpkg --compare-versions "${version}" lt 2.6.32 || \
- { dpkg --compare-versions "${version}" ge 2.6.33 && dpkg
--compare-versions "${version}" lt 3.0 ; } || \
- { dpkg --compare-versions "${version}" ge 3.1 && dpkg --compare-versions
"${version}" lt 3.2 ; } || \
- dpkg --compare-versions "${version}" ge 3.3 ; \
- }; then
- echo "E: amd64-microcode: unsupported kernel version!" >&2
- exit 0
+# whitelist AMD early updates for kernels 3.14 and later
+if dpkg --compare-versions "${version}" lt 3.14 ; then
+ echo "E: amd64-microcode: unsupported kernel version!" >&2
+ exit 0
fi
-verbose "installing all microcode datafiles for AMD64 processors"
+verbose "installing AMD64 microcode into the early initramfs..."
+
+# set during package build to the date from the package *version*
+CHANGELOG_TS=@CHANGELOG_TS@
+
+EFWD=$(mktemp -d "${TMPDIR:-/var/tmp}/mkinitramfs-EFW_XXXXXXXXXX") || {
+ echo "E: amd64-microcode: cannot create temporary directory" >&2
+ exit 1
+}
+# paranoia
+[ ! -d "${EFWD}" ] && {
+ echo "E: amd64-microcode: mktemp -d malfunction" >&2
+ exit 1
+}
-# Generate firmware dir
-mkdir -m 755 -p "${DESTDIR}${AUCODE_FW_DIR}" || true
-cp -fr "${AUCODE_FW_DIR}/." "${DESTDIR}${AUCODE_FW_DIR}/."
-
-if ! rmdir "${DESTDIR}${AUCODE_FW_DIR}" 2>/dev/null ; then
- # The directory was not empty, so we have work to do
- verbose "installing AMD64 processor microcode update support into
initramfs..."
- force_load microcode
+EFWE="${EFWD}/early-initramfs.cpio"
+
+EFWCD="${EFWD}/d/kernel/x86/microcode"
+EFWF="${EFWCD}/AuthenticAMD.bin"
+
+# note: to build a reproducible early initramfs, we force
+# the microcode component ordering inside the microcode
+# firmware file, as well as the timestamp and ordering of
+# all cpio members.
+mkdir -p "${EFWCD}" && \
+ find "${AUCODE_FW_DIR}/." -maxdepth 1 -type f -print0 | LC_ALL=C sort -z |
xargs -0 -r cat 2>/dev/null >"${EFWF}" && \
+ find "${EFWD}" -print0 | xargs -0r touch --no-dereference
--date="@${CHANGELOG_TS}" && { \
+ # --reproducible requires cpio >= 2.12
+ cpio --usage | grep -qs -- "--reproducible" &&
cpio_reproducible="--reproducible" || true
+ } && test -s "${EFWF}" && \
+ ( cd "${EFWD}/d" ; find . -print0 | LC_ALL=C sort -z | cpio --null
$cpio_reproducible -R 0:0 -H newc -o --quiet > "${EFWE}" ) \
+&& prepend_earlyinitramfs "${EFWE}" || {
+ # something failed somewhere in that pipeline
+ [ -d "${EFWD}" ] && rm -fr "${EFWD}"
+ echo "E: amd64-microcode: failed to create or prepend the early initramfs
to the initramfs" >&2
+ exit 0
+}
+
+[ -d "${EFWD}" ] && rm -fr "${EFWD}"
+
+# attempt to load microcode module to get proper logging.
+# microcode support cannot be made modular since Linux 4.4
+
+if dpkg --compare-versions "${version}" lt 4.4 ; then
+ manual_add_modules microcode && {
+ # force_load has broken semanthics when the .ko file is missing
+ find "${DESTDIR}/${MODULESDIR}" -type f -print | grep -qc
'/microcode\.ko$' && {
+ verbose "modular microcode driver detected"
+ force_load microcode
+ }
+ }
fi
:
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/initramfs.init-premount
amd64-microcode-3.20191218.1+deb8u1/debian/initramfs.init-premount
--- amd64-microcode-2.20160316.1~deb8u1/debian/initramfs.init-premount
2016-03-19 16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/initramfs.init-premount
1970-01-01 00:00:00.000000000 +0000
@@ -1,63 +0,0 @@
-#!/bin/sh
-# amd64-microcode initramfs-tools boot script
-# Copyright (C) 2012,2013 Henrique de Moraes Holschuh <[email protected]>
-# Released under the GPL v2 or later license
-#
-# Triggers kernel firmware update requests for processor microcode
-# when required.
-#
-
-# dependencies: firmware loader, microcode kernel support (built-in/module)
-
-PREREQ=""
-
-prereqs()
-{
- echo "$PREREQ"
-}
-
-case $1 in
-prereqs)
- prereqs
- exit 0
- ;;
-esac
-
-# hack to strip spaces
-is_amd()
-{
- [ "x$1" = "xvendor_id" ] && [ "x$2" = "xAuthenticAMD" ] && HAS_AMD=1
-}
-
-# Only continue if we do possibly have firmware to install
-[ -d /lib/firmware/amd-ucode ] || exit 0
-
-# module load will already have caused the microcode to be fetched
-{ while read -r module trash ; do [ "x$module" = "xmicrocode" ] && exit 0 ;
done ; } < /proc/modules
-
-# don't run on non-AMD
-HAS_AMD=0
-{ while IFS=: read -r field value ; do is_amd $field $value ; done ; } <
/proc/cpuinfo
-[ $HAS_AMD -eq 0 ] && exit 0;
-
-. /scripts/functions
-
-if [ -e /sys/devices/system/cpu/microcode/reload ] ; then
- echo 1 > /sys/devices/system/cpu/microcode/reload || {
- log_warning_msg "could not update the microcode of every processor"
- }
-else
- # Try all online processors, broken kernels need this,
- # fixed kernels will accept it only on the BSP and update
- # all processors anyway, and -EINVAL all others... but we
- # don't know which one is the BSP, so we try all of them
- # and hide errors, the kernel will log any real problem.
-
- log_begin_msg "Requesting microcode update using per-core interface"
- for i in /sys/devices/system/cpu/cpu[0-9]*/microcode/reload ; do
- echo 1 2>/dev/null > "$i" || true
- done
- log_end_msg
-fi
-
-:
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/install
amd64-microcode-3.20191218.1+deb8u1/debian/install
--- amd64-microcode-2.20160316.1~deb8u1/debian/install 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/install 1970-01-01
00:00:00.000000000 +0000
@@ -1,2 +0,0 @@
-microcode_amd.bin /lib/firmware/amd-ucode
-microcode_amd_fam*.bin /lib/firmware/amd-ucode
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/modprobe-blacklist
amd64-microcode-3.20191218.1+deb8u1/debian/modprobe-blacklist
--- amd64-microcode-2.20160316.1~deb8u1/debian/modprobe-blacklist
2016-03-19 16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/modprobe-blacklist
1970-01-01 00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-# The microcode module attempts to apply a microcode update when
-# it autoloads. This is not always safe, so we block it by default.
-blacklist microcode
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/postinst
amd64-microcode-3.20191218.1+deb8u1/debian/postinst
--- amd64-microcode-2.20160316.1~deb8u1/debian/postinst 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/postinst 1970-01-01
00:00:00.000000000 +0000
@@ -1,46 +0,0 @@
-#!/bin/sh
-# postinst script for amd64-microcode
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
- configure)
- # do it like udev and firmware-linux-*
- if [ -x /usr/sbin/update-initramfs ] && [ -e
/etc/initramfs-tools/initramfs.conf ] ; then
- update-initramfs -u && {
- echo "amd64-microcode: microcode will be updated at next boot"
>&2
- }
- else
- echo "amd64-microcode: initramfs support missing" >&2
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/postrm
amd64-microcode-3.20191218.1+deb8u1/debian/postrm
--- amd64-microcode-2.20160316.1~deb8u1/debian/postrm 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/postrm 1970-01-01
00:00:00.000000000 +0000
@@ -1,42 +0,0 @@
-#!/bin/sh
-# postrm script for amd64-microcode
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postrm> `remove'
-# * <postrm> `purge'
-# * <old-postrm> `upgrade' <new-version>
-# * <new-postrm> `failed-upgrade' <old-version>
-# * <new-postrm> `abort-install'
-# * <new-postrm> `abort-install' <old-version>
-# * <new-postrm> `abort-upgrade' <old-version>
-# * <disappearer's-postrm> `disappear' <overwriter>
-# <overwriter-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
- purge|remove)
- if [ -x /usr/sbin/update-initramfs -a -e
/etc/initramfs-tools/initramfs.conf ] ; then
- update-initramfs -u
- fi
- ;;
-
- upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff -Nru amd64-microcode-2.20160316.1~deb8u1/debian/rules
amd64-microcode-3.20191218.1+deb8u1/debian/rules
--- amd64-microcode-2.20160316.1~deb8u1/debian/rules 2016-03-19
16:43:16.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/debian/rules 2019-12-20
21:33:42.000000000 +0000
@@ -1,6 +1,6 @@
#!/usr/bin/make -f
# debian/rules for amd64-microcode
-# Copyright (C) 2012-2014 by Henrique de Moraes Holschuh
+# Copyright (C) 2012-2016 by Henrique de Moraes Holschuh
# Published under the GNU GPL license version 2 or any later versions
PACKAGE := amd64-microcode
@@ -13,52 +13,21 @@
# Work around Debian bug #688794
INITRAMFS_NAME := $(subst -,_,$(subst +,_,$(subst .,_,$(PACKAGE))))
-build-indep:
+# For reproducible builds...
+CHANGELOG_TS :=$(shell date -u +%s --date=$(shell dpkg-parsechangelog | sed -n
-e "/^Version:/ {s/.*\.\([0-9]\{8\}\)\..*/\1/;p}"))
-build-arch:
+%:
+ dh $@
-build:
-
-clean:
- dh_testdir
- dh_testroot
- dh_clean
-
-install:
+override_dh_auto_install:
dh_testdir
- dh_testroot
- dh_prep
- dh_installdirs
dh_install
-
mkdir -p "$(PKGDIR)/usr/share/initramfs-tools/hooks"
- install -m 755 "$(DEBDIR)/initramfs.hook" \
- "$(PKGDIR)/usr/share/initramfs-tools/hooks/$(INITRAMFS_NAME)"
- mkdir -p "$(PKGDIR)/usr/share/initramfs-tools/scripts/init-premount"
- install -m 755 "$(DEBDIR)/initramfs.init-premount" \
-
"$(PKGDIR)/usr/share/initramfs-tools/scripts/init-premount/$(INITRAMFS_NAME)"
-
+ sed -e "s/@CHANGELOG_TS@/$(CHANGELOG_TS)/g" \
+ <"$(DEBDIR)/initramfs.hook" \
+ >"$(PKGDIR)/usr/share/initramfs-tools/hooks/$(INITRAMFS_NAME)"
+ chmod 755 "$(PKGDIR)/usr/share/initramfs-tools/hooks/$(INITRAMFS_NAME)"
# We have a /etc/default file, but no initscript
- install -m 644 "$(DEBDIR)/default" "$(PKGDIR)/etc/default/$(PACKAGE)"
-
+ install -m 644 "$(DEBDIR)/$(PACKAGE).default"
"$(PKGDIR)/etc/default/$(PACKAGE)"
# modprobe.d blacklist
- install -m 644 "$(DEBDIR)/modprobe-blacklist"
"$(PKGDIR)/etc/modprobe.d/$(PACKAGE)-blacklist.conf"
-
-binary: install
- dh_testdir
- dh_testroot
- dh_installdocs
- dh_installchangelogs
- dh_lintian
- dh_compress
- dh_fixperms
- dh_installdeb
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary-indep:
-
-binary-arch: binary
-
-.PHONY: build clean binary install binary-arch binary-indep
+ install -m 644 "$(DEBDIR)/$(PACKAGE).modprobe-blacklist"
"$(PKGDIR)/etc/modprobe.d/$(PACKAGE)-blacklist.conf"
Binary files
/tmp/8uFBpXBKYa/amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam15h.bin
and
/tmp/nU5yTklKkn/amd64-microcode-3.20191218.1+deb8u1/microcode_amd_fam15h.bin
differ
diff -Nru amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam15h.bin.asc
amd64-microcode-3.20191218.1+deb8u1/microcode_amd_fam15h.bin.asc
--- amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam15h.bin.asc
2016-03-19 17:21:48.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/microcode_amd_fam15h.bin.asc
2019-12-20 21:12:55.000000000 +0000
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-iQEcBAABAgAGBQJW6d1MAAoJEOS+UznzKK5zSxkH+gJLffKGRM9BHe0D0/fkb0Gs
-FZVp0eUNREOQoYwHJq9Ms1RebaZJkaUnd8SXCODJrqxDsxqUgunUtP6Qfh3Ru6fV
-n0wgFVISKSQVLDP+I/ANFbWA2KhV5e4LuLQp5cDSItv6916kmNlM5kxtJ5QBrNXu
-kr5bNReYgYTl7PSoCPuPfVILToG0ltZQMdKI1GImRCMVrYjGMbv8EyUC3r8ZbChG
-Lv6K0AsULA81lXBAW0JYlxu6cNv1MJ3mxttwCswaJNcd+Y11ZQA8r2sjJoWbNSlS
-nsDPLsUKE/RsW9MlMxiI2Jqo9PrZz923bu/cWMU1FPp+cJII0T7idWGUTVhQjc8=
-=MTxP
+iQEcBAABAgAGBQJbB09SAAoJEOS+UznzKK5z8kAIAK1In82D88fGFbhluAl13UFu
+rs8BhXKL2w7B2KAspBNTmYpIQnfvVDrZzn6t6nqssuJ4bnWH8sf0mC/w5dSQLG4M
+WdpDd+qkdkDGJFlbl3zkr14Q7ZCQPV44pT7BOF07VPflOeQQjRWug9cdyqRIfO4n
+XGR5wvBOJZ2BlriRkYagQHn6iB/UJWXodmTr8CRGIHTApQg6K0NPNvmbwa/W5Z9X
+bS6eniACMfFDH7NXG2uTpFiGa3DYbDyNZiZeM7Uv3BFxtAOGY8vTFghtRyk0qxAl
+o6d8fT6ozkTUxE40Lgb6MegDJPwJ+uDfB7jKVPnYsbDAp6K7L8k/7PQQQRJ69Pc=
+=k2EA
-----END PGP SIGNATURE-----
Binary files
/tmp/8uFBpXBKYa/amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam17h.bin
and
/tmp/nU5yTklKkn/amd64-microcode-3.20191218.1+deb8u1/microcode_amd_fam17h.bin
differ
diff -Nru amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam17h.bin.asc
amd64-microcode-3.20191218.1+deb8u1/microcode_amd_fam17h.bin.asc
--- amd64-microcode-2.20160316.1~deb8u1/microcode_amd_fam17h.bin.asc
1970-01-01 00:00:00.000000000 +0000
+++ amd64-microcode-3.20191218.1+deb8u1/microcode_amd_fam17h.bin.asc
2019-12-20 21:33:52.000000000 +0000
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAl35JHMACgkQ5L5TOfMo
+rnMUEAgAkjo5AlcQNp42b/JCJFYxVn9iaPsLrJ83yfDceMn4su30oErnlyXf8sYR
+vphA+qkowfcpT2ZUngMxxywW6mRnvErx2RfT7UM1kRjDnLcJPHWu3e4gBg/fcsxF
+D0H7FkZkSo/bRo0O04TeujNawvL7rTvwIgPHXVQ3n0IkLLRvyz8R5B4oxiybOm7D
+hW08eshMgsBPNypbgO3rtsDwrM3Md/qoIC55wnrqI7N0Qul3oe+ORNx4PdcWYcey
+yfpjAaiYEot24WIWLBzd95lzCircEuPfL12gxKE7MwwHD/8mjj8R7aB/J/oKSSyU
+o3ffWPN+V+9nqKGlJlVrbAYz/6kucA==
+=Z0EC
+-----END PGP SIGNATURE-----
signature.asc
Description: OpenPGP digital signature
