Alternatively, it could be that NDA is required not exactly to get these updated microcode files for our a-bit-old CPUs, but to understand - against what vulnerabilities these microcodes are trying to give the protection. Maybe there are some secret release notes that usually come with these microcodes to the OEMs. If you would look at the commit message which came with 15h/17h files, you would not notice any mention of the vulnerabilities and spectre - or any other mention of what has been changed or improved. Its "just an update" - https://marc.info/?l=linux-kernel&m=152651230014241&w=2 . More messages from this author - https://marc.info/?a=137244797100003&r=1&w=2
Best regards, Ivan 2018-05-22 15:34 GMT+03:00 Ivan Ivanov <qmaster...@gmail.com>: > I think: at the moment, the only possible way to become confident that > a new 15h microcode at linux-firmware.git is the same (or at least > close to being the same) as being offered to us under an NDA, without > signing this NDA, is to install this microcode to your coreboot and > then run some tests to see the degree of vulnerability to the various > spectres. Also, that AMD person has uploaded only 15h and 17h - > meanwhile, there are some nice desktop coreboot-supported 16h boards > like ASUS AM1I-A (they are early-16h so they do not have PSP backdoor, > only late-16h has), and these 16h boards are still vulnerable. I will > try to contact to "remind" about 16h. Maybe they don't share the > microcodes publicly until they have fully tested them, and NDA is a > way for OEMs to get the not-publicly-released-yet microcodes to test > on their hardware. It could be that AMD's guidelines require fully > testing a new microcode at all the compatible platforms before > releasing it publicly even if its just a matter of setting a few bits > - to make sure that all the other functions are still working > correctly > > Best regards, > Ivan > > 2018-05-22 8:19 GMT+03:00 taii...@gmx.com <taii...@gmx.com>: >> *ML thread reply* >> Hey guys you can install the latest microcode now from linux-firmware, >> no NDA or w/e I believe this is the latest version. >> See my thread on the coreboot ML for more info. >> >> Remember folks the G505S has a piledriver cpu and thus it NEEDS a >> microcode update to have IOMMU (and thus work for V4) and be secure due >> to various exploits. >> >> before: >> microcode: CPU0 patch_level=0x0600084f >> >> after: >> microcode: CPU0: new patch_level=0x06000852 >> >> I think this is the latest version but I don't know for sure. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "qubes-users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/qubes-users/WEppbuqRpfY/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> qubes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to qubes-users@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/e14e74a7-044f-41c2-0dad-90438aacc1cf%40gmx.com. >> For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAaskFD7KPUiVOBJFCgN2JprZ1oB2Yr2CPh4Z3bkLcrynqRFgA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
