On the kernel code supporting multiple microcodes, since we're generating an initrd per kernel image, wouldn't it suffice to ensure that the microcode attached to the initrd is supported by the associated kernel image?
Regarding the package relationships, I agree that it'd be ideal if we could avoid changing them. A benefit I can see, however, is that installing an updated amd64-microcode package could lead to a false sense of security, because it's useless without a kernel image that has its hash. On the other hand, it's also useless unless that kernel is booted with its associated initrd. Random thought: what about UKIs? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130658 Title: hashed microcode updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2130658/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
