On 20/10/2025 2:19 pm, Andrew Cooper wrote: > When Entrysign has been mitigated in firwmare, it is believed to be safe to > pass blobs to the CPU again. This avoids us needing to update the digest > table for new microcodes. > > Relax the digest check when firmware looks to be up to date, and leave behind > a clear message when not. > > This is best-effort only. If a malicious microcode has been loaded prior to > Xen running, then all bets are off. > > Signed-off-by: Andrew Cooper <[email protected]> > --- > CC: Jan Beulich <[email protected]> > CC: Roger Pau Monné <[email protected]> > > I need to double check the revision table. I think I need to submit a > correction to Linux first.
Yes. https://lore.kernel.org/lkml/[email protected]/T/#u Also there's a general off-by-one error in the revisions, owing to a difference in how Linux and Xen are using the boundaries. Both fixed locally for v2. ~Andrew
