Version in base suite: 3.20240820.1~deb12u1 Base version: amd64-microcode_3.20240820.1~deb12u1 Target version: amd64-microcode_3.20250311.1~deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/non-free-firmware/a/amd64-microcode/amd64-microcode_3.20240820.1~deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/non-free-firmware/a/amd64-microcode/amd64-microcode_3.20250311.1~deb12u1.dsc /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin |binary /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin |binary /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam19h_model0xh.sbin |binary /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam19h_model1xh.sbin |binary /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam19h_modelaxh.sbin |binary /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam1ah_model0xh.sbin |binary amd64-microcode-3.20250311.1~deb12u1/README | 35 +++++++ amd64-microcode-3.20250311.1~deb12u1/amd-ucode/README | 17 +++ amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin.asc | 16 +-- amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin.asc | 16 +-- amd64-microcode-3.20250311.1~deb12u1/debian/changelog | 45 ++++++++++ 11 files changed, 112 insertions(+), 17 deletions(-) diff -Nru amd64-microcode-3.20240820.1~deb12u1/README amd64-microcode-3.20250311.1~deb12u1/README --- amd64-microcode-3.20240820.1~deb12u1/README 2024-08-24 12:22:19.000000000 +0000 +++ amd64-microcode-3.20250311.1~deb12u1/README 2025-06-20 14:34:46.000000000 +0000 @@ -11,6 +11,41 @@ latest commits in this release: +commit 3660cb7665df91e664b240c19c560f138d74f483 +Author: John Allen +Date: Wed Feb 19 20:29:05 2025 +0000 + + linux-firmware: Update AMD SEV firmware + + Update AMD SEV firmware to version 1.55 build 29 for AMD family 19h processors + with models in the range 00h to 0fh. + + Update AMD SEV firmware to version 1.55 build 39 for AMD family 19h processors + with models in the range 10h to 1fh. + + Update AMD SEV firmware to version 1.55 build 39 for AMD family 19h processors + with models in the range a0h to afh. + + Add AMD SEV firmware version 1.55 build 54 for AMD family 1ah processors with + models in the range 00h to 0fh. + + Signed-off-by: John Allen + +commit 48bb90cceb882cab8e9ab692bc5779d3bf3a13b8 +Author: John Allen +Date: Thu Nov 21 10:22:38 2024 -0600 + + linux-firmware: Update AMD cpu microcode + + * Update AMD cpu microcode for processor family 17h + * Update AMD cpu microcode for processor family 19h + + Key Name = AMD Microcode Signing Key (for signing microcode container files only) + Key ID = F328AE73 + Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73 + + Signed-off-by: John Allen + commit ace84e6edc27bcba8e44ba8588e93a4c74a4fba1 Author: John Allen Date: Tue Aug 20 18:26:55 2024 +0000 Binary files /srv/release.debian.org/tmp/MJE29BTRpV/amd64-microcode-3.20240820.1~deb12u1/amd/amd_sev_fam19h_model0xh.sbin and /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam19h_model0xh.sbin differ Binary files /srv/release.debian.org/tmp/MJE29BTRpV/amd64-microcode-3.20240820.1~deb12u1/amd/amd_sev_fam19h_model1xh.sbin and /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam19h_model1xh.sbin differ Binary files /srv/release.debian.org/tmp/MJE29BTRpV/amd64-microcode-3.20240820.1~deb12u1/amd/amd_sev_fam19h_modelaxh.sbin and /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam19h_modelaxh.sbin differ Binary files /srv/release.debian.org/tmp/MJE29BTRpV/amd64-microcode-3.20240820.1~deb12u1/amd/amd_sev_fam1ah_model0xh.sbin and /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd/amd_sev_fam1ah_model0xh.sbin differ diff -Nru amd64-microcode-3.20240820.1~deb12u1/amd-ucode/README amd64-microcode-3.20250311.1~deb12u1/amd-ucode/README --- amd64-microcode-3.20240820.1~deb12u1/amd-ucode/README 2024-08-11 22:42:33.000000000 +0000 +++ amd64-microcode-3.20250311.1~deb12u1/amd-ucode/README 2025-06-20 14:34:46.000000000 +0000 @@ -30,20 +30,35 @@ Microcode patches in microcode_amd_fam16h.bin: Family=0x16 Model=0x00 Stepping=0x01: Patch=0x0700010f Length=3458 bytes + Microcode patches in microcode_amd_fam17h.bin: + Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034 Length=3200 bytes Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f Length=3200 bytes Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c Length=3200 bytes + Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d Length=3200 bytes Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes - Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a Length=3200 bytes + Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108 Length=3200 bytes Microcode patches in microcode_amd_fam19h.bin: Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a Length=5568 bytes + Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005 Length=5568 bytes + Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206 Length=5568 bytes + Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c Length=5568 bytes Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 Length=5568 bytes Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 Length=5568 bytes + Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107 Length=5568 bytes + Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007 Length=5568 bytes + Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d Length=5568 bytes + Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 Length=5568 bytes Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 Length=5568 bytes + Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209 Length=5568 bytes Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 Length=5568 bytes Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes + Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108 Length=5568 bytes + Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011 Length=5568 bytes + Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210 Length=5568 bytes NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0), either AGESA version >= 1.0.0.8 OR a kernel with the following commit is Binary files /srv/release.debian.org/tmp/MJE29BTRpV/amd64-microcode-3.20240820.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin and /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin differ diff -Nru amd64-microcode-3.20240820.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin.asc amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin.asc --- amd64-microcode-3.20240820.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin.asc 2024-08-11 22:42:33.000000000 +0000 +++ amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam17h.bin.asc 2025-06-20 14:34:46.000000000 +0000 @@ -1,11 +1,11 @@ -----BEGIN PGP SIGNATURE----- -iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmX+B5wACgkQ5L5TOfMo -rnOyEQgAjcQdiUYTOecifIkRdvIotUmd0rYG4Y4atXIkcMKpuZXY3ipiIJQTi+zb -fsTrrzqvfdS0FeG9GPePsgZwBvUCbvxbW+I2ffw4KXmZQh7J0WE3qYAEx3uV3IaE -UtV6yM9OW6EEFuIwx8m2LQsl3bP6X/Cwgf3DEHlsVZzDexrYNU9lP/BkujpO0m/q -s8PanPluQqesoaOm+DAQnceMC4r1jpfeZ3DShvyGqaNzB9HeOE2uQEfWW69cfkU9 -n3Lsqxjgl45EmKyNqqy5o3uMBwMJzl0jW2NR5k80+H65hv4Skclk6YCz651zx9C5 -bisCiEwf4gg7ffQPLYW9MCsK3yjTaQ== -=vQEt +iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmc/W5AACgkQ5L5TOfMo +rnN+IQf/SpWITbAMKm22ZkUs6NOwgOV3bKx6D38BPQ3MRwAzfN8nTT9h33tlw0rc +XdxdzfyRh+FJcweQHVOzLMLtUH6GwTFfGphjDBEFAhNLMZoeD29Z98IDaOQfWSJ2 +geGlZY7tfNZycN/NCYJqRON3MmpqAqoILp1tuck5JU+eQzcCGW5nn96LeAQc7Cin +8q4X3FvYbRIGuiChSF3R9yxPIVtY1Pps/gtg9j0Q5zXBWN3Yb3OcRPCZi4xjZmDg +FfYg79UzB2eM+HdoQ+ymqRgySLIqunBxcNP8pOkyrW0lxLEIhqj7TE++M6om/mwT +pzUx+Q7L5FS9b/n3c7Hw0esH6yztcA== +=1U/Y -----END PGP SIGNATURE----- Binary files /srv/release.debian.org/tmp/MJE29BTRpV/amd64-microcode-3.20240820.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin and /srv/release.debian.org/tmp/2Nh7enMvsD/amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin differ diff -Nru amd64-microcode-3.20240820.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin.asc amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin.asc --- amd64-microcode-3.20240820.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin.asc 2024-08-11 22:42:33.000000000 +0000 +++ amd64-microcode-3.20250311.1~deb12u1/amd-ucode/microcode_amd_fam19h.bin.asc 2025-06-20 14:34:46.000000000 +0000 @@ -1,11 +1,11 @@ -----BEGIN PGP SIGNATURE----- -iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmX9xsgACgkQ5L5TOfMo -rnP2aQf/QBOiKUZsrVIbnn0+Ls84yDYovoesYriy1rbK+K5CVRb/0iqoFn5xKIu6 -bvyHN0fnj7Ko+oedNvcRCmlu+jiw08s3WArQb6r3fK4QT/2Wj2f+qX14uoFuCGUd -QgZTc4hZxNxSZBbQuKVbtDmT0iFtV0jKBp/ajdYD9++rA+VcIemKtwX/sxEZnUFi -fXg016uAs/Q9LQ5KWvz3VhFz2G77BEXjDIJNAHSVCxmWCvsd05kf1SbXUswlj/T8 -JtuH840zfZicZEk8e3grO4fSywLyrZCjqATSXa+XY63thCIglM9c6V+EBL3jGXxh -Cs2tZH8/ge+tL/UBBJ8FdOZcVSpkeQ== -=HHoV +iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmc/W4EACgkQ5L5TOfMo +rnPSAwf/UozBxuAEmSJMgUE3CVKyuvs0VpI1fvUpybW5Dqgz+6DLXtLJBFQLjLn1 +UlxhkHmiZ63QXazpu3QUBGUkUh5fpKDsn8P1XVRPTtOc4IMsWVlCh3RJwFpmQRqW +8h30WDwxRzIb0VvGg8bclLGH/t1dozagk87eYbq9sz8I/qV9P/kd/BFifNSqANOq +xQmb9oNFu3JuFHqNoLdR02dQ9T/l21TDoLQwjjyFwAY8B1JNQTjTlq6brfnOKICu +SRF3PMAS+EOwplGtgUXYhgYBHNikKM9Vk7Ua3DFxcMm1ZKhL3Z+O0OloLapLaR3x +HEivYRaVoKdVNZfl4rMsjyp7fnU07w== +=ex8u -----END PGP SIGNATURE----- diff -Nru amd64-microcode-3.20240820.1~deb12u1/debian/changelog amd64-microcode-3.20250311.1~deb12u1/debian/changelog --- amd64-microcode-3.20240820.1~deb12u1/debian/changelog 2024-08-24 12:24:14.000000000 +0000 +++ amd64-microcode-3.20250311.1~deb12u1/debian/changelog 2025-06-20 14:36:35.000000000 +0000 @@ -1,3 +1,48 @@ +amd64-microcode (3.20250311.1~deb12u1) bookworm; urgency=medium + + * Rebuild for bookworm (revert merged-usr changes from unstable) + + -- Henrique de Moraes Holschuh Fri, 20 Jun 2025 11:36:35 -0300 + +amd64-microcode (3.20250311.1) unstable; urgency=medium + + * Update package data from linux-firmware 20250311 + * New AMD-SEV firmware from AMD upstream (20250221) + * SECURITY UPDATE (AMD-SB-3019 / CVE-2024-56161): + Update remote attestation to be compatible with AMD systems with + up-to-date firmware (i.e. which fixes "EntrySign"), and update + AMD-SEV for AMD-SB-3019 mitigations. Note that this AMD-SEV + update DOES NOT FIX the microcode "EntrySign" vulnerability. + (closes: #1095470) + + Updated SEV firmware: + Family 17h models 30h-3fh: version 0.24 build 20 + Family 19h models 00h-0fh: version 1.55 build 29 + Family 19h models 10h-1fh: version 1.55 build 39 + Family 19h models a0h-afh: version 1.55 build 39 + + New SEV firmware: + Family 1ah models 00h-0fh: version 1.55 build 54 + * New AMD microcode updates from AMD upstream (20241121) + + Add patches for many (non-server) family 19h processors + * Updated Microcode patches: + + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a + * New Microcode patches: + + Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d + + Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108 + + Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034 + + Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c + + Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108 + + Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d + + Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210 + + Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107 + + Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011 + + Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209 + + Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107 + + Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206 + + Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007 + + Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005 + + -- Henrique de Moraes Holschuh Sun, 23 Mar 2025 21:13:20 -0300 + amd64-microcode (3.20240820.1~deb12u1) bookworm; urgency=medium * Rebuild for bookworm (revert merged-usr changes from unstable)