[Bug 2112488] Re: amdtee firmwares provided by both amd64-microcode and linux-firmware

Juerg Haefliger 2112488 at bugs.launchpad.net
Tue Aug 5 07:41:51 UTC 2025 

1. Verified that current linux-firmware from plucky-updates *does*
provide amdtee firmware:

$ apt-cache policy linux-firmware
linux-firmware:
  Installed: 20250317.git1d4c88ee-0ubuntu1.3
  Candidate: 20250317.git1d4c88ee-0ubuntu1.3
  Version table:
     20250317.git1d4c88ee-0ubuntu1.4 100
        100 http://ch.archive.ubuntu.com/ubuntu plucky-proposed/main amd64 Packages
 *** 20250317.git1d4c88ee-0ubuntu1.3 500
        500 http://ch.archive.ubuntu.com/ubuntu plucky-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu plucky-security/main amd64 Packages
        100 /var/lib/dpkg/status
     20250317.git1d4c88ee-0ubuntu1 500
        500 http://ch.archive.ubuntu.com/ubuntu plucky/main amd64 Packages
$ dpkg -L linux-firmware | grep amdtee
/lib/firmware/amdtee
/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst
/lib/firmware/amdtee/amd_pmf_v3.bin.zst
$


2. Installed linux-firmware 20250317.git1d4c88ee-0ubuntu1.4 from plucky-proposed:

$ sudo apt install linux-firmware/plucky-proposed
<snip>
$ apt-cache policy linux-firmware
linux-firmware:
  Installed: 20250317.git1d4c88ee-0ubuntu1.4
  Candidate: 20250317.git1d4c88ee-0ubuntu1.4
  Version table:
 *** 20250317.git1d4c88ee-0ubuntu1.4 100
        100 http://ch.archive.ubuntu.com/ubuntu plucky-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     20250317.git1d4c88ee-0ubuntu1.3 500
        500 http://ch.archive.ubuntu.com/ubuntu plucky-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu plucky-security/main amd64 Packages
     20250317.git1d4c88ee-0ubuntu1 500
        500 http://ch.archive.ubuntu.com/ubuntu plucky/main amd64 Packages

3. Verified that linux-firmware no longer provides amdtee firmware:

$ dpkg -L linux-firmware | grep amdtee
$


** Tags added: verification-done-plucky

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2112488

Title:
  amdtee firmwares provided by both amd64-microcode and linux-firmware

Status in amd64-microcode package in Ubuntu:
  Invalid
Status in linux-firmware package in Ubuntu:
  Fix Released
Status in linux-firmware source package in Noble:
  Fix Committed
Status in linux-firmware source package in Oracular:
  Won't Fix
Status in linux-firmware source package in Plucky:
  Fix Committed
Status in linux-firmware source package in Questing:
  Fix Released

Bug description:
  [Impact]

  AMD TEE firmware is provided by both linux-firmware and
  amd64-microcode. We've been 'lucky' so far that there's no file
  collision because linux-firmware provides compressed blobs and
  amd64-microcode doesn't. But that also means that the compressed blobs
  (from the wrong package) are used.

  [Fix]

  Don't ship AMD TEE firmware with linux-firmware.

  [Test Case]

  Inspect package content and verify that it doesn't provide
  /usr/lib/amdtee firmware.

  [Where Problems Could Occur]

  initramfs could contain wrong amdtee firmware and kernel could load
  wrong firmware. This can result in the usual kernel firmware problems:
  Unpatched issues due to wrong firmware loaded, kernel crashes, oops,
  hangs, ...

  [Original Description]

  Hi,

  the amdtee firmwares are provided both by amd64-microcode:

  $ dpkg -L amd64-microcode | grep amdtee
  /usr/lib/firmware/amdtee
  /usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
  /usr/lib/firmware/amdtee/amd_pmf_v3.bin

  and by linux-firmware:

  $ dpkg -L linux-firmware | grep amdtee
  /lib/firmware/amdtee
  /lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst
  /lib/firmware/amdtee/amd_pmf_v3.bin.zst

   - one compressed and the other uncompressed
   - one in /lib and the other in /usr/lib

  Would it be possible to better coordinate both packages?

  ProblemType: Bug
  DistroRelease: Ubuntu 25.04
  Package: amd64-microcode 3.20240820.1ubuntu1
  ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
  Uname: Linux 6.14.0-15-generic x86_64
  ApportVersion: 2.32.0-0ubuntu5.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Wed Jun  4 18:29:30 2025
  SourcePackage: amd64-microcode
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2112488/+subscriptions

More information about the foundations-bugs mailing list