[Bug 2112488] Re: amdtee firmwares provided by both amd64-microcode and linux-firmware
Andreas Hasenack
2112488 at bugs.launchpad.net
Tue Aug 5 12:03:52 UTC 2025
This is an unfortunate situation. We strive to have the bug fixed in
later releases all the way up to devel before the SRU is released. But
here we have to weigh in the following:
- there is a big benefit in releasing this set of fixes for noble now, as the 24.04.3 release is imminent, and this relates to hardware support.
- there is also some risk in only releasing the kernel part for noble, and keeping the firmware at an older version.
- plucky is an interim release, and upgrades from noble by default to not go to interim releases. That being said, it's still a violation of the SRU policy to release a fix for noble while the fix is not yet in plucky
- to minimize that a bit, we will still pursue the fix and verification for plucky for these bugs in a timely manner
To summarize, blocking these fixes for noble users because the plucky
ones aren't ready yet, at the time of a point release, seems less
beneficial. We apologize to plucky users who mightAC still be affected
by these bugs, and also do noble users who decide to upgrade to plucky
and will see a temporary regression. Any help we can get to expedite the
plucky fixes and their verification is most welcome, as these bugs
require specific hardware for verification.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2112488
Title:
amdtee firmwares provided by both amd64-microcode and linux-firmware
Status in amd64-microcode package in Ubuntu:
Invalid
Status in linux-firmware package in Ubuntu:
Fix Released
Status in linux-firmware source package in Noble:
Fix Committed
Status in linux-firmware source package in Oracular:
Won't Fix
Status in linux-firmware source package in Plucky:
Fix Committed
Status in linux-firmware source package in Questing:
Fix Released
Bug description:
[Impact]
AMD TEE firmware is provided by both linux-firmware and
amd64-microcode. We've been 'lucky' so far that there's no file
collision because linux-firmware provides compressed blobs and
amd64-microcode doesn't. But that also means that the compressed blobs
(from the wrong package) are used.
[Fix]
Don't ship AMD TEE firmware with linux-firmware.
[Test Case]
Inspect package content and verify that it doesn't provide
/usr/lib/amdtee firmware.
[Where Problems Could Occur]
initramfs could contain wrong amdtee firmware and kernel could load
wrong firmware. This can result in the usual kernel firmware problems:
Unpatched issues due to wrong firmware loaded, kernel crashes, oops,
hangs, ...
[Original Description]
Hi,
the amdtee firmwares are provided both by amd64-microcode:
$ dpkg -L amd64-microcode | grep amdtee
/usr/lib/firmware/amdtee
/usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
/usr/lib/firmware/amdtee/amd_pmf_v3.bin
and by linux-firmware:
$ dpkg -L linux-firmware | grep amdtee
/lib/firmware/amdtee
/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst
/lib/firmware/amdtee/amd_pmf_v3.bin.zst
- one compressed and the other uncompressed
- one in /lib and the other in /usr/lib
Would it be possible to better coordinate both packages?
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: amd64-microcode 3.20240820.1ubuntu1
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5.1
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Wed Jun 4 18:29:30 2025
SourcePackage: amd64-microcode
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2112488/+subscriptions
More information about the foundations-bugs
mailing list