[Bug 2112488] Re: amdtee firmwares provided by both amd64-microcode and linux-firmware
Juerg Haefliger
2112488 at bugs.launchpad.net
Fri Jun 20 07:46:52 UTC 2025
** Description changed:
+ [Impact]
+
+ AMD TEE firmware is provided by both linux-firmware and amd64-microcode.
+ We've been 'lucky' so far that there's no file collision because linux-
+ firmware provides a compressed blob and amd64-microcode doesn't. But
+ that also means that the compressed blobs (from the wrong package) are
+ used.
+
+
+ [Fix]
+
+ Don't ship AMD TEE firmware with linux-firmware.
+
+
+ [Test Case]
+
+ Inspect package content and verify that it doesn't not provide
+ /usr/lib/amdtee firmware.
+
+
+ [Where Problems Could Occur]
+
+ initramfs could contain wrong amdtee firmware and kernel could load
+ wrong firmware. This can result in the usual kernel firmware problems:
+ Unpatched issues due to wrong firmware loaded, kernel crashes, oops,
+ hangs, ...
+
+
+ [Original Description]
+
Hi,
the amdtee firmwares are provided both by amd64-microcode:
$ dpkg -L amd64-microcode | grep amdtee
/usr/lib/firmware/amdtee
/usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
/usr/lib/firmware/amdtee/amd_pmf_v3.bin
and by linux-firmware:
$ dpkg -L linux-firmware | grep amdtee
/lib/firmware/amdtee
/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst
/lib/firmware/amdtee/amd_pmf_v3.bin.zst
- - one compressed and the other uncompressed
- - one in /lib and the other in /usr/lib
+ - one compressed and the other uncompressed
+ - one in /lib and the other in /usr/lib
Would it be possible to better coordinate both packages?
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: amd64-microcode 3.20240820.1ubuntu1
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5.1
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Wed Jun 4 18:29:30 2025
SourcePackage: amd64-microcode
UpgradeStatus: No upgrade log present (probably fresh install)
** Description changed:
[Impact]
AMD TEE firmware is provided by both linux-firmware and amd64-microcode.
We've been 'lucky' so far that there's no file collision because linux-
- firmware provides a compressed blob and amd64-microcode doesn't. But
- that also means that the compressed blobs (from the wrong package) are
- used.
-
+ firmware provides compressed blobs and amd64-microcode doesn't. But that
+ also means that the compressed blobs (from the wrong package) are used.
[Fix]
Don't ship AMD TEE firmware with linux-firmware.
-
[Test Case]
- Inspect package content and verify that it doesn't not provide
+ Inspect package content and verify that it doesn't provide
/usr/lib/amdtee firmware.
-
[Where Problems Could Occur]
initramfs could contain wrong amdtee firmware and kernel could load
wrong firmware. This can result in the usual kernel firmware problems:
Unpatched issues due to wrong firmware loaded, kernel crashes, oops,
hangs, ...
-
[Original Description]
Hi,
the amdtee firmwares are provided both by amd64-microcode:
$ dpkg -L amd64-microcode | grep amdtee
/usr/lib/firmware/amdtee
/usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
/usr/lib/firmware/amdtee/amd_pmf_v3.bin
and by linux-firmware:
$ dpkg -L linux-firmware | grep amdtee
/lib/firmware/amdtee
/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst
/lib/firmware/amdtee/amd_pmf_v3.bin.zst
- one compressed and the other uncompressed
- one in /lib and the other in /usr/lib
Would it be possible to better coordinate both packages?
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: amd64-microcode 3.20240820.1ubuntu1
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5.1
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Wed Jun 4 18:29:30 2025
SourcePackage: amd64-microcode
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to amd64-microcode in Ubuntu.
https://bugs.launchpad.net/bugs/2112488
Title:
amdtee firmwares provided by both amd64-microcode and linux-firmware
Status in amd64-microcode package in Ubuntu:
Invalid
Status in linux-firmware package in Ubuntu:
Fix Released
Status in linux-firmware source package in Noble:
In Progress
Status in linux-firmware source package in Oracular:
Won't Fix
Status in linux-firmware source package in Plucky:
In Progress
Status in linux-firmware source package in Questing:
Fix Released
Bug description:
[Impact]
AMD TEE firmware is provided by both linux-firmware and
amd64-microcode. We've been 'lucky' so far that there's no file
collision because linux-firmware provides compressed blobs and
amd64-microcode doesn't. But that also means that the compressed blobs
(from the wrong package) are used.
[Fix]
Don't ship AMD TEE firmware with linux-firmware.
[Test Case]
Inspect package content and verify that it doesn't provide
/usr/lib/amdtee firmware.
[Where Problems Could Occur]
initramfs could contain wrong amdtee firmware and kernel could load
wrong firmware. This can result in the usual kernel firmware problems:
Unpatched issues due to wrong firmware loaded, kernel crashes, oops,
hangs, ...
[Original Description]
Hi,
the amdtee firmwares are provided both by amd64-microcode:
$ dpkg -L amd64-microcode | grep amdtee
/usr/lib/firmware/amdtee
/usr/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin
/usr/lib/firmware/amdtee/amd_pmf_v3.bin
and by linux-firmware:
$ dpkg -L linux-firmware | grep amdtee
/lib/firmware/amdtee
/lib/firmware/amdtee/773bd96f-b83f-4d52-b12dc529b13d8543.bin.zst
/lib/firmware/amdtee/amd_pmf_v3.bin.zst
- one compressed and the other uncompressed
- one in /lib and the other in /usr/lib
Would it be possible to better coordinate both packages?
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: amd64-microcode 3.20240820.1ubuntu1
ProcVersionSignature: Ubuntu 6.14.0-15.15-generic 6.14.0
Uname: Linux 6.14.0-15-generic x86_64
ApportVersion: 2.32.0-0ubuntu5.1
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Wed Jun 4 18:29:30 2025
SourcePackage: amd64-microcode
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/amd64-microcode/+bug/2112488/+subscriptions
More information about the foundations-bugs
mailing list