Comment 7 for bug 1388889
Revision history for this message
| Dimitri John Ledkov (xnox) wrote Re: [Bug 1388889] Re: [MIR] intel-microcode & iucode-tool (multiverse -> restricted) | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On 3 December 2014 at 11:30, Henrique de Moraes Holschuh
<email address hidden> wrote:
> I am the Debian upstream for both packages (intel-microcode and iucode-
> tool), and upstream author for iucode-tool.
>
> Thank you for the kind comments on iucode-tool :-)
>
> As for intel-microcode, you guys are dealing with an outdated package
> version. The new one in Debian addresses the Haswell microcode update
> issue by switching to enforced early initramfs mode updates...
>
> This simplified the packaging a lot, but it also means there were
> extensive changes to all scripts, so the intel-microcode security
> analysis likely needs to be redone when you resync with Debian.
>
> Also, the intel-microcode package version you're considering can be a
> hazard when dealing with Intel microcode updates with visible effects at
> the ISA level, like the Haswell "disable TSX" microcode update. It can
> result in an unusable system, as your QA team found out, which forced
> you guys to revert to the previous Intel microcode update data.
>
> The newer version of intel-microcode in Debian enforces the safe use of
> early microcode updates, which allows the use of Intel microcode update
> data 20140913 and newer. You should consider a resync as soon as
> pratical.
>
Right, this was pointed out to me. I'll make sure the updated package
is merged in properly before proceeding with this.
--
Regards,
Dimitri.