linux-firmware: update to 20230625+git20230724+debian20210818+1~bpo11+1

[MingcongBai]

Topic Description

This topic addresses a use-after-free vulnerability in AMD Zen2 processors. #4636

Ref: https://lock.cmpxchg8b.com/zenbleed.html

Package(s) Affected

• firmware-free v20230625+git20230724+debian20210818+1~bpo11+1
• firmware-nonfree v20230625+git20230724+debian20210818+1~bpo11+1

Security Update?

Yes, #4636

Build Order

linux-firmware

Test Build(s) Done

Primary Architectures

• Architecture-independent noarch

Update(s) Uploaded to Stable

Primary Architectures

• Architecture-independent noarch

[KexyBiscuit]

Approve with possible unknown regression in mind.

[MingcongBai]

Dracut did not apply the microcode correctly. Changes pending.

[MingcongBai]

Fix tested successfully (with Dracut caveats, saved for another topic) on @Icenowy's EPYC 7002; failed on @chenx97's Ryzen PRO 4750U; microcode update not available for @eatradish's Ryzen 3950X. ???

[MingcongBai]

This fix might just be EPYC/Threadripper-specific. Sigh.

Those chips were clearly affected.

[MingcongBai]

@Fearyncess: It may well be the case that AMD has yet to release fixes for all affected models.

We will wait on this for another day.

[Fearyncess]

@Fearyncess: It may well be the case that AMD has yet to release fixes for all affected models.

We will wait on this for another day.

For MSDT (Ryzen 3000/4000 CPU Series), it maybe only have a BIOS update incl. updated AGESA with mitigations from mobo vendors, if AMD decided doesn't fix it by microcode update in linux-firmware.

[chenx97]

Unfortunately we'll wait til at least November for our beloved (and now annoying) consumer desktop processors to be patched properly. We should patch the kernel to set the chicken bit for us before such microcode update lands.

[MingcongBai]

To be addressed in #4789. Closing.