lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 11 Jul 2013 02:01:42 +0100
From:	Ben Hutchings <ben@...adent.org.uk>
To:	suravee.suthikulpanit@....com
Cc:	dwmw2@...radead.org, sherry.hurwitz@....com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1 V2] linux-firmware: Add AMD microcode patch firmware
 files

I've applied this, but:

On Wed, 2013-07-10 at 19:42 -0500, suravee.suthikulpanit@....com wrote:
> From: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
> 
> For AMD Families 10h ~ 14h Processors
> file:   amd-ucode/microcode_amd.bin
> md5sum: 55ae79b82cbfddcf7142058be3c9ec2d
> 
> For AMD Family 15h Processors
> file:   amd-ucode/microcode_amd_fam15h.bin
> md5sum: 122ac7e56442c2b7c28eb26978b2d57c
> 
> Version: 07_10_2013

This is not a suitable version format, as e.g. 01_01_2014 would be a
later version but will sort earlier.  When dates are used as versions,
they should be written in ISO 8601 order, yyyy-mm-dd.  Old releases from
amd64.org were labelled that way.

Also, the version belongs in WHENCE, so I added this to WHENCE:

Version: 2013-07-10

> Signed-off-by: Sherry Hurwitz <sherry.hurwitz@....com>
> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
> 
> ---
> 
> Key Name        = AMD Microcode Signing Key (for signing microcode container files only)
> Key ID          = 8C0108B4
> Key Fingerprint = 916A 7708 23A7 B27A ADE0  1565 A5E8 DBC9 8C01 08B4
> 
> GnuPG Signature for file : microcode_amd.bin.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iQEcBAABAgAGBQJR3dkLAAoJEKXo28mMAQi0/9cIAKraXlbchZkkIPzyMrZBZZJe
> zapMterpLdDYL6zukfqgF7Frg94+ilGPK9yKAFsvC+EJyHrF5lbRQ/JthANdRv+Y
> 8sBKz5/knVI72WdjSjg+473I1rFdIUK+YN7Ygp6eAwP3fg/IQ9UD9iQfWKbbUnx0
> WSEMCZm/izsyU2LQMJvtizJ2gz9ktFoALUtTvj0bv34CKr++qqngEVFy/WKQdR6x
> R3l5MjFAhvzO0O9gV59s1tXbPU56HRhMbvSBn3NIVZu17pwAFySHwQLAeW10GH0j
> UfgpKQppbz90iLLaSh8vseTOoTBn5SegDtK0JEJNMOuK1VoZ+kgv0cqGCs17HBQ=
> =FnHv
> -----END PGP SIGNATURE-----
> 
> GnuPG Signature for file : microcode_amd_fam15h.bin.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> 
> iQEcBAABAgAGBQJR3dkfAAoJEKXo28mMAQi0iTsIAJ5nCgz/+jFYag2W/OH+kOQe
> BDXYSC5diXQR5wF/HUkXWh0sl+jNK/OrRVxT7sFaEgAUhEXhK6Df/h7qnJAYQGFr
> 5+CKhfSr/0Qbk1ziWYAXVKMOXbuLWSSIov1SCcwLsps7A7puITK6xDemLby7KDGC
> xCUfKIM/BO6DyFpNhKQ+xJdDi+yVxUKQhbdk/8gY94VdUnVZq3CTK9UStpBuaXu0
> qJNfhbaU+OzgZmnmLq5+xGsCML1xfbgF6sexVRx7oT/Jv30tm97YQJWR0h4DU7jU
> zjID8kGtYRVV7+i8jC+jVpFo21yDVUkHUcqtNXXRB/lbOYFAm+UJviAEc4NEdSw=
> =JaWY
> -----END PGP SIGNATURE-----
[...]

I added the detached signatures to the commit as separate files, so that
distributions and other downstream users can verify the signatures.
linux-firmware.git itself is not currently being tagged, with or without
signatures.  Please include detached signatures in future.

Ben.

-- 
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ