lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250822190622.GIaKi_rpJxdNGsbDlf@fat_crate.local>
Date: Fri, 22 Aug 2025 21:06:22 +0200
From: Borislav Petkov <bp@...en8.de>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Sohil Mehta <sohil.mehta@...el.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, "H . Peter Anvin" <hpa@...or.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	Nikolay Borisov <nik.borisov@...e.com>,
	Andrew Cooper <andrew.cooper3@...rix.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] scripts/x86/intel: Add a script to update the minimum
 ucode revisions

On Fri, Aug 22, 2025 at 11:31:40AM -0700, Dave Hansen wrote:
> We could definitely put it there. But it's generating a 100%
> Linux-specific header that nobody else can use. So it's really a purely
> Linux thing. Not really a great fit for what is otherwise just a
> microcode repository.

Just to clarify again: I don't care if it is in the kernel as long as there's
a clear policy when those files are updated and also specified that any update
is sanctioned by you guys since doing a public microcode release kinda says
that what you're releasing is verified and tested and the stuff you're
deprecating can be deprecated.

What I don't want to have is some random people running this because they saw
some microcode on github which someone carved out from BIOS and claims now
that this is valid microcode. Or some other funky thing...

And I don't think you want to be in such a situation either.

So as long as it unmistakenly specifies who updates the header, the script can
be anywhere.

I hope I'm making more sense.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ