sysutils/cpu-microcode-amd: Update to 2025-12-02 snapshot
ClosedPublic
Actions

Authored by jrm on Wed, Dec 17, 6:34 PM.

Details

Reviewers

glebius
oliver

Commits

R11:ffb64ba4a059: sysutils/cpu-microcode-amd: Update to 2025-12-02 snapshot

Summary

Update AMD CPU microcode for processor families 19h and 1ah.

From upstream's README:

NOTE: In order to not fully abandon machines affected by AMD-SB-7033 [1] that have not received the BIOS update, the family 19h microcode container now includes a second patch for these machines that brings the microcode to the highest possible level without the microcode signing fix. While a BIOS update is highly recommended to receive the latest security updates issued after the microcode signing vulnerability, this will allow non-updated systems to at least receive some microcode updates beyond the version provided by BIOS.

[1] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

Upstream Linux firmware commit:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=2b318c8e4159234ddbcc1cadc90cf32d17d9ee82

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jrm requested review of this revision.Wed, Dec 17, 6:34 PM

jrm created this revision.

Harbormaster completed remote builds in B69338: Diff 168270.Wed, Dec 17, 6:34 PM

FYI, here is what's included in this update:

% for f in /usr/local/share/cpucontrol/microcode_amd*.bin; do ./amd_ucode_info.py ${f}; done
Microcode patches in /usr/local/share/cpucontrol/microcode_amd_fam15h.bin:
  Family=0x15 Model=0x01 Stepping=0x02: Patch=0x0600063e Length=2592 bytes
  Family=0x15 Model=0x02 Stepping=0x00: Patch=0x06000852 Length=2592 bytes
  Family=0x15 Model=0x10 Stepping=0x01: Patch=0x06001119 Length=2592 bytes
Microcode patches in /usr/local/share/cpucontrol/microcode_amd_fam16h.bin:
  Family=0x16 Model=0x00 Stepping=0x01: Patch=0x0700010f Length=3458 bytes
Microcode patches in /usr/local/share/cpucontrol/microcode_amd_fam17h.bin:
  Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034 Length=3200 bytes
  Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126f Length=3200 bytes
  Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107c Length=3200 bytes
  Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d Length=3200 bytes
  Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
  Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a Length=3200 bytes
  Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108 Length=3200 bytes
Microcode patches in /usr/local/share/cpucontrol/microcode_amd_fam19h.bin:
WARNING: Duplicate CPUID 0x00a00f11 (Family=0x19 Model=0x01 Stepping=0x01) in the equivalence table for equiv_id 0xa011
WARNING: Duplicate CPUID 0x00a00f12 (Family=0x19 Model=0x01 Stepping=0x02) in the equivalence table for equiv_id 0xa012
WARNING: Duplicate CPUID 0x00a10f11 (Family=0x19 Model=0x11 Stepping=0x01) in the equivalence table for equiv_id 0xa111
WARNING: Duplicate CPUID 0x00a10f12 (Family=0x19 Model=0x11 Stepping=0x02) in the equivalence table for equiv_id 0xa112
WARNING: Duplicate CPUID 0x00aa0f02 (Family=0x19 Model=0xa0 Stepping=0x02) in the equivalence table for equiv_id 0xaa02
  Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a00107a Length=5568 bytes
  Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d5 Length=5568 bytes
  Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011de Length=5568 bytes
  Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001238 Length=5568 bytes
  Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001247 Length=5568 bytes
  Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820d Length=5568 bytes
  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101148 Length=5568 bytes
  Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101158 Length=5568 bytes
  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101248 Length=5568 bytes
  Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101253 Length=5568 bytes
  Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108109 Length=5568 bytes
  Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102e Length=5568 bytes
  Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201211 Length=5568 bytes
  Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404108 Length=5568 bytes
  Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500012 Length=5568 bytes
  Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a60120a Length=5568 bytes
  Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704108 Length=5568 bytes
  Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705208 Length=5568 bytes
  Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708008 Length=5568 bytes
  Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c008 Length=5568 bytes
  Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00215 Length=5568 bytes
  Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa0021c Length=5568 bytes
Microcode patches in /usr/local/share/cpucontrol/microcode_amd_fam1ah.bin:
  Family=0x1a Model=0x02 Stepping=0x01: Patch=0x0b002161 Length=14368 bytes
  Family=0x1a Model=0x08 Stepping=0x01: Patch=0x0b008121 Length=14368 bytes
  Family=0x1a Model=0x11 Stepping=0x00: Patch=0x0b101058 Length=14368 bytes
  Family=0x1a Model=0x24 Stepping=0x00: Patch=0x0b204037 Length=14368 bytes
  Family=0x1a Model=0x44 Stepping=0x00: Patch=0x0b404035 Length=14368 bytes
  Family=0x1a Model=0x44 Stepping=0x01: Patch=0x0b404108 Length=14368 bytes
  Family=0x1a Model=0x60 Stepping=0x00: Patch=0x0b600037 Length=14368 bytes
  Family=0x1a Model=0x68 Stepping=0x00: Patch=0x0b608038 Length=14368 bytes
  Family=0x1a Model=0x70 Stepping=0x00: Patch=0x0b700037 Length=14368 bytes
Microcode patches in /usr/local/share/cpucontrol/microcode_amd.bin:
  Family=0x10 Model=0x02 Stepping=0x03: Patch=0x01000083 Length=960 bytes
  Family=0x10 Model=0x02 Stepping=0x02: Patch=0x01000083 Length=960 bytes
  Family=0x10 Model=0x02 Stepping=0x0a: Patch=0x01000084 Length=960 bytes
  Family=0x10 Model=0x06 Stepping=0x02: Patch=0x010000c7 Length=960 bytes
  Family=0x10 Model=0x04 Stepping=0x03: Patch=0x010000c8 Length=960 bytes
  Family=0x10 Model=0x06 Stepping=0x03: Patch=0x010000c8 Length=960 bytes
  Family=0x10 Model=0x05 Stepping=0x03: Patch=0x010000c8 Length=960 bytes
  Family=0x10 Model=0x08 Stepping=0x01: Patch=0x010000d9 Length=960 bytes
  Family=0x10 Model=0x09 Stepping=0x01: Patch=0x010000d9 Length=960 bytes
  Family=0x10 Model=0x08 Stepping=0x00: Patch=0x010000da Length=960 bytes
  Family=0x10 Model=0x04 Stepping=0x02: Patch=0x010000db Length=960 bytes
  Family=0x10 Model=0x05 Stepping=0x02: Patch=0x010000db Length=960 bytes
  Family=0x10 Model=0x0a Stepping=0x00: Patch=0x010000dc Length=960 bytes
  Family=0x11 Model=0x03 Stepping=0x01: Patch=0x02000032 Length=512 bytes
  Family=0x12 Model=0x01 Stepping=0x00: Patch=0x03000027 Length=960 bytes
  Family=0x14 Model=0x01 Stepping=0x00: Patch=0x05000029 Length=1568 bytes
  Family=0x14 Model=0x02 Stepping=0x00: Patch=0x05000119 Length=1568 bytes

I only have easy access to one AMD system, and that system just received a BIOS update, so it only shows CPU microcode: no matching update found.

jrm edited the summary of this revision. (Show Details)Wed, Dec 17, 6:39 PM

As we discussed in private email exchange, this is speculatively supposed to be safe. I tested only on CPU Family=0x19 Model=0xa0 Stepping=0x02, that doesn't have updated BIOS. The microcode in the CPU matches the first version in the blob and safely failed to upgrade to the newer version. The expected failure message was printed.

This revision is now accepted and ready to land.Wed, Dec 17, 6:59 PM

Closed by commit R11:ffb64ba4a059: sysutils/cpu-microcode-amd: Update to 2025-12-02 snapshot (authored by jrm). · Explain WhyWed, Dec 17, 7:55 PM

This revision was automatically updated to reflect the committed changes.

jrm added a commit: R11:ffb64ba4a059: sysutils/cpu-microcode-amd: Update to 2025-12-02 snapshot.