wireguard-linux/arch/x86/kernel/cpu/microcode, branch stable

x86/microcode/AMD: Add more known models to entry sign checking

2025-11-07T11:12:21Z

Two Zen5 systems are missing from need_sha_check(). Add them. Fixes: 50cef76d5cb0 ("x86/microcode/AMD: Load only SHA256-checksummed patches") Signed-off-by: Mario Limonciello (AMD) Signed-off-by: Borislav Petkov (AMD) Cc: Link: https://patch.msgid.link/20251106182904.4143757-1-superm1@kernel.org

x86/microcode/AMD: Limit Entrysign signature checking to known generations

2025-10-27T16:07:17Z

Limit Entrysign sha256 signature checking to CPUs in the range Zen1-Zen5. X86_BUG cannot be used here because the loading on the BSP happens way too early, before the cpufeatures machinery has been set up. Signed-off-by: Borislav Petkov (AMD) Link: https://patch.msgid.link/all/20251023124629.5385-1-bp@kernel.org

x86/microcode: Fix Entrysign revision check for Zen1/Naples

2025-10-21T10:16:51Z

... to match AMD's statement here: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html Fixes: 50cef76d5cb0 ("x86/microcode/AMD: Load only SHA256-checksummed patches") Signed-off-by: Andrew Cooper Signed-off-by: Borislav Petkov (AMD) Cc: Link: https://patch.msgid.link/20251020144124.2930784-1-andrew.cooper3@citrix.com

x86/microcode: Add microcode loader debugging functionality

2025-09-04T14:15:19Z

Instead of adding ad-hoc debugging glue to the microcode loader each time I need it, add debugging functionality which is not built by default. Simulate all patch handling the loader does except the actual loading of the microcode patch into the hardware. Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/20250820135043.19048-3-bp@kernel.org

x86/microcode: Add microcode= cmdline parsing

2025-09-04T14:02:20Z

Add a "microcode=" command line argument after which all options can be passed in a comma-separated list. Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Sohil Mehta Reviewed-by: Chang S. Bae Link: https://lore.kernel.org/20250820135043.19048-2-bp@kernel.org

x86/microcode/intel: Refresh the revisions that determine old_microcode

2025-09-04T13:57:17Z

Update the minimum expected revisions of Intel microcode based on the microcode-20250512 (May 2025) release. Signed-off-by: Sohil Mehta Signed-off-by: Dave Hansen Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/all/20250818190137.3525414-2-sohil.mehta%40intel.com

x86/microcode/AMD: Handle the case of no BIOS microcode

2025-08-27T08:24:10Z

Machines can be shipped without any microcode in the BIOS. Which means, the microcode patch revision is 0. Handle that gracefully. Fixes: 94838d230a6c ("x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID") Reported-by: Vítek Vávra Signed-off-by: Borislav Petkov (AMD) Cc:

Merge tag 'x86_microcode_for_v6.17_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2025-07-30T00:16:26Z

Pull x86 microcode loader update from Borislav Petkov: - Switch the microcode loader from using the fake platform device to the new simple faux bus * tag 'x86_microcode_for_v6.17_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/microcode: Move away from using a fake platform device

x86/microcode: Move away from using a fake platform device

2025-07-09T11:12:08Z

Downloading firmware needs a device to hang off of, and so a platform device seemed like the simplest way to do this. Now that we have a faux device interface, use that instead as this "microcode device" is not anything resembling a platform device at all. Signed-off-by: Greg Kroah-Hartman Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Sohil Mehta Link: https://lore.kernel.org/2025070121-omission-small-9308@gregkh

x86/microcode/AMD: Add TSA microcode SHAs

2025-06-17T15:17:12Z

Signed-off-by: Borislav Petkov (AMD)