amd64-microcode (3.20251030.1) unstable; urgency=high

    This release ships microcode for family 0x1ah (Zen5) that cannot be
    loaded by very outdated system firmware, due to the fix for the
    "Entrysign" microcode signature issue (as described by AMD-SB-7033).

    This release ships two sets of microcode for family 0x19h (Zen3,
    Zen3+, Zen4):

    * The most recent set of microcode updates, which will only work for
      systems that had their system firmware (BIOS) properly updated to
      address the Entrysign microcode signature vulnerability.

    * A second set of older microcode "updates", for systems with outdated
      system firmware still vulnerable to the Entrysign vulnerability.

      As described by AMD:
      "In order to not fully abandon machines affected by AMD-SB-7033 that
      have not received the BIOS update, the family 19h microcode container
      now includes a second patch for these machines that brings the microcode
      to the highest possible level without the microcode signing fix. While a
      BIOS update is highly recommended to receive the latest security updates
      issued after the microcode signing vulnerability, this will allow
      non-updated systems to at least receive some microcode updates beyond
      the version provided by BIOS."

      Note that any such systems *will remain vulnerable* to Entrysign and
      anything else that has been fixed by microcode updates since then.

    For more details, refer to AMD-SB-7033:
    https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html

    IMPORTANT NOTE: an updated Linux kernel with an updated AMD microcode
    update driver is required in order to the "set of older microcode
    updates" to be selected on systems with outdated firmware.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 08 Nov 2025 19:20:02 -0300

amd64-microcode (3.20230808.1) unstable; urgency=high

    This release requires *either* new-enough system firmware, *or* a
    recent-enough Linux kernel to properly work on AMD Genoa and Bergamo
    processors.

    The firmware requirement is AGESA 1.0.0.8 or newer.

    The Linux kernel requirement is a group of patches that are already
    present in the Linux stable/LTS trees since versions: v4.19.289,
    v5.4.250, v5.10.187, v5.15.120, v6.1.37, v6.3.11 and v6.4.1.  These
    patches are also present in Linux v6.5-rc1.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 10 Aug 2023 09:32:37 -0300

amd64-microcode (2.20141028.1) unstable; urgency=medium

    This release drops support for automatically applying microcode updates
    without a reboot.  The microcode updates can still be applied without a
    reboot through manual action of the system administrator.

    This is a defensive measure.  At this time, there are no reported
    issues caused by the AMD microcode update itself when done outside of
    the boot process.

    However, updating only on boot works around a very elusive issue in
    the Linux kernel microcode update driver for AMD processors, which
    may or may not have been fixed in the latest stable/long-term
    kernels.

    It is now possible to configure how the amd64-microcode package should
    behave through the /etc/default/amd64-microcode file.  By default, it
    will install microcode update support to the initramfs only when
    running in a system with an AMD processor.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 17 Dec 2014 19:17:30 -0200