solene
July 24, 2023, 6:02pm
1
Hi,
with the new pretty bad zenbleed vulnerability, how does microcode updates works in Qubes OS?
Should I open an issue on GitHub to keep track about the progress by the team?
I found a previous Discourse announcement in 2022 about a microcode update, so it seems Qubes OS will handle it through an update, but I just wanted to be sure
Yes, please, open an issue. It’s the good way.
The QubesOS team published :
opened 04:31PM - 24 Jul 23 UTC
r4.2-host-cur-test
r4.2-host-sec-test
Update of linux-firmware to v20230625-147 for Qubes OS r4.2, see comments below … for details and build status.
From commit: https://github.com/QubesOS/qubes-linux-firmware/commit/737cc2a10fe103d738a45e5077e04e7c3f49986e
[Changes since previous version](https://github.com/QubesOS/qubes-linux-firmware/compare/v20230625...v20230625-147):
QubesOS/qubes-linux-firmware@737cc2a version 20230625-147
QubesOS/qubes-linux-firmware@30906f9 Bump epoch to make sure the package will remain newer than one from Fedora
Referenced issues:
If you're release manager, you can issue GPG-inline signed command:
* `Upload-component r4.2 linux-firmware 737cc2a10fe103d738a45e5077e04e7c3f49986e current all` (available 5 days from now)
* `Upload-component r4.2 linux-firmware 737cc2a10fe103d738a45e5077e04e7c3f49986e security-testing all`
You can choose subset of distributions like:
* `Upload-component r4.2 linux-firmware 737cc2a10fe103d738a45e5077e04e7c3f49986e current vm-bookworm,vm-fc37` (available 5 days from now)
Above commands will work only if packages in current-testing repository were built from given commit (i.e. no new version superseded it).
For more information on how to test this update, please take a look at https://www.qubes-os.org/doc/testing/#updates.
solene
July 24, 2023, 8:04pm
4
Thanks, I was writing the issue when you added the update
solene
July 24, 2023, 8:36pm
5
Actually, the issue to track the update for r4.1 is this one
opened 12:54AM - 21 Jul 23 UTC
r4.1-dom0-cur-test
r4.1-dom0-sec-test
Update of linux-firmware to v20230625 for Qubes r4.1, see comments below for det… ails.
Built from: https://github.com/QubesOS/qubes-linux-firmware/commit/41625f8d4998a844e79e044e5b894dd3c55ae414
[Changes since previous version](https://github.com/QubesOS/qubes-linux-firmware/compare/v20230117...v20230625):
QubesOS/qubes-linux-firmware@41625f8 Include recent AMD microcode updates for family 17h and 19h
QubesOS/qubes-linux-firmware@11898fb Update to 20230625
Referenced issues:
If you're release manager, you can issue GPG-inline signed command:
* `Upload linux-firmware 41625f8d4998a844e79e044e5b894dd3c55ae414 r4.1 current repo` (available 7 days from now)
* `Upload linux-firmware 41625f8d4998a844e79e044e5b894dd3c55ae414 r4.1 current (dists) repo`, you can choose subset of distributions, like `vm-fc24 vm-fc25` (available 7 days from now)
* `Upload linux-firmware 41625f8d4998a844e79e044e5b894dd3c55ae414 r4.1 security-testing repo`
Above commands will work only if packages in current-testing repository were built from given commit (i.e. no new version superseded it).
1 Like