AMD has recently updated the microcode in the linux-firmware tree for family 17h processors to address Spectre variant 2. The Trusty 3.13 kernel cannot load the microcode because it is missing a backport of upstream patch f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf which leaves AMD machines vulnerable.
[Test Case]
Test must be done on a 17h family processor:
1) Take note of the microcode version before applying updated microcode:
2) Get updated amd64-microcode package from the Ubuntu Security Team. Install it and reboot machine.
3) Verify that the microcode version has changed.
[Regression Potential]
The regression potential to the kernel revolves around the fact that the IBRS/IBPB implementation in the 3.13 kernel may not have been put through its paces yet due to a lack of available microcode updates. There could be a latent bug present that is uncovered.
[Impact]
AMD has recently updated the microcode in the linux-firmware tree for family 17h processors to address Spectre variant 2. The Trusty 3.13 kernel cannot load the microcode because it is missing a backport of upstream patch f4e9b7af0cd58dd 039a0fb2cd67d57 cea4889abf which leaves AMD machines vulnerable.
[Test Case]
Test must be done on a 17h family processor:
1) Take note of the microcode version before applying updated microcode:
$ sudo cat /sys/devices/ system/ cpu/cpu0/ microcode/ version
0x8001227
2) Get updated amd64-microcode package from the Ubuntu Security Team. Install it and reboot machine.
3) Verify that the microcode version has changed.
[Regression Potential]
The regression potential to the kernel revolves around the fact that the IBRS/IBPB implementation in the 3.13 kernel may not have been put through its paces yet due to a lack of available microcode updates. There could be a latent bug present that is uncovered.