Short backstory to not repeat the README: linux-firmware used by distros is actually missing microcode for many newer consumer AMD processors, this package helps sidestep the gap from vendor BIOS updates.
I’ve tested it on three machines so far, and it allowed patching retbleed on two of them so far, despite them running the latest available BIOS.
There is also an AUR package (not by me) here for the AMD side: AUR (en) - amd-real-ucode-git
Out of curiosity, who do you recommend install this package, given this warning in the platomav/CPUMicrocodes repo?
It is generally advised to request and/or wait for your OEM/OS to release newer fixes. Latest is not always better or tested. Manufacturers and OS mainteners usually have some insider/confidential info from microcode vendors on what got changed/fixed at newer microcode releases so if they ship older microcodes, it could be that newer versions have not been thoroughly tested, have been retracted/downgraded by the microcode vendor or not contain anything important enough to warrant an update. The microcodes here are gathered and provided with the sole purpose of helping people who are out of other viable solutions. Thus, they can be extremely helpful to those who have major problems with their systems for which their manufacturer refuses to assist due to indifference and/or system age.
as I mentioned above, I managed to patch two systems against known security issues for which vendor hasn’t pushed out yet, that is a worthwhile tradeoff.
Thus, they can be extremely helpful to those who have major problems with their systems for which their manufacturer refuses to assist due to indifference
The whole point of OS updating microcode is to sidestep awful BIOS patch/release schedules. That rapidly falls apart when Intel/AMD don’t actually include it for some processors.
AMD is especially egregious here not shipping ANY consumer chips in their fam19h file.
It has been months and AMD still hasn’t patched Zenbleed on many consumer chips: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
Is this relevant to Intel as well, or just AMD?
More so newer AMD processors.
It may be beneficial for older or obscure Intel processors too however.
I’ve added a status table after receiving a report of one machine not working after updated: GitHub - divestedcg/real-ucode: All the microcodes, but packaged!
I’m still in favor of it, as it does help mitigate actual security issues still that vendors haven’t shipped updates for.
I’ve also made it easier to use now that Fedora has split amd-ucode out of linux-firmware package.