On 06/03/2025 4:48 am, Solar Designer wrote: > On Thu, Mar 06, 2025 at 04:11:25AM +0000, Andrew Cooper wrote: >> This issue wins points for spite, because the highest risk users are the >> ones who were taking proactive steps to try and improve their security, >> betting that AMD's patchloader crypto was sound. > OK, so this is to protect legitimate sysadmins from loading malicious > microcode inadvertently or via a supply chain attack. Makes sense.
Sorry for the delay, I knew there was a distro formally doing this, but I'd lost track of the links. https://github.com/divestedcg/real-ucode which is packaged for Arch as https://aur.archlinux.org/packages/amd-real-ucode-git (and an equivalent Intel package). ~Andrew
