]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
x86/microcode/AMD: Load only SHA256-checksummed patches
authorBorislav Petkov (AMD) <bp@alien8.de>
Thu, 23 Jan 2025 13:44:53 +0000 (14:44 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 7 Mar 2025 17:25:46 +0000 (18:25 +0100)
commit3e8653e399e7111a3e87d534ff4533b250ae574f
tree14107747b75663d22821b9663264090962bd7e8f
parent0c110da9139def6935933e552dc4e756362258d9
x86/microcode/AMD: Load only SHA256-checksummed patches

commit 50cef76d5cb0e199cda19f026842560f6eedc4f7 upstream.

Load patches for which the driver carries a SHA256 checksum of the patch
blob.

This can be disabled by adding "microcode.amd_sha_check=off" on the
kernel cmdline. But it is highly NOT recommended.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/x86/Kconfig
arch/x86/kernel/cpu/microcode/amd.c
arch/x86/kernel/cpu/microcode/amd_shas.c [new file with mode: 0644]