AMD mcodes / ZEN tool

just a heads up: these amd microcodes from november onward fail to load on older bioses due to CVE-2024-56161

the bulletin hints at a check added that’d reject them in recent bioses, but even on year+ old bioses they fail too

edit: I specifically tested the following:

  • 00A50F00 on a 2023-08 bios
    • includes: 0x0a50000c
    • works: 0x0a500011, 2024-02-29
    • fails: 0x0a500014, 2024-11-11
  • 00A20F12 on a 2023-06 bios
    • includes: 0x0a20120a
    • works: 0x0a201210, 2024-02-29
    • fails: 0x0a201213, 2024-12-05
  • 00A60F12 on a 2024-11 bios
    • works: 0x0a601209, 2024-02-27
    • fails: 0x0a60120c, 2024-11-10
  • 00A60F12 on a 2025-01 bios
    • works: 0x0a60120c, 2024-11-10
5 Likes

@SkewedZeppelin

Interesting, I’ve never heard of such a thing. Which of course doesn’t mean that what you write can’t be true. I think this is due to AGESA. Ever since AGESA, the BIOS hasn’t been built like it was before. Because of this, Intel BIOSes are much easier to work with.

maybe you can use zentool to resign the patches, then they will load ok

@zyn8
zentool does seem to work to identify and even resign them
although I haven’t tried loading one yet

for reference here are the currently failing zen1-4 microcodes available in CPUMicrocodes@f2258101:

  • cpu00A10F11_ver0A101154_2024-11-12_10CBB8CE.bin: BAD
  • cpu00A10F12_ver0A10124F_2024-11-12_22DDB42F.bin: BAD
  • cpu00A10F81_ver0A10810C_2024-11-12_5E78BB92.bin: BAD
  • cpu00A20F10_ver0A201030_2024-11-11_63FFA48B.bin: BAD
  • cpu00A20F12_ver0A201213_2024-12-05_E7F6C8B8.bin: BAD
  • cpu00A50F00_ver0A500014_2024-11-11_5646B6F5.bin: BAD
  • cpu00A60F12_ver0A60120C_2024-11-10_2D08C95C.bin: BAD
  • cpu00A70F52_ver0A70520A_2024-11-11_05E8D8C2.bin: BAD
  • cpu00A70F80_ver0A70800A_2024-11-11_1061D528.bin: BAD
  • cpu00AA0F02_ver0AA00219_2024-11-13_D177BF43.bin: BAD

they would all presumably need an updated bios/agesa to load them

sorry for the OT, can a mod split this into another topic?
edit thanks @MeatWar but post 3 should be moved back

if they rotated the signing key in sb-3019 then zentool will use the old key so an old bios will accept it. maybe?

windows version here