AMD mcodes / ZEN tool

just a heads up: these amd microcodes from november onward fail to load on older bioses due to CVE-2024-56161

the bulletin hints at a check added that’d reject them in recent bioses, but even on year+ old bioses they fail too

edit: I specifically tested the following:

  • 00A50F00 on a 2023-08 bios
    • includes: 0x0a50000c
    • works: 0x0a500011, 2024-02-29
    • fails: 0x0a500014, 2024-11-11
  • 00A20F12 on a 2023-06 bios
    • includes: 0x0a20120a
    • works: 0x0a201210, 2024-02-29
    • fails: 0x0a201213, 2024-12-05
  • 00A60F12 on a 2024-11 bios
    • works: 0x0a601209, 2024-02-27
    • fails: 0x0a60120c, 2024-11-10
  • 00A60F12 on a 2025-01 bios
    • works: 0x0a60120c, 2024-11-10
5 Likes

@SkewedZeppelin

Interesting, I’ve never heard of such a thing. Which of course doesn’t mean that what you write can’t be true. I think this is due to AGESA. Ever since AGESA, the BIOS hasn’t been built like it was before. Because of this, Intel BIOSes are much easier to work with.

cpu806EC_plat94_ver00000100_2024-11-17_PRD_2160E082.zip (104.2 KB)
cpuA0660_plat80_ver00000102_2024-11-14_PRD_DDA4508E.zip (96.2 KB)

EDIT
cpu008A0F00_ver08A0000B_2024-11-25_DC68129F.zip (3.3 KB)
cpu00820F01_ver08200105_2024-11-11_8319BE07.zip (1.4 KB)
cpu00860F81_ver08608109_2024-11-18_A7F270F9.zip (2.3 KB)

2 Likes

maybe you can use zentool to resign the patches, then they will load ok

@zyn8
zentool does seem to work to identify and even resign them
although I haven’t tried loading one yet

for reference here are the currently failing zen1-4 microcodes available in CPUMicrocodes@f2258101:

  • cpu00A10F11_ver0A101154_2024-11-12_10CBB8CE.bin: BAD
  • cpu00A10F12_ver0A10124F_2024-11-12_22DDB42F.bin: BAD
  • cpu00A10F81_ver0A10810C_2024-11-12_5E78BB92.bin: BAD
  • cpu00A20F10_ver0A201030_2024-11-11_63FFA48B.bin: BAD
  • cpu00A20F12_ver0A201213_2024-12-05_E7F6C8B8.bin: BAD
  • cpu00A50F00_ver0A500014_2024-11-11_5646B6F5.bin: BAD
  • cpu00A60F12_ver0A60120C_2024-11-10_2D08C95C.bin: BAD
  • cpu00A70F52_ver0A70520A_2024-11-11_05E8D8C2.bin: BAD
  • cpu00A70F80_ver0A70800A_2024-11-11_1061D528.bin: BAD
  • cpu00AA0F02_ver0AA00219_2024-11-13_D177BF43.bin: BAD

they would all presumably need an updated bios/agesa to load them

sorry for the OT, can a mod split this into another topic?
edit thanks @MeatWar but post 3 should be moved back

if they rotated the signing key in sb-3019 then zentool will use the old key so an old bios will accept it. maybe?

windows version here