--- /dev/null
+xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high
+
+ This update contains the mitigations for the Microarchitectural Data
+ Sampling speculative side channel attacks. Only Intel based processors are
+ affected.
+
+ Note that these fixes will only have effect when also loading updated cpu
+ microcode with MD_CLEAR functionality. When using the intel-microcode
+ package to include microcode in the dom0 initrd, it has to be loaded by
+ Xen. Please refer to the hypervisor command line documentation about the
+ 'ucode=scan' option.
+
+ For the fixes to be fully effective, it is currently also needed to disable
+ hyper-threading, which can be done in BIOS settings, or by using smt=no on
+ the hypervisor command line.
+
+ Additional information is available in the upstream Xen security advisory:
+ https://xenbits.xen.org/xsa/advisory-297.html
+
+ -- Hans van Kranenburg <hans@knorrie.org> Tue, 18 Jun 2019 09:50:19 +0200
+xen (4.11.1+92-g6c33308a8d-2) unstable; urgency=high
+
+ * Mention MDS and the need for updated microcode and disabling
+ hyper-threading in NEWS.
+ * Mention the ucode=scan option in the grub.d/xen documentation.
+
+ -- Hans van Kranenburg <hans@knorrie.org> Sat, 22 Jun 2019 11:15:08 +0200
+
xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high
* Update to new upstream version 4.11.1+92-g6c33308a8d, which also
# Do not automatically reboot after an error. This is useful for catching
# debug output.
#
+# ucode=scan (only for x86)
+# Scan the multiboot images mentioned in grub configuration for an cpio image
+# that contains cpu microcode. This enables loading microcode that is stored
+# in the dom0 initrd.img.
+#
# Please also refer to the "Xen Hypervisor Command Line Options"
# documentation for the version of Xen you have installed. This
# documentation can be found at https://xenbits.xen.org/
projects / people / iwj / xen.git / commitdiff