Tue. Jan 28th, 2020

Debian rejects Intel’s microcode update due to licensing terms for restricted evaluation

1 min read

Intel processor recently broke out a new predictive execution vulnerability L1 Terminal Fault (L1TF) aka Foreshadow, which can be exploited by attackers to steal sensitive information. Fixing the vulnerability is considered to have a severe impact on processor performance.

Intel has released microcode updates, but the chip giant does not want anyone to know how much impact the patch has on performance. It adds clauses to the patch’s end-user license agreement that explicitly prohibits users from publishing or providing any software reviews or comparison test results.

Bruce Perens, a co-founder of the Open Source Initiative, believes the licensing agreement is unacceptable and thinks that Intel may want anyone not to evaluate its CPU.

The popular Linux distribution Debian is proud of its freedom and openness because this restrictive clause developer refuses to accept Intel’s microcode update.