[coreboot] Does the 62xx Series Opteron work *securely* without microcode?

[Sam Kuper]

On 25/01/2017, ron minnich <rminnich at gmail.com> wrote:
> If you have a machine with microcode updates, you
> should load the updates. I have never understood the objections to
> microcode blobs. If you accept the microcode that's on the machine already,
> then objecting to the microcode blob is creating a distinction without a
> difference.

That reasoning ignores the case where the user might consider the
manufacturer(s) to have been (relatively) trustworthy at the time the
machine and it's components were manufactured, but to have
subsequently become less trustworthy.

In such a case, the user would be right to avoid the microcode updates.

Hypothetical example: I buy a machine with built-in microcode from the
young Anakin Skywalker. A decade later, Darth Vader releases a
microcode update. Should I apply it?