Intel-microcode package upgrade in ubuntu 18.04 leads to unbootable system
in my earlier question you can find at: Blackscreen after GRUB screen right after upgrading Ubuntu 18.04
i describe my error:
I'm using an Asus Zenbook UX562F with an integrated GTX 1050 Max-Q. After the installation, I installed Nvidia-390 and updated the kernel with ukuu to 4.20.17 to fix no sound issue.
After the reboot, everything went well and I did:
apt-get update apt-get upgrade + J
All was done well, so I restarted and on the next boot after selecting Ubuntu in GRUB it gave me a long black screen (violet screen) where nothing changes after so much time.
I tried to add nomodeset and noveau.modeset=0 single and together but didn't help so I don't know what to do.
After investigating deeper by installing packages and try to boot i found out that the package which is causing the error is:
intel-microcode
when i purge and block this package with:
sudo apt-get purge intel-microcode
sudo apt-mark hold intel-microcode
before upgrading wuth
sudo apt-get upgrade
my system is able to boot normal.
The problem i see is that as i understand it the package protects my intel cpu
Intel® Core™ i7 8565U 1.8 GHz
is vulnearable to meltdown attacks which get fixed by the package.
What can i do to fix the vulnearbility and also get my system to a bootable state?
Thanks for your help Vimu
Edit: I used the manual update technique mentioned at (in german):
https://www.thomas-krenn.com/de/wiki/Intel_Microcode_unter_Linux_aktualisieren
and i used the files from the intel github repo:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
with the following code mentioned in the tutorial to update the firmware microcode files
sudo cp intel-ucode/06-8e-09 /lib/firmware/intel-ucode/
echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload
i overwrote the old microcode firmware with the newest available on the intel repo
it leada to a bootable system
will this be the best possible fix without upgrading the intel-microcode package provided by apt?
When the meltdown
and spectre
virus potential was first discovered (but no actual virus) the first patches in early 2018 also broke the microcode.
The microcode is loaded before grub
boots the kernel during the initramfs
stage but you can also tell the kernel not to run the code until the microcode is fixed. This may or may not give you microcode updates and still run the kernel. You would need to update your grub command line with these options:
nopti nospectre_v2 nospec
-
nopti
How to disable Page Table Isolation to regain performance lost due to Intel CPU security hole patch? -
nospectre_v2
HOWTO make Linux run blazing fast (again) on Intel CPUs -
nospec
Can I disable the intel spectre fixes?
These three grub options are what I use but the middle link above has even more options to consider.
I'm not suggesting you disable your meltdown/spectre kernel options for speed but rather in order to use your microcode.
The other option is to roll back your microcode to a version prior to the bug. You can only discover if this is possible by trial and error:
- Where to find older source&binary package versions?