in my earlier question you can find at:
Blackscreen after GRUB screen right after upgrading Ubuntu 18.04
i describe my error:
I'm using an Asus Zenbook UX562F with an integrated GTX 1050 Max-Q.
After the installation, I installed Nvidia-390 and updated the kernel
with ukuu to 4.20.17 to fix no sound issue.After the reboot, everything went well and I did:
apt-get update apt-get upgrade + J
All was done well, so I restarted and on the next boot after selecting
Ubuntu in GRUB it gave me a long black screen (violet screen) where
nothing changes after so much time.I tried to add nomodeset and noveau.modeset=0 single and together but
didn't help so I don't know what to do.
After investigating deeper by installing packages and try to boot i found out that the package which is causing the error is:
intel-microcode
when i purge and block this package with:
sudo apt-get purge intel-microcode
sudo apt-mark hold intel-microcode
before upgrading wuth
sudo apt-get upgrade
my system is able to boot normal.
The problem i see is that as i understand it the package protects my intel cpu
Intel® Core™ i7 8565U 1.8 GHz
is vulnearable to meltdown attacks which get fixed by the package.
What can i do to fix the vulnearbility and also get my system to a bootable state?
Thanks for your help
Vimu
Edit:
I used the manual update technique mentioned at (in german):
https://www.thomas-krenn.com/de/wiki/Intel_Microcode_unter_Linux_aktualisieren
and i used the files from the intel github repo:
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
with the following code mentioned in the tutorial to update the firmware microcode files
sudo cp intel-ucode/06-8e-09 /lib/firmware/intel-ucode/
echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload
i overwrote the old microcode firmware with the newest available on the intel repo
it leada to a bootable system
will this be the best possible fix without upgrading the intel-microcode package provided by apt?
Best Answer
When the
meltdown
andspectre
virus potential was first discovered (but no actual virus) the first patches in early 2018 also broke the microcode.The microcode is loaded before
grub
boots the kernel during theinitramfs
stage but you can also tell the kernel not to run the code until the microcode is fixed. This may or may not give you microcode updates and still run the kernel. You would need to update your grub command line with these options:nopti
How to disable Page Table Isolation to regain performance lost due to Intel CPU security hole patch?nospectre_v2
HOWTO make Linux run blazing fast (again) on Intel CPUsnospec
Can I disable the intel spectre fixes?These three grub options are what I use but the middle link above has even more options to consider.
I'm not suggesting you disable your meltdown/spectre kernel options for speed but rather in order to use your microcode.
The other option is to roll back your microcode to a version prior to the bug. You can only discover if this is possible by trial and error: