Ubuntu – Intel-microcode package upgrade in ubuntu 18.04 leads to unbootable system

18.04aptbootcpuintel

in my earlier question you can find at:
Blackscreen after GRUB screen right after upgrading Ubuntu 18.04

i describe my error:

I'm using an Asus Zenbook UX562F with an integrated GTX 1050 Max-Q.
After the installation, I installed Nvidia-390 and updated the kernel
with ukuu to 4.20.17 to fix no sound issue.

After the reboot, everything went well and I did:

apt-get update apt-get upgrade + J

All was done well, so I restarted and on the next boot after selecting
Ubuntu in GRUB it gave me a long black screen (violet screen) where
nothing changes after so much time.

I tried to add nomodeset and noveau.modeset=0 single and together but
didn't help so I don't know what to do.

After investigating deeper by installing packages and try to boot i found out that the package which is causing the error is:

intel-microcode

when i purge and block this package with:

sudo apt-get purge intel-microcode
sudo apt-mark hold intel-microcode

before upgrading wuth

sudo apt-get upgrade

my system is able to boot normal.

The problem i see is that as i understand it the package protects my intel cpu

Intel® Core™ i7 8565U 1.8 GHz

is vulnearable to meltdown attacks which get fixed by the package.

What can i do to fix the vulnearbility and also get my system to a bootable state?

Thanks for your help
Vimu

Edit:
I used the manual update technique mentioned at (in german):

https://www.thomas-krenn.com/de/wiki/Intel_Microcode_unter_Linux_aktualisieren

and i used the files from the intel github repo:

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

with the following code mentioned in the tutorial to update the firmware microcode files

sudo cp intel-ucode/06-8e-09 /lib/firmware/intel-ucode/
echo 1 | sudo tee /sys/devices/system/cpu/microcode/reload

i overwrote the old microcode firmware with the newest available on the intel repo

it leada to a bootable system

will this be the best possible fix without upgrading the intel-microcode package provided by apt?

Best Answer

When the meltdown and spectre virus potential was first discovered (but no actual virus) the first patches in early 2018 also broke the microcode.

The microcode is loaded before grub boots the kernel during the initramfs stage but you can also tell the kernel not to run the code until the microcode is fixed. This may or may not give you microcode updates and still run the kernel. You would need to update your grub command line with these options:

nopti nospectre_v2 nospec

These three grub options are what I use but the middle link above has even more options to consider.

I'm not suggesting you disable your meltdown/spectre kernel options for speed but rather in order to use your microcode.

The other option is to roll back your microcode to a version prior to the bug. You can only discover if this is possible by trial and error:

Related Question