Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers

    Posted on January 12th, 2018 at 06:57 woody Comment on the AskWoody Lounge

    If you own a PC with a Haswell or Broadwell processor (roughly 2014 to 2016 vintage), I strongly recommend that you refrain from installing the Meltdown/Spectre firmware updates, when they arrive.

    Intel’s detected a teensy-tiny problem.

    Computerworld Woody on Windows.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers

    This topic contains 58 replies, has 25 voices, and was last updated by  WildBill 2 months, 1 week ago.

    • Author
      Posts
    • #158768 Reply

      woody
      Da Boss

      If you own a PC with a Haswell or Broadwell processor (roughly 2014 to 2016 vintage), I strongly recommend that you refrain from installing the Meltdo
      [See the full post at: Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers]

      10 users thanked author for this post.
    • #158769 Reply

      Noel Carboni
      AskWoody MVP

      Thanks, Woody. I have just such a system, new in April 2015, and in a critical role. It runs continuously for months between reboots without any problems. While a performance hit would be most unwanted, a stability hit would be devastating.

      Just to be clear, in this case we’re talking about BIOS-borne patches, right, not Microsoft’s Windows Updates?

      And as far as I can tell BIOS downloads that change in-processor microcode are not always easily reversible.

      -Noel

      My new motto: Always think first: What price security?

      2 users thanked author for this post.
      • #159202 Reply

        Jan K.
        AskWoody Lounger

        Found an interesting approach on a Red Hat page, see this post

        Also found, how Intel has released updated microcode for all cpus (see post above the linked one)… adding these to your Linux system is “a piece of cake”. Adding them to your Microsoft system? Good luck to yyou!

    • #158781 Reply

      rontpxz81
      AskWoody Lounger

      Windows Update did not offer the KB 4056892/January 2018 rollup on my Windows 7 machine with a Haswell processor- thankfully as I might have installed it as I had no problems yet on my other Skylake machine.

      Of concern to me is that the rollup may contain other security fixes other than the Meltdown/Spectre firmware patches.  Microsoft need to separate the patches to ecxlude the Meltdown/Spectre firmware patches.

    • #158787 Reply

      alpha128
      AskWoody Lounger

      My PC has a Haswell chip, so this news affects me directly.

      My other question is, how we get the update once it is fixed? The article says, “we will distribute that update through the normal channels” which is vague to say the least.

      1 user thanked author for this post.
    • #158788 Reply

      anonymous

      Intel is advising ‘a strategically important segment of customers’ to avoid installing the patches until further notice, according to Intel’s Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel. The Wall Street Journal reported it yesterday ( I have not linked to it because it is for subscription only readers).

      Who are these ‘strategically important customers’ ?

      1 user thanked author for this post.
      • #158851 Reply

        anonymous

        Probably the data center administrators, governments, the Original Equipment Manufacturers, the shareholders? The most strategic customers are the end users of a product, which means everybody who has an affected Intel CPU.

        I’m sure some end users would like to “discuss” this processor matter with him…

        1 user thanked author for this post.
    • #158802 Reply

      anonymous

      It is going to take some time for the dust to settle on the BIOS/microcode updates for Intel CPUs. I built a high end system about 3 and a half years ago with a Core I7 Haswell CPU in an Asus motherboard. It has been really difficult to figure out whether Asus will distribute firmware updates for any Core 4th generation processors. They are making noises about only supporting systems 3 years old or less and are concentrating on only 6th, 7th and 8th generation CPUs and chipsets. On one level, this surprises me in that one might think that extended support for major security vulnerabilities would take precedent over normal support for ‘run of the mill’ bug fixes. It may be just me being a tad cynical, but I get a vague feeling that Meltdown/Spectre is going to be used to artificially induce an accelerated equipment replacement cycle coupled with forced migration to W10. I could say more on this but I have to stop so I can fix the point on my tinfoil hat!

      10 users thanked author for this post.
      • #158811 Reply

        David F
        AskWoody Lounger

        I’m in the same boat, I have a Haswell E on an Asus X99 mb, though TBH I’m not losing much sleep over the whole affair at the moment

        • This reply was modified 3 months, 1 week ago by  David F.
        2 users thanked author for this post.
      • #158848 Reply

        HiFlyer
        AskWoody Lounger

        Re: Anon #158802

        “It may be just me being a tad cynical, but I get a vague feeling that Meltdown/Spectre is going to be used to artificially induce an accelerated equipment replacement cycle coupled with forced migration to W10.”

        You’re not the only one.   Sounds quite reasonable to me.   ASUS with Haswell laptop, two older Gateways with AMD….and a brand new Chromebook.

         

         

         

        2 users thanked author for this post.
      • #158927 Reply

        John in Mtl
        AskWoody Lounger

        I had thought about this too when I first read about this huge problem & then put on my tin foil hat… “what a good way to whip up PC sales and waddayaknow, they only come with windows 10 now.  What a strange coincidence”.

        5 users thanked author for this post.
    • #158807 Reply

      jescott418
      AskWoody Lounger

      Yep, got a mini desktop with a Braodwell 5005u and a full size desktop with a Hazwell 4130. Decided I wasn’t going to do any firmware updates until they prove reliable. So far this stuff has been just thrown out there in a panic which I think is not needed. Its that old saying the fix is worse then the threat.

      4 users thanked author for this post.
    • #158808 Reply

      jescott418
      AskWoody Lounger

      Thanks Woody, glad I decided myself to put a hold on any firmware updates. Given the mess so far, I will wait for other guinea pigs to test out these updates. More worried about the fixes then the threats.

      1 user thanked author for this post.
    • #158823 Reply

      amraybt
      AskWoody Lounger

      Both of my systems are Haswell. I specifically chose that platform when Skylake was new and Windows 10 had come out, to avoid some of the complications with installing 7 on Skylake (and eventually, MS blocking 7/8.1 updates on its later platforms). Funny how that worked out after all…

      At this rate I do not plan to update firmware/BIOS on either system. I won’t say never, but for now it’s a waiting game. This is a mess of epic proportions.

      -- Lifelong member of Group B, currently on Group W sidelines --
      Win 7 Pro x64 desktop (Haswell CPU, AMD GPU)
      Win 8.1 Home/Basic x64 laptop (Haswell CPU, Nvidia GPU)

      • This reply was modified 3 months, 1 week ago by  amraybt.
      5 users thanked author for this post.
    • #158828 Reply

      anonymous

      Posted this yesterday but never appeared here. Had a critical alert mail from HP to update the BIOS on my Zbook 17 plain Jane workstation, Haswell CPU. Called Business Support to confirm the Softpaq number. Rep said that this was not the Meltdown/Spectre update although this update was a later number. Rep said to install and said there ought to be no slowdown although they had a fix if it did. Installed and no slowdowns noted.

      As for the knee-jerk January patches from All directions, totally confused and confounded… 🙁 Tempted to lock down Windows Update and hope Firefox ESR, Noscript and Kaspersky updates can block attack vectors??? UGH!!!

      3 users thanked author for this post.
    • #158844 Reply

      Cousinjack
      AskWoody Lounger

      I have 3rd, 4th and 6th generation CPUs on my Win7 rigs.  The OEMs/component manufactuers do not appear to be commonly supporting hardware configurations that are more than 3 years old, and there is certainly no reliable information on the patch impact on older hardware. So it seems to me that those of us with older set ups need to act like its 2020, switch off up dates and apply commonsense security controls going forward.

      Personally I think this fiasco is detrimental to IT in general, and pushing people to ‘safer’ thin client, smart phone and console options.  For microsoft are CEOs going to commit to going to the cloud with there core customer and commercial data when every week there are new vulnerabilities in hardware and software

      Old rigs are on their own from here on out.

      8 users thanked author for this post.
      • #158934 Reply

        wdburt1
        AskWoody Lounger

        Checking today, I jumped from 3rd generation (two Win7 machines in service) to 6th generation (two Win7 machines in “life support” storage), so neither is Haswell or Broadwell.  To say nothing of two laptops, one WinXP and the other Win7, to run scanners.

        I doubt the manufacturers are going to do anything to support the older machines, and perhaps not the later ones.

        This site has been a guide through the fiasco, but it remains a fiasco, which leads me to avoid the January patches altogether.  Where we go from there remains under consideration.

        • This reply was modified 3 months, 1 week ago by  wdburt1.
        1 user thanked author for this post.
      • #158989 Reply

        Jan K.
        AskWoody Lounger

        Old rigs are on their own from here on out.

        It may actually turn out to be a good thing! 😀

        Somehow I doubt we’ll ever see any exploits that will pass adblockers, firewalls and updated browsers…

        I’m in the middle of rebuilding my old 2012 rig and have spent a small fortune on a new fancy pump, SSDs, switches, wiring, cables and what not, so I don’t really have time for second-thoughts, less alone any panic attacks.

         

        1 user thanked author for this post.
    • #158845 Reply

      Microfix
      AskWoody MVP

      Yup, noticed this warning on The Register this morning.

      Our Haswell rig is still at Defcon 1 from the begining of the new year, waiting for the dust to settle from intel, MS and 3rd party AV.

      I did have an inclination that issues were not solely down to MS, hence my Defcon 1. I’m not expecting a BIOS Firmware update anytime soon from ASUS but, you never know..

      PC homebuilt in early 2015.

      | 2x Group A- W8.1 | 64bit | | Group W W7/ XP | offline | | Group A+ Linux Hybrid | 64bit |
        No problem can be solved from the same level of consciousness that created IT - AE
      2 users thanked author for this post.
    • #158873 Reply

      javacatpaul
      AskWoody Lounger

      I too am in the same boat, ASRock w/ Haswell and Win 7 x64 from a few years back.  FWIW, here’s some info I have gathered over the past few days.

      1) Intel releases microcode FOR LINUX on a fairly regular basis. You can use it too, see #2.  The path is “https://downloadcenter.intel.com/download/27431”.  This database update came out on 8JAN18, and IS THE ONE CAUTIONED AGAINST NOW.  On that page you can see the previous releases, the last being 11NOV17 .

      2) To make use of this you need to go here:  “https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver#instructions”.  This will install a Windows driver that updates your microcode on every startup.  READ THE INSTRUCTIONS, it isn’t really that hard.  ALSO READ THE COMMENTS, there have been MANY over the last few days.  This driver works well (and has for years) HOWEVER it appears that it runs TOO LATE in the start-up sequence for the new Microsoft Windows code update to notice – Win sees the old (bios) uCode version number.  MS NEEDS TO *FIX* THIS, IMHO, but they may not realize it  yet.  It should not be too hard to do a “later” double check.  Anyway, the VMWare people may beat MS to the punch by updating their driver to run much earlier; it is a KERNEL_LEVEL driver now, there is such a thing as a BOOT_LEVEL driver but those have far fewer resources to build upon; and since it works great as it is they really don’t have any responsibility here [but they ARE listening and giving feedback – GREAT GUYS ALL AROUND – THANK YOU VMWare Gurus!]

      3)  Microsoft COULD and SHOULD [and MUST!] just update the uCode themselves and then they would be 100% sure of the config – they used to do just that, but haven’t bothered in years;  the win-supplied file mcupdate_GenuineIntel.dll dates to 2010!  They could just update that, and maybe someday they will…

      4)  So, what’s in this new microcode? Two things apparently: a few existing instructions have had minor modifications made to them that slightly changes their branch prediction semantics, and 2) a few BRAND NEW instructions have been created that an OS can use to “get around” the Meltdown/Spectre problems (if properly utilized!).  That’s why you need both uCode and Patches for a complete fix.

      ————-

      So for Haswell fans, my Mobo bios has microcode version 19, the last available from ASRock (August 2015).  The 11NOV17 (and many prior) Intel db mentioned above takes that to 22 – It has worked just fine for a long time now.  The 08JAN18 update took it to 23; I tested it and it did install and booted fine, showing up as 23 (as the releasenote said it would, and HWINFO.EXE confirmed).  I then went right back to 22, and plan to stay there for (ever) now.  I imagine version 24 is not too far off…

      But ultimately, I don’t think I _EVER_ want this “fix”.  Toward that end I have taken an Image Snapshot of my system and named it “BEFORE_DEGRADATION.TLB” and stored it away carefully.  I suspect I will be restoring from it many times in the future…

      -=Paul=-

       

      5 users thanked author for this post.
      • #158907 Reply

        Steven S.
        AskWoody Lounger

        Thanks. Looks like this approach allows the software ‘bios update’ to be easily reversible – without all the hassle and trepidation of flashing the BIOS and possibly bricking one’s machine. Intel even provides 2018 microcode updates for my old but still serviceable (to me) Arrandale processors. The last BIOS Lenovo released for my laptops was 2/14/2013. This is  in my toolkit for now. I may try the 11/17 microcode soon, while avoiding the 1/18 microcode for now.

        One thing of note, based on my reading of the comments section of VMware: the microcode version 20180108, still doesn’t address Spectre and Meltdown security risks. Is this your understanding, too?

        • This reply was modified 3 months, 1 week ago by  Steven S..
      • #158918 Reply

        MrBrian
        AskWoody MVP

        Related topic: Intel has released microcode update v20180108 with Meltdown/Spectre fixes.

        1 user thanked author for this post.
        • #158974 Reply

          Steven S.
          AskWoody Lounger

          Thanks. I now see the vulnerability fixes in 20180108 are CPUID by CPUID. Unfortunately, mine aren’t yet in the list (and may never be…).

          1 user thanked author for this post.
    • #158931 Reply

      mazzinia
      AskWoody Lounger

      Given all this mess, what’s the general opinion about bargain hardware ? “safe” (sort of) from xeon E5 v2 ?

    • #158941 Reply

      anonymous

      I don’t intend to install any Intel firmware patches until word comes down that this has been ironed out (and maybe not then,) but, would still appreciate it if anyone could link me to where one would find them for Haswell refresh processors?

    • #158968 Reply

      anonymous

      https://www.gigabyte.com/Press/News/1586

      For those interested. I would imagine patches for generations prior to 6th will be released but whether they go all the way back to 1st (which I’m using) is anyone’s guess. Then again, the slowdown analysis is really making me question installing any of them when i come round to it. I don’t want my very reliable system brought to its knees over this when I practice very safe browsing anyway. Blah! Go away, 2018.

      Also, for some reason I haven’t received any registration email, are they known to take a while?
      -T

      2 users thanked author for this post.
      • #159014 Reply

        Kirsty
        AskWoody MVP

        Also, for some reason I haven’t received any registration email, are they known to take a while?
        -T

        Please see this thread about registration problems – hopefully we can get you sorted out reasonably quickly 🙂

        • #159097 Reply

          anonymous

          Thank you, Kirsty. I picked the username ‘T’ and then realised the system probably doesn’t like single letter usernames.

          -T

          • #159156 Reply

            Kirsty
            AskWoody MVP

            No, the system has definitely recorded your account, so that wasn’t the problem. It is likely to have been an email issue somewhere in the system, sorry.

            1 user thanked author for this post.
            T
            • #159528 Reply

              T
              AskWoody Lounger

              No problem. Woody very kindly got in touch with me so i’m all sorted now. 🙂

            • #159531 Reply

              PKCano
              AskWoody MVP

              Your first registered post has to be moderated. After that, you’re good to go.
              Welcome (to the Machine?)

              1 user thanked author for this post.
              T
            • #159534 Reply

              T
              AskWoody Lounger

              I see, got it.

              Thanking you kindly… resistance is futile.

          • #160163 Reply

            AlexEiffel
            AskWoody MVP

            No, we have a user named b here and we can say for sure the system likes him.

      • #159222 Reply

        wdburt1
        AskWoody Lounger

        The question now, I think, is whether a non-vulnerable browser and adequate AV software make further steps, and the risk, unnecessary.

    • #159064 Reply

      James Bond 007
      AskWoody Lounger

      As I am running several X99 systems (6800K / 5820K / Xeon E5 2683 v3) with Windows 7 and a Z97 system (4790K) this problem affects me directly. I will definitely wait even if BIOS updates with new microcode are available from the motherboard vendors (Gigabyte and Asus in my case).

      Gigabyte has promised to release new BIOS updates for its Skylake / Kaby Lake / Coffee Lake and X99 / X299 motherboards to mitigate the Spectre (Variant 2) problem, it seems. (But there are no promises of any fixes for older motherboards like those in the Sandy Bridge or Ivy Bridge family.) I checked for my X99 and Z270 motherboards and they are not yet available. But even if they are it seems to be wiser to wait until any problems are found and fixed. I will not want to have the security problem mitigated but then have stability issues on my main computers.

      Really a mess from Intel at the moment.

      Hope for the best. Prepare for the worst.

    • #159158 Reply

      MrBrian
      AskWoody MVP

      From Lenovo: Reading Privileged Memory with a Side Channel (my bolding):

      ‘Withdrawn CPU Microcode Updates: Intel provides to Lenovo the CPU microcode updates required to address Variant 2, which Lenovo then incorporates into BIOS/UEFI firmware. Intel recently notified Lenovo of quality issues in two of these microcode updates, and concerns about one more. These are marked in the product tables with “Earlier update X withdrawn by Intel” and a footnote reference to one of the following:

      *1 – (Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep (S3) cycling. If you have already applied the firmware update and experience hangs during sleep/wake, please flash back to the previous BIOS/UEFI level, or disable sleep (S3) mode on your system; and then apply the improved update when it becomes available. If you have not already applied the update, please wait until the improved firmware level is available.

      *2 – (Broadwell E) Symptom: Intermittent blue screen during system restart. If you have already applied the update, Intel suggests continuing to use the firmware level until an improved one is available. If you have not applied the update, please wait until the improved firmware level is available.

      *3 – (Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults, which they are currently investigating. Out of an abundance of caution, Intel requested Lenovo to stop distributing this firmware.’

      • This reply was modified 3 months, 1 week ago by  MrBrian.
      • This reply was modified 3 months, 1 week ago by  MrBrian.
      2 users thanked author for this post.
    • #159204 Reply

      GoneToPlaid
      AskWoody Lounger

      …And as far as I can tell BIOS downloads that change in-processor microcode are not always easily reversible. -Noel My new motto: Always think first: What price security?

      True. One has to be very careful to use the correct method to install a BIOS update which also updates CPU microcode. Likewise, the reverse is also true, but only if there is a previous BIOS update available which also contains a previous version of CPU microcode. One would have to install that previous BIOS update, and then install the most recent BIOS update which doesn’t contain the latest CPU microcode update which you are trying to undo. It is unclear if utilities which save your current BIOS before updating also save the current CPU microcode which is saved in a different portion of the BIOS.

    • #159214 Reply

      GoneToPlaid
      AskWoody Lounger

      …Tempted to lock down Windows Update and hope Firefox ESR, Noscript and Kaspersky updates can block attack vectors??? UGH!!!

      In Firefox, make sure you disable several things by opening about:config and making the following changes.

      Disable javascript memory pooling to somewhat mitigate Meltdown/Spectre attacks:

      Set javascript.options.shared_memory to false

      The above does incur a bit of a performance penalty. The above setting is being pushed out by Mozilla to the ESR branch as well. I further recommend the above setting since my testing shows that poorly coded javascript on a web page can cause the shared javascript memory pool to continue to grow even after all browser tabs have been closed and I am staring at a single blank tab. And seriously, memory pooling for all javascript programs running in all tabs? Wasn’t that a potential security issue just waiting to happen? Apparently so since Mozilla is disabling it via the above config entry as a direct response to Meltdown/Spectre.

      Opt out of Mozilla HTTP telemetry testing:

      Set browser.cache.frecency_experiment to -1

      Negative 1 and “frecency”, directly above, are not typos. If you set this config entry to zero, it will automatically randomize to a setting of 1 or 2 or 3 or 4 the next time you launch Firefox, and the experiment will run again, setting different HTTP decay times of up to 6 hours! Setting the above config entry to negative 1 prevents the experiment from ever running again. If you find that your current setting for the above config entry is set to 2, and you have noticed that typing in Firefox becomes slow after Firefox has been running for a long time, the above config entry is the culprit. Additionally, also set the HTTP decay time to a reasonable value as shown below.

      Set browser.cache.frecency_half_life_hours back to 1

      Opt out of Mozilla’s Shield studies:

      You know, the study where Mozilla decided to promote a TV show related game which caused many people to think that their computer had become infected with malware.

      Set app.shield.optoutstudies.enabled to false

      Best regards,

      –GTP

       

      9 users thanked author for this post.
      • #159424 Reply

        Noel Carboni
        AskWoody MVP

        The above does incur a bit of a performance penalty.

        That sentence made me think, and shake my head a bit about this predicament Intel et. al. have put us in.

        What’s better? A bit of a slowdown in browsing, OR… Slowing the entire system down to make it impossible for some executable to see some other executable’s RAM.

        I’m the guy who still disables UAC, because I believe that guarding the borders VERY well and trusting those programs inside is a better way to do computing. So far it works for me.

        This whole mess strikes me as a bunch of geeks running around panicking and screaming “the sky is falling” because they have suddenly found out – surprise, computing isn’t utterly secure – when it never was and never will be.

        -Noel

        6 users thanked author for this post.
        • #159568 Reply

          anonymous

          They’re talking about SharedArrayBuffer, used to aid multi-core processing within Javascript, using multiple workers to access a single shared memory space. It’s an advanced feature, only deployed in 2016, not something most websites use:

          https://hacks.mozilla.org/2016/05/a-taste-of-javascripts-new-parallel-primitives/

          Computing is never perfectly secure, but being able to compromise the entire system from user mode (Meltdown), possibly even via a website, counts as Critical in almost any book.

          As for the general issue of performance vs. security: it’s unfortunate that we have to choose, though if you look at it another way, those with Intel chips had a five year advantage over the less-than-stellar AMD chips of the same era which is only now being leveled out. (And that not completely, because Spectre has its own costs – AMD hasn’t even enabled branch protection on anything but Zen yet, so we’ve yet to see its full impact).

          2 users thanked author for this post.
          • #160729 Reply

            Noel Carboni
            AskWoody MVP

            Sure, and the end-user impact of some future web site not being able to do multi-threaded Javascript is what? Slower operation.

            I don’t know about you, but I don’t really hope for web sites to do ever more fancy stuff.

            But think a little deeper… Why don’t Apps really take off? You know, those pre-screened things you find at places like the Microsoft Store? Maybe part of the problem is that people can already get the services Apps provide via web sites.

            If a web browser can do something, like I don’t know, show you the weather, why would you need an App?

            No Earth-shaking point here, just that the conversation keeps steering toward making things accepted givens (e.g., browsers running untrusted code) that should not be.

            -Noel

    • #159364 Reply

      GoneToPlaid
      AskWoody Lounger

      Both of my systems are Haswell. I specifically chose that platform when Skylake was new and Windows 10 had come out, to avoid some of the complications with installing 7 on Skylake (and eventually, MS blocking 7/8.1 updates on its later platforms). Funny how that worked out after all… At this rate I do not plan to update firmware/BIOS on either system. I won’t say never, but for now it’s a waiting game. This is a mess of epic proportions.

      Hello everyone,

      Yeah, this is an unholy mess. Hopefully Intel will fix this mess. I have three computers with Core I5 Haswell CPUs. Just like you, I specifically chose Haswell over Skylake for the very same reasons as you did. I do plan to update the BIOS on each of these computers — once Intel eventually fixes this mess. Yet before I do update the BIOS on each of these computers, I will make sure that I have a way to re-flash each BIOS back to a previous version which contains the previous microcode. Flashing microcode into BIOS requires using the correct utility, and following the correct procedures. If you don’t use the correct utility or follow the correct prodecures, then the microcode will not get flashed into the BIOS.

      Again, there are specific procedures for flashing the BIOS with either new or previous microcode which is stored in an entirely separate memory block within the BIOS. You have to check with the motherboard manufacturer to make sure that you use both the proper utility and the proper procedures, or otherwise the microcode which you want to either update or restore will NOT get flashed into the BIOS. One memory block in the BIOS contains all of the stuff which you can see and configure when you go into your BIOS configuration screens. Another totally separate memory block within the BIOS contains the CPU microcode which the BIOS uses to program the CPU on every boot.

      Given that incorrect or faulty BIOS microcode can cause Windows to blue screen on boot, you must make sure that have a method such that you can re-flash your BIOS either from within the BIOS, via a command prompt before window boots, or via a USB stick. If the only method which have for flashing the BIOS is via a Windows utility, yet Windows won’t boot, then you will be in a pickle.

      Also note that the OS kernel can also program the CPU with new microcode. You all might recall that a year or two ago, Microsoft ran into issues which caused blue screens for some users. This is because Intel had released new microcode to OEMs who in turn created new BIOS updates for their customers. Yet Microsoft also released new microcode, via Windows Update, which updated the Windows kernel to program the CPU with Microsoft’s microcode. The purpose of the new microcode was for better compatibility with Windows 10. The side effect of the new microcode is that it caused issues for some Windows 7 users in the form of blue screens.

      If I decide to upgrade to Windows 10, only then I will download and flash the BIOS on my computers with the BIOS updates which are needed for installing Windows 10, and then I will install Windows 10 from scratch.

      The upshot is that I don’t use Windows 10. I have avoided installing all Microsoft updates which contain new microcode, delivered via Windows Update, onto my Windows 7 computers. If it ain’t broke, don’t fix it.

      Once Intel gets this mess sorted out and even if the OEMs for my computers don’t release new BIOS updates, then I will give a new Microsoft update with microcode fixes for Meltdown/Spectre a try — but only after I make full backups of the OS partitions on my computers.

      Note that motherboard manufacturers might not create BIOS updates for their older motherboards. It depends on how long they decide to support older motherboards. If you built your own computers, you should check with your motherboard manufacturers to see if they plan on releasing BIOS updates for your older motherboards to address the Meltdown/Spectre vulnerabilities. If they don’t plan to, then the only option will be from Microsoft via kernel updates, delivered via Windows Update, which contain new microcode for your CPUs.

      The industry has known about Meltdown/Spectre for six months or more. Yet how could motherboard manufacturers do broad testing? Could they tell consumers, “Hey, we want you to test this. We can’t tell you why we want you to test this. It may slow down your computer. It might cause your OS to crash. And it requires that you know how to reflash your computer’s BIOS from either within BIOS, from a command prompt, or from a USB stick.” Pretty much the same applies to Microsoft. Could Microsoft tell consumers, “Hey, we want you to try this Windows Update which contains new microcode. We can’t tell you why we want you to test this update. Windows may crash. You should only test this update after making a full backup of your Windows OS partition. You must be able to restore your Windows OS partition without first having to boot into Windows since Windows might not boot. This will require using third party backup utilities.”

      Best regards,

      –GTP

      6 users thanked author for this post.
    • #159518 Reply

      mazzinia
      AskWoody Lounger

      crossposting

      https://support.google.com/faqs/answer/7625886

      Retpoline

      in short, Google is working on this issue ( spectre variant 2 , the one requiring patches that slow down us a lot ) , and found a way to fix the issue with sort of 0 slowdowns and no bios update.
      How do we make Microsoft pull his jun… err beautiful patch and rewrite it to take advantage of Google’s smart programming teams ?

      • This reply was modified 3 months ago by  mazzinia.
      • This reply was modified 3 months ago by  mazzinia.
    • #160132 Reply

      GoneToPlaid
      AskWoody Lounger

      Today, Intel admitted that its microcode updates are causing more frequent reboots for all of its newer CPUs as well. It gets even better. Intel is telling vendors to optionally work on enhancements to mitigate the issue. It sounds like they are passing the buck.

      3 users thanked author for this post.
    • #160135 Reply

      anonymous

      Intel reported today that the frequent reboots issue with the microcode firmware updates also affects Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake processors. They report that they are still in the process of identifying the cause of the reboots but the issue is not limited to Haswell/Broadwell processors. Reported by MT Newswires, 1/18/18.

      2 users thanked author for this post.
    • #160155 Reply

      MrBrian
      AskWoody MVP

      From Intel: From Firmware Updates and Initial Performance Data for Data Center Systems (January 17, 2018): “I’ll be covering two topics in this blog post: our progress in rolling out firmware updates for the exploits, as well as addressing the reboot issue I discussed last week; and initial data from the benchmarking we are doing on data center platforms.”

      Hat tip to user GoneToPlaid.

      • This reply was modified 3 months ago by  MrBrian.
      2 users thanked author for this post.
    • #160700 Reply

      Kirsty
      AskWoody MVP

      Meltdown and Spectre: Good news for AMD users, (more) bad news for Intel
      Windows patches are fixed, but microcode updates are causing even more trouble.

      By Peter Bright | January 19, 2018

       
      If you’re unfortunate enough to have installed the previous, bad update and now have a system that crashes on startup, you’ll still have to roll back the bad update before you can install the new one. We’ve read reports that this is indeed possible, but unfortunately, Microsoft only offers generic guidance on troubleshooting blue screen of death crashes, not any specific steps to fix this specific issue.

      The bad news: Intel has previously warned that the microcode update it issued to provide some processor-based mitigation for some kinds of Spectre attack was causing machines with Haswell and Broadwell processors to reboot. It turns out that the problems are more widespread than previously reported: the chip company is now saying that Ivy Bridge, Sandy Bridge, Skylake, and Kaby Lake systems are affected, too.

       
      Read the full article here

      4 users thanked author for this post.
    • #161048 Reply

      Kirsty
      AskWoody MVP

      Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners

      By Navin Shenoy | January 22, 2018

       
      As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.

      Based on this, we are updating our guidance for customers and partners:

      We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
      We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.
      We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.

      I apologize for any disruption this change in guidance may cause. The security of our products is critical for Intel, our customers and partners, and for me, personally. I assure you we are working around the clock to ensure we are addressing these issues.

      I will keep you updated as we learn more and thank you for your patience.

       
      Reproduced in full from newsroom.intel.com

      3 users thanked author for this post.
      • #161052 Reply

        Kirsty
        AskWoody MVP

        Intel tells users to stop deploying buggy Spectre patch, citing technical issues
        More problems from the massive processor vulnerability

        By Russell Brandom | Jan 22, 2018

         
        Intel has a patching problem. All last week, users reported computers spontaneously rebooting after installing Intel’s Spectre/Meltdown patch. Now, Intel seems to be giving up on those patches entirely. In a post today, executive vice president Neil Shenoy announced that Intel had located the source of some of the recent reboot problems and is recommending users skip the patches entirely until a better version could be deployed.

         
        Read the full article here

        2 users thanked author for this post.
    • #166337 Reply

      WildBill
      AskWoody Lounger

      Thanks; I clicked through those links yesterday. The updated PDF in my link has been updated with even more information. The splash page now reads “Microcode Revision Guidance”. There are several products with Production Status & MCU’s. My Ivy Bridge Pentium is in Pre-Beta; early validation is being performed. Don’t worry; I’m not touching anything until it’s in Production. Even then, I won’t apply any microcode/firmware updates unless they come through Intel’s Driver & Support Assistant or ASUS (my OEM).

      Wild Bill Rides Again...

      1 user thanked author for this post.
    • #166345 Reply

      WildBill
      AskWoody Lounger

      Yes, I’m good; the problem is before vension 3.1.1. I’m currently on 3.1.2.2.

      Wild Bill Rides Again...

      • This reply was modified 2 months, 1 week ago by  WildBill.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Intel admits that its Meltdown/Spectre firmware patches trigger reboots on Haswell and Broadwell computers

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: