Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Asus Zenbook UX533FD don't boot with intel-ucode 20190312 #1

Open
jledun opened this issue Apr 29, 2019 · 60 comments

Comments

Projects
None yet
@jledun
Copy link

commented Apr 29, 2019

Hello,

I'm an ArchLinux user on Asus Zenbook laptop and my laptop can't boot with the latest intel-ucode update 20190312.
I have to downgrade to 20180807.a to make it run again.

With the latest update of intel-ucode, after power on my laptop, the Asus splash screen appears then nothing else happen. I wait a few minutes then I push the power on button for 20 seconds to hard reset the laptop. After a reboot on live session, journalctl shows no entries even with the debug option in kernel command line.

It really looks like the chipset can't find any CPU.

Here are the system packages :

$ pacman -Q | grep -e linux-lts -e systemd -e intel-ucode -e iucode
intel-ucode 20180807.a-1
iucode-tool 2.3.1-2
linux-lts 4.19.37-1
linux-lts-headers 4.19.37-1
systemd 242.16-1
systemd-libs 242.16-1
systemd-sysvcompat 242.16-1

The laptop boots with systemd EFI boot :

$ cat /boot/loader/entries/arch-lts.conf 
title	Arch Linux lts
linux	/vmlinuz-linux-lts
initrd	/intel-ucode.img
initrd	/initramfs-linux-lts.img
options	root=UUID=522a7ae9-8ad6-441e-85e2-baf1074be7f2  rw debug

journalctl

$ journalctl -b
-- Logs begin at Sun 2019-01-13 21:29:21 CET, end at Mon 2019-04-29 10:54:51 CEST. --
-- No entries --

CPU details (8 identical CPUs)

$ head -n26 /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 142
model name	: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
stepping	: 11
microcode	: 0x98
cpu MHz		: 800.029
cache size	: 8192 KB
physical id	: 0
siblings	: 8
core id		: 0
cpu cores	: 4
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 22
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp flush_l1d arch_capabilities
bugs		: spectre_v1 spectre_v2 spec_store_bypass
bogomips	: 3984.00
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:

lspci

$ lspci 
00:00.0 Host bridge: Intel Corporation Device 3e34 (rev 0b)
00:02.0 VGA compatible controller: Intel Corporation UHD Graphics 620 (Whiskey Lake)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 0b)
00:08.0 System peripheral: Intel Corporation Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th Gen Core Processor Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Cannon Point-LP Thermal Controller (rev 30)
00:14.0 USB controller: Intel Corporation Cannon Point-LP USB 3.1 xHCI Controller (rev 30)
00:14.2 RAM memory: Intel Corporation Cannon Point-LP Shared SRAM (rev 30)
00:14.3 Network controller: Intel Corporation Cannon Point-LP CNVi [Wireless-AC] (rev 30)
00:14.5 SD Host controller: Intel Corporation Device 9df5 (rev 30)
00:15.0 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP Serial IO I2C Controller #0 (rev 30)
00:15.1 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP Serial IO I2C Controller #1 (rev 30)
00:15.3 Serial bus controller [0c80]: Intel Corporation Device 9deb (rev 30)
00:16.0 Communication controller: Intel Corporation Cannon Point-LP MEI Controller #1 (rev 30)
00:19.0 Serial bus controller [0c80]: Intel Corporation Device 9dc5 (rev 30)
00:1c.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #1 (rev f0)
00:1c.4 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #5 (rev f0)
00:1d.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #13 (rev f0)
00:1f.0 ISA bridge: Intel Corporation Cannon Point-LP LPC Controller (rev 30)
00:1f.3 Audio device: Intel Corporation Cannon Point-LP High Definition Audio Controller (rev 30)
00:1f.4 SMBus: Intel Corporation Cannon Point-LP SMBus Controller (rev 30)
00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP SPI Controller (rev 30)
02:00.0 3D controller: NVIDIA Corporation GP107M [GeForce GTX 1050 Mobile] (rev ff)
03:00.0 Non-Volatile memory controller: Sandisk Corp WD Black 2018/PC SN520 NVMe SSD (rev 01)
@Heidistein

This comment has been minimized.

Copy link

commented May 20, 2019

Confirmed. I tossed the microcode out of the initrd, the system works as expected.
Reloading it in the os (echo 1 > /sys/devices/something/something/reload) hangs the system immediately.

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Confirmed. I tossed the microcode out of the initrd, the system works as expected.
Reloading it in the os (echo 1 > /sys/devices/something/something/reload) hangs the system immediately.

Does this also reproduce with the 20190514 release? Or only with the 20190312 release?

@jledun

This comment has been minimized.

Copy link
Author

commented May 21, 2019

@mcu-administrator yes, I've got the same problem with 20190514 release.

@Heidistein

This comment has been minimized.

Copy link

commented May 21, 2019

Indeed, this problem is actual on the 20190514 release.

Edit: I see now that you run Arch, I experience the same thing on Fedora30.
Kernel version seems not to matter, seen on 5.0.{3,6,16}-300.fc30

@victormmtorres

This comment has been minimized.

Copy link

commented May 21, 2019

I came to this issue after tried many combinations and many times installing Linux distros (Ubuntu 16.04, 18.04, 19.04, Xubuntu 18.04) all had same issue after few restarts freeze at me moment of boot and it's same laptop Asus UX533FD.

Any hope of having Linux on my new laptop?

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented May 21, 2019

@jledun , @Heidistein , @victormmtorres Thanks for reporting this issue. We've opened an investigation based on your reports.

@breznak

This comment has been minimized.

Copy link

commented May 22, 2019

I confirm this on Ubuntu and any of 4.15, 4.18, 5.0 kernels.

Any hope of having Linux on my new laptop?

@victormmtorres as a workaround, you can add dis_ucode_ldr to your kernel command line (even from GRUB), you'll be able to boot normally then.

@jerbob92

This comment has been minimized.

Copy link

commented May 22, 2019

Can confirm, same CPU, same bug. Tried kernel 4.15, 4.18 and 5.1. Have 20190514 release installed (3.20190514.0ubuntu0.18.04.2). dis_ucode_ldr does fix boot.
If I can do anything to help/debug, let me know.

@victormmtorres

This comment has been minimized.

Copy link

commented May 23, 2019

Surely there is a guide to install dis_ucode_ldr could anybody give me a reference about how to do it?

cc @jerbob92 @breznak

@jerbob92

This comment has been minimized.

Copy link

commented May 23, 2019

@victormmtorres
You can add the dis_ucode_ldr to the startup line when going to Advanced Startup Options and press e on the option you want to use. Then add dis_ucode_ldr to the linux line.

You can also edit /etc/default/grub and add it to GRUB_CMDLINE_LINUX_DEFAULT, then run sudo update-grub for a more permanent fix.

I'm currently on a downgraded version of the microcode, which is the best fix IMHO:
sudo apt install intel-microcode=3.20180312.0~ubuntu18.04.1

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented May 24, 2019

@jledun Can you contact me through this email address? mcu_administrator@intel.com I have some additional questions and data we would like to collect to help us debug this.

@jerbob92 Can you do the same?

@tyhicks

This comment has been minimized.

Copy link

commented May 29, 2019

@mcu-administrator I recognize that it can help to take debugging offline but could you please provide periodic updates in this bug report? It will help redistributors of microcode to make decisions on whether or not rolling back this particular microcode is necessary in the short term.

@jerbob92

This comment has been minimized.

Copy link

commented May 29, 2019

@tyhicks, I'm not sure anything is happening at all... I emailed but never got a reply.

@tyhicks

This comment has been minimized.

Copy link

commented May 29, 2019

@tyhicks, I'm not sure anything is happening at all... I emailed but never got a reply.

I've spoken to their engineers about it and they are working on it.

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented May 29, 2019

@jerbob92 Sorry for the delay. We've been working on a list of what data we would like to help debug the issue. In the meantime, we have also been working to reproduce the issue and are also in contact with the system vendor. We'll get a response to you by the end of the week.

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented May 29, 2019

@jerbob92 I took a look in my inbox and I cannot seem to locate an email from you. Can you resend please?

@jerbob92

This comment has been minimized.

Copy link

commented May 30, 2019

@jledun

This comment has been minimized.

Copy link
Author

commented May 31, 2019

@mcu-administrator done too!

@jerbob92

This comment has been minimized.

Copy link

commented Jun 5, 2019

@mcu-administrator did you receive my mail? I did not hear anything back.

@jledun

This comment has been minimized.

Copy link
Author

commented Jun 5, 2019

@jerbob92 I've got this awswer from @mcu-administrator :

Thanks for reaching out to us with the offer to help in debugging this issue. We are currently working with Asus to reproduce the issue. Based on the outcome of that work, we may have some additional questions or data we need to collect. I'll be in touch to keep you updated as we progress.

Seems like it takes some time to reproduce.

@svedrenne

This comment has been minimized.

Copy link

commented Jun 5, 2019

This tracker reports the issue on ASUS UX533FD.
For information, I have the same issue on ASUS UX533FN.

@Heidistein

This comment has been minimized.

Copy link

commented Jun 5, 2019

@svedrenne Actually, yes. Reading is something. I have the UX333FN_RX333FN edition.
However, I think it is not linked to the specific notebook, but the CPU.

@jerbob92

This comment has been minimized.

Copy link

commented Jun 5, 2019

For anyone that uses the downgrade method for the intel-microcode package, be sure to lock the version while they work on a fix to be sure that you won't upgrade it by accident. You can do this using sudo apt-mark hold intel-microcode. When a fix is released you can use sudo apt-mark unhold intel-microcode to unlock.

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented Jun 5, 2019

Update: Asus has shipped us a system to work with on this issue. We are expecting to have it in the lab before the weekend. I'll provide an update on progress as we have something to report.

@mcu-administrator

This comment has been minimized.

Copy link
Contributor

commented Jun 10, 2019

Update: We have received a system from Asus and have been able to reproduce the failure in our lab. Debug is underway. I'll provide the next update when we have the root cause and a plan for the availability of a fix.

@philjoseph

This comment has been minimized.

Copy link

commented Jun 11, 2019

I confirm this on Ubuntu and any of 4.15, 4.18, 5.0 kernels.

Any hope of having Linux on my new laptop?

@victormmtorres as a workaround, you can add dis_ucode_ldr to your kernel command line (even from GRUB), you'll be able to boot normally then.

What is the impact of the workaround on the performance of the laptop ? Shall we switch to the fix once available or the workaround has no effect ?

@victormmtorres

This comment has been minimized.

Copy link

commented Jun 11, 2019

What is the impact of the workaround on the performance of the laptop ? Shall we switch to the fix once available or the workaround has no effect ?

I could not notice any impact as this was truly blocking for me, without this workaround just after install ubuntu and restart have this issue

@markgross

This comment has been minimized.

Copy link

commented Jun 11, 2019

What BIOS versions are folks reproducing this problem with?

@Heidistein

This comment has been minimized.

Copy link

commented Jun 11, 2019

BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX333FN.204
        Release Date: 09/20/2018
<snip>
        BIOS Revision: 5.13
@pcans

This comment has been minimized.

Copy link

commented Jun 12, 2019

        Vendor: American Megatrends Inc.
        Version: X530FN.300
        Release Date: 11/01/2018
        BIOS Revision: 5.13

and the X530FN.207 also.

@philjoseph

This comment has been minimized.

Copy link

commented Jun 12, 2019

BIOS Information
Vendor: American Megatrends Inc.
Version: X430FN.300
Release Date: 11/22/2018
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16 MB
Characteristics: <...>
BIOS Revision: 5.13

@svedrenne

This comment has been minimized.

Copy link

commented Jun 12, 2019

ASUS UX533FN with BIOS version 202 (10/03/2018).
BIOS information:
Build Date: 10/03/2018
BIOS Vendor: American Megatrends
Version: 202
GOP Version: 9.0.1080
EC Version: FOWL1001.002
Processor Information: i7-8565U CPU @ 1.80GHz
Total Memory: 16384 MB

@Heidistein

This comment has been minimized.

Copy link

commented Jun 12, 2019

update: It appears that updating my BIOS did the trick. Still rather odd, and struck me with lots of trouble.
What the exact trick is, could be either:

  • The updated BIOS itself
  • Disabling secure-boot (for my dkms modules did not load anymore)

Asus has an exceptional detailed changelog of their BIOS firmware revision:

Versie 302 2019/04/09
BIOS 302
Optimize system performance

dmesg tells me:

# dmesg | grep microcode
[    0.310176] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[    0.965209] microcode: sig=0x806eb, pf=0x80, revision=0x98
[    0.965477] microcode: Microcode Update Driver: v2.2.

dmi bios info:

BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX333FN.302
        Release Date: 01/28/2019
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics: ...
        BIOS Revision: 5.13
@jerbob92

This comment has been minimized.

Copy link

commented Jun 12, 2019

@Heidistein it could be that the BIOS update contains the latest microcode, the kernel won't load microcode when the latest code is already loaded from BIOS.

I just checked, the latest BIOS version for my laptop (Zenbook UX480FD) on the Asus site is BIOS 301 2018/11/28, so this update is not available for everyone.

@howaboutsynergy

This comment has been minimized.

Copy link

commented Jun 12, 2019

Asus has an exceptional detailed changelog of their BIOS firmware revision:

If I knew THAT before buying the motherboard I would've chosen a different brand.
I mean look at this:
the change from bios version 1002 to version 1406 is 1.36MBytes when compressed which is higly unusual compared to their other differences! and the log says:
1. Improve system performance
Ergo, the chances that I will update are slim to none, due suspecting some kind of trojan :D and frankly I wouldn't be surprised.

That being said, just so this post isn't completely useless, here's some info from my system(but I'm NOT affected by the current issue, to my knowledge): (click me to expand)

$ uname -a
Linux i87k 5.1.9-g2df16141a2c4 #37 SMP Tue Jun 11 15:55:50 CEST 2019 x86_64 GNU/Linux

$ dmesg | grep microcode
[    0.000000] microcode: microcode updated early to revision 0xb4, date = 2019-04-01
[    2.402668] microcode: CPU: sig=0x906ea, pf=0x2, rev=0xb4
[    2.402829] microcode: mc_saved[0]: sig=0x906e9, pf=0x2a, rev=0xb4, total size=0x18400, date = 2019-04-01
[    2.403060] microcode: mc_saved[1]: sig=0x906ea, pf=0x22, rev=0xb4, total size=0x18000, date = 2019-04-01
[    2.403290] microcode: mc_saved[2]: sig=0x906eb, pf=0x2, rev=0xb4, total size=0x18400, date = 2019-04-01
[    2.403522] microcode: mc_saved[3]: sig=0x906ec, pf=0x22, rev=0xae, total size=0x18000, date = 2019-02-14
[    2.403544] microcode: mc_saved[4]: sig=0x906ed, pf=0x22, rev=0xb8, total size=0x17c00, date = 2019-03-17
[    3.746172] Registering platform device 'microcode'. Parent at platform
[    3.746332] device: 'microcode': device_add
[    3.746488] bus: 'platform': add device microcode
[    3.746650] PM: Adding info for platform:microcode
[    3.746809] microcode: CPU0 added
[    3.746991] microcode: sig=0x906ea, pf=0x2, revision=0xb4
[    3.747149] microcode: CPU1 added
[    3.747331] microcode: CPU2 added
[    3.747512] microcode: CPU3 added
[    3.747694] microcode: CPU4 added
[    3.747849] microcode: CPU5 added
[    3.748031] device: 'microcode': device_add
[    3.748189] PM: Adding info for No Bus:microcode
[    3.748383] microcode: Microcode Update Driver: v2.2.
[   13.871764] microcode: data file intel-ucode/06-9e-0a load failed
[   13.872986] microcode: Not reloading previously-loaded already-in-effect microcode!

$ sudo dmidecode
[sudo] password for user: 
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.0.0 present.
Table at 0xAAE88000.

Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
	Vendor: American Megatrends Inc.
	Version: 1002
	Release Date: 07/02/2018
	Address: 0xF0000
	Runtime Size: 64 kB
	ROM Size: 16 MB
	Characteristics:
		PCI is supported
		APM is supported
		BIOS is upgradeable
		BIOS shadowing is allowed
		Boot from CD is supported
		Selectable boot is supported
		BIOS ROM is socketed
		EDD is supported
		5.25"/1.2 MB floppy services are supported (int 13h)
		3.5"/720 kB floppy services are supported (int 13h)
		3.5"/2.88 MB floppy services are supported (int 13h)
		Print screen service is supported (int 5h)
		8042 keyboard services are supported (int 9h)
		Serial services are supported (int 14h)
		Printer services are supported (int 17h)
		ACPI is supported
		USB legacy is supported
		BIOS boot specification is supported
		Targeted content distribution is supported
		UEFI is supported
	BIOS Revision: 5.12

$ pacman -Qs ucode
local/intel-ucode 20190514.a-1 (builtbydaddy)
    Microcode update files for Intel CPUs

$ lscpu
Architecture:                     x86_64
CPU op-mode(s):                   32-bit, 64-bit
Byte Order:                       Little Endian
Address sizes:                    39 bits physical, 48 bits virtual
CPU(s):                           6
On-line CPU(s) list:              0-5
Thread(s) per core:               1
Core(s) per socket:               6
Socket(s):                        1
NUMA node(s):                     1
Vendor ID:                        GenuineIntel
CPU family:                       6
Model:                            158
Model name:                       Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz
Stepping:                         10
CPU MHz:                          1123.139
CPU max MHz:                      4700.0000
CPU min MHz:                      800.0000
BogoMIPS:                         7392.00
Virtualization:                   VT-x
L1d cache:                        192 KiB
L1i cache:                        192 KiB
L2 cache:                         1.5 MiB
L3 cache:                         12 MiB
NUMA node0 CPU(s):                0-5
Vulnerability L1tf:               Mitigation; PTE Inversion
Vulnerability Mds:                Mitigation; Clear CPU buffers; SMT disabled
Vulnerability Meltdown:           Mitigation; PTI
Vulnerability Spec store bypass:  Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Vulnerability Spectre v1:         Mitigation; __user pointer sanitization
Vulnerability Spectre v2:         Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, RSB filling
Flags:                            fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx f
                                  xsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts 
                                  rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monit
                                  or ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt
                                   tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpci
                                  d_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_ad
                                  just bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt
                                   xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear 
                                  flush_l1d

$ cat /proc/cmdline 
BOOT_IMAGE=/boot/vmlinuz-linux-stable root=UUID=2b8b9ab8-7ac5-4586-aa42-d7ffb12de92a rw root_trim=yes rd.luks.allow-discards rd.luks.options=discard ipv6.disable=1 ipv6.disable_ipv6=1 ipv6.autoconf=0 loglevel=15 log_buf_len=16M ignore_loglevel printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on mminit_loglevel=4 memory_corruption_check=1 fbcon=scrollback:4096k fbcon=font:ProFont6x11 net.ifnames=0 nolvm dobtrfs console=tty1 earlyprintk=vga audit=0 systemd.log_target=kmsg systemd.journald.forward_to_console=1 enforcing=0 udev.children-max=1256 rd.udev.children-max=1256 nohz=on oops=panic crashkernel=256M panic=0 page_poison=1 psi=1 sysrq_always_enabled random.trust_cpu=off logo.nologo lpj=0 mce=bootlog reboot=force,cold noexec=on nohibernate scsi_mod.use_blk_mq=1 consoleblank=120 mitigations=auto,nosmt l1tf=full,force spec_store_bypass_disable=auto spectre_v2=auto spectre_v2_user=auto mds=full,nosmt rd.log=all noefi cpuidle.governor=teo zram.num_devices=3 zswap.enabled=0 zswap.same_filled_pages_enabled=1 zswap.compressor=zstd zswap.max_pool_percent=40 zswap.zpool=z3fold i915.alpha_support=1 i915.fastboot=1


$ sudo ./spectre-meltdown-checker.sh --paranoid
Spectre and Meltdown mitigation detection tool v0.42-1-g91d0699

Checking for vulnerabilities on current system
Kernel is Linux 5.1.9-g2df16141a2c4 #37 SMP Tue Jun 11 15:55:50 CEST 2019 x86_64
CPU is Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  YES 
    * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  YES 
    * CPU indicates STIBP capability:  YES  (Intel STIBP feature bit)
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  YES  (Intel SSBD)
  * L1 data cache invalidation
    * FLUSH_CMD MSR is available:  YES 
    * CPU indicates L1D flush capability:  YES  (L1D flush feature bit)
  * Microarchitecture Data Sampling
    * VERW instruction is available:  YES  (MD_CLEAR feature bit)
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO):  NO 
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
  * CPU/Hypervisor indicates L1D flushing is not necessary on this system:  NO 
  * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):  NO 
  * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO):  NO 
  * CPU supports Software Guard Extensions (SGX):  YES 
  * CPU microcode is known to cause stability problems:  NO  (model 0x9e family 0x6 stepping 0xa ucode 0xb4 cpuid 0x906ea)
  * CPU microcode is the latest known available version:  YES  (latest version is 0xb4 dated 2019/04/01 according to builtin MCExtractor DB v112 - 2019/05/22)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
  * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
  * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  YES 
  * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  YES 
  * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
  * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  YES 
  * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  YES 
  * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  YES 
  * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  YES 
  * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  YES 
  * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  YES 
  * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  YES 

CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Kernel has mask_nospec64 (arm64):  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface:  YES  (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES 
    * IBRS enabled and active:  YES  (for firmware code only)
  * Kernel is compiled with IBPB support:  YES 
    * IBPB enabled and active:  YES 
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO 
  * Kernel compiled with retpoline option:  YES 
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Kernel supports RSB filling:  YES 
> STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTI)
* Kernel supports Page Table Isolation (PTI):  YES 
  * PTI enabled and active:  YES 
  * Reduced performance impact of PTI:  YES  (CPU supports INVPCID, performance impact of PTI will be greatly reduced)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability:  YES 
> STATUS:  NOT VULNERABLE  (your CPU microcode mitigates the vulnerability)

CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
* SSB mitigation is enabled and active:  YES  (per-thread through prctl)
* SSB mitigation currently active for selected processes:  YES  (chromium firefox systemd-journald systemd-logind systemd-udevd upowerd)
> STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability:  YES 
> STATUS:  NOT VULNERABLE  (your CPU microcode mitigates the vulnerability)

CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface:  YES  (Mitigation: PTE Inversion)
* Kernel supports PTE inversion:  YES  (found in kernel image)
* PTE inversion enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: PTE Inversion)

CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Mitigation: PTE Inversion
* This system is a host running a hypervisor:  YES  (paranoid mode)
* Mitigation 1 (KVM)
  * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
* Mitigation 2
  * L1D flush is supported by kernel:  YES  (found flush_l1d in /proc/cpuinfo)
  * L1D flush enabled:  UNKNOWN  (unrecognized mode)
  * Hardware-backed L1D flush supported:  YES  (performance impact of the mitigation will be greatly reduced)
  * Hyper-Threading (SMT) is enabled:  NO 
> STATUS:  VULNERABLE  (L1D unconditional flushing should be enabled to fully mitigate the vulnerability)

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES 
* SMT is either mitigated or disabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT disabled)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES 
* SMT is either mitigated or disabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT disabled)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES 
* SMT is either mitigated or disabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT disabled)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT disabled)
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES 
* SMT is either mitigated or disabled:  YES 
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT disabled)

> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:KO CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK

Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
@breznak

This comment has been minimized.

Copy link

commented Jun 12, 2019

t could be that the BIOS update contains the latest microcode, the kernel won't load microcode when the latest code is already loaded from BIOS.

I don't think recent BIOS is (a fix to) the issue. I have the latest and still get the bug. See Ubuntu bugtracker for the details with peoples' debug logs.

@jledun

This comment has been minimized.

Copy link
Author

commented Jun 12, 2019

@markgross here's my bios informations :

# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.
Table at 0x8A1C3000.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX533FD.207
        Release Date: 09/19/2018
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                BIOS ROM is socketed
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 5.13
@markgross

This comment has been minimized.

Copy link

commented Jun 12, 2019

Hmm. FWIW I'm running: the UX433FN.300

dmidecode 3.1

Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.
Table at 0x8A1C4000.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
Vendor: American Megatrends Inc.
Version: UX433FN.300
Release Date: 10/26/2018
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16 MB
Characteristics:
PCI is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
Smart battery is supported
BIOS boot specification is supported
Targeted content distribution is supported
UEFI is supported
BIOS Revision: 5.13

@markgross

This comment has been minimized.

Copy link

commented Jun 12, 2019

FWIW taking the latest bios will avoid the hang as it will have ucode version 0xb4 or newer.

@jledun

This comment has been minimized.

Copy link
Author

commented Jun 13, 2019

I've just update my bios version to 300 :

# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.
Table at 0x8A1C3000.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX533FD.300
        Release Date: 11/15/2018
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                BIOS ROM is socketed
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 5.13

Then I've tried to update intel-ucode to the latest version, the problem is still the same, I had to downgrade to 20180807.a-1

@jerbob92

This comment has been minimized.

Copy link

commented Jun 13, 2019

@jledun that BIOS version is not up-to-date enough to have the latest microcode.

@jledun

This comment has been minimized.

Copy link
Author

commented Jun 13, 2019

That's the only one I can download from asus/fr/support. There's a difference in the date of the release, I've downloaded version 330 of 2019/01/17 but dmidecode says it have been released on 2018/11/15...
So where can I find latest versions ?

@jerbob92

This comment has been minimized.

Copy link

commented Jun 13, 2019

@jledun It could be there isn't a newer version available. My laptop also only has a 2018 BIOS available.

@Heidistein

This comment has been minimized.

Copy link

commented Jun 13, 2019

Thanks for the corrections my new bios already ships the latest microcode, I should have read that.

This morning I updated, and a 'new' microcode was available (not at all new, but I excluded the update from dnf), installing the 20190514 version. Which indeed breaks on BIOS mentioned by me above.

@kevhemingway

This comment has been minimized.

Copy link

commented Jun 13, 2019

Having the same problem here with an ASUS UX333FA. Latests BIOS.

I have tried with a lot of different distros and the same problem, i need to boot with the dis_ucode_ldr or downgrading the version of the microcode.

BIOS Information
Vendor: American Megatrends Inc.
Version: UX333FA.302
Release Date: 01/28/2019
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16 MB
Characteristics:
PCI is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
BIOS ROM is socketed
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
Smart battery is supported
BIOS boot specification is supported
Targeted content distribution is supported
UEFI is supported
BIOS Revision: 5.13

Right now running Ubuntu 19.04

model : 142
model name : Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
stepping : 11
microcode : 0x98

Intel Microcode Version 3.20190514.0ubuntu0.19.04.3
Kernel 5.0.0-16-generic

@ivanpostolski

This comment has been minimized.

Copy link

commented Jun 13, 2019

Hey. Same issue here with an ASUS UX433FA, Does worth the shot to upgrade the BIOS? I got the UX433FA.301 version. Downgrading the microcode version works, but what are the risks?

@pikashira

This comment has been minimized.

Copy link

commented Jun 16, 2019

I had the same issue on a UX333FA. I fixed it by replacing GRUB with rEFInd.

@naijopkr

This comment has been minimized.

Copy link

commented Jun 18, 2019

Just updated the BIOS to version 306 and it seems that the boot problem is solved. Although it still shows on dmesg microcode updated early to revision.

@svedrenne

This comment has been minimized.

Copy link

commented Jun 18, 2019

@naijopkr Just curious, what laptop model do you have?

I have an ASUS UX533FN, and I just checked ASUS support website here:
https://www.asus.com/Laptops/ASUS-Zenbook-15-UX533FN/HelpDesk_BIOS/
and I see a new version is available, BIOS version 302 for UX533FN, 2019/06/14.
Exciting! I'm going to try this out ASAP (when I'm not busy with real work).

@naijopkr

This comment has been minimized.

Copy link

commented Jun 18, 2019

@svedrenne I have an ASUS UX333FA

@Phenecy

This comment has been minimized.

Copy link

commented Jun 20, 2019

@svedrenne Did u commit update?
I'm currently at UX533FD and experiencing issue with fans at newer BIOS. Main-Left fan is not working at OS mode both Windows or Linux systems. But it works properly in bios. I'm afraid my laptop gonna melt. PS: only alternative fan is working (which is right under monitor). Probably they did something with ACPI controls. Unfortunately can't downgrade back to BIOS.300. Any help? @mcu-administrator

@svedrenne

This comment has been minimized.

Copy link

commented Jun 20, 2019

@Phenecy I have an ASUS UX533FN and haven't upgraded the BIOS yet.
But I've had problems with the temperature going too high and the fan not running at all, one or two weeks ago (Ubuntu 19.04).

See this post on StackOverflow AskUbuntu:
https://askubuntu.com/q/1148604
No more problem with the fan since I ran sudo prime-select intel to shut down the NVidia GPU... Now the temperature stays low.
Hope this helps.

@Phenecy

This comment has been minimized.

Copy link

commented Jun 20, 2019

@svedrenne Thank you!
Sadly, but this workaround is not enough if one planning to play or work with 3D... Gonna look for some more fixes.
Thanks a lot

@jerbob92

This comment has been minimized.

Copy link

commented Jun 22, 2019

I have started the process of adding dis_ucode_ldr to grub recovery mode in Ubuntu. https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1831789

@Enjymon

This comment has been minimized.

Copy link

commented Jun 22, 2019

Same problem here with an ASUSPRO P5440FA.
No BIOS update indicated on ASUS website for this model (https://www.asus.com/Laptops/ASUSPRO-P5440FA/HelpDesk_Download/).
Kernel version: 4.15.0-52-generic
Last working micrcode: Intel-microcode 3.20190514.0ubuntu0.18.04.2
All subsequent updates (I think I saw a 3.xxxxxxxx.0ubuntu0.18.04.3 at some point), up to the latest Intel-microcode 3.20190618.0ubuntu0.18.04.1, did not solve the problem for now.

Processor Information
	Socket Designation: U3E1
	Type: Central Processor
	Family: Core i7
	Manufacturer: Intel(R) Corporation
	Signature: Type 0, Family 6, Model 142, Stepping 11
	Version: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
BIOS Information
	Vendor: ASUSTeK COMPUTER INC.
	Version: P5440FA.204
	Release Date: 10/11/2018
	BIOS Revision: 5.13
@Enjymon

This comment has been minimized.

Copy link

commented Jun 22, 2019

@jerbob92 I have just read the thread from https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1829620. It is not clear to me what is the best option for now until the microcode gets fixed: booting with the dis_ucode_ldr option or rather holding the microcode update until a newer update is released?

@dsd

This comment has been minimized.

Copy link

commented Jun 22, 2019

The only reason the old intel-microcode package version avoids this problem is that the old version does not ship a microcode file for the CPU in question here.

So disabling the microcode update has precisely the same result as the dis_ucode_ldr kernel parameter and it doesn't matter which one you use.

@svedrenne

This comment has been minimized.

Copy link

commented Jun 24, 2019

BTW, I just updated the BIOS of my ASUS UX533FN to latest version 302 ("2019/06/14", so it pretends).

My problem now is I can't enter the laptop setup anymore, be it only to check the BIOS was updated with success... I tried pressing the usual F2 key until the ASUS logo displays. I also tried ESC.

I just can't access the setup anymore. Any solution?

@naijopkr

This comment has been minimized.

Copy link

commented Jun 24, 2019

Try holding shift when the ASUS logo is displayed. This should make the Grub menu show up. Then you can select the option System Setup.

@tpapp

This comment has been minimized.

Copy link

commented Jun 24, 2019

I can confirm this bug with an Asus UX362FA with an Intel i7-8565U, running Ubuntu 19.04.

dis_ucode_ldr provides a workaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.