Update: Intel now says to stop installing Spectre patches due to reboots

midian182

Posts: 9,632   +120
Staff member

Update (1/22): In what's unfortunately turning into a big disaster for Intel -- security issues aside -- in rushing with a fix for the Spectre flaws, the company has discovered and now identified the cause of random restarts in systems that have installed the microcode update.

As a result Intel is now recommending all users of Haswell and newer platforms to stop installing current microcode or firmware updates. Instead a new patch that is nearly ready for systems with those CPUs will be offered to manufacturers soon. That means OEMs and component vendors will have to go through QA testing again for each of their products before the new update reaches end users.

Update #2: Linus Torvalds is pissed at Intel, calls current patches utter garbage. Remember that Google has offered "Retpoline" as an alternative solution, which is said to have almost no effect on systems' speed.

Last week, Intel promised to be more “transparent” about the Meltdown and Spectre patch situation after users with Broadwell and Haswell CPUs complained of reboot issues. Now, Intel has admitted that the firmware updates could cause the same problems on systems using newer processors.

Intel VP and general manager of the Data Center Group, Navin Shenoy, writes that frequent reboots have been occurring on firmware-updated PCs containing Ivy Bridge, Sandy Bridge, Skylake, and even Kaby Lake processors. Shenoy says Intel has reproduced the issues internally and is working to identify the root cause. “In parallel, we will be providing beta microcode to vendors for validation by next week,” he added.

The company has issued a new warning about the stability issues and recommends system manufacturers, software vendors, and cloud providers test its beta microcode updates before the final release.

Microsoft recently warned that those running Haswell CPUs or older, and those with older versions Windows, will notice performance impacts from the Spectre patch.

Intel confirmed that the patches are affecting performance in some cases. A data center benchmark test simulating a stock exchange showed a 4 percent impact, while tests using the Storage Performance Development Kit (SPDK), which "provide a set of tools and libraries for writing high performance, scalable, user-mode storage applications," showed workload speeds reduced by up to 25 percent.

The post highlights other mitigation options that have less of a performance impact, including Google’s "Retpoline" security solution, which is said to have almost no effect on a system’s speed.

Permalink to story.

 
I haven't updated to the January rollup yet and I'm sure MY hardware vender DOES not HAVE PATCHES so I'm good
I also run IE9, chrome and FF 51 because I like them better
 
MSI has this extensive list of updated BIOS binaries.
When you call them to ask where the *&^% does one download them from, most of their CS agents are friggin clueless.

Once you finally do get a CS who is worth their salt, they pass you a BIOS that is newer than what is listed on their official website - a comprehesive webpage that is specifically created to address the Meltdown/Spectre issue I might add. Talk about 'a mess'.

And the icing on the cake is this -
Their BIOS packages still fail the InSpectre test.
 
MS update, Asus Bios update w/microcode, 6th gen Intel inside, win 10, NVMe drive, no problems at all (crosses fingers, knocks on wood).
edit: passes InSpectre test, performance good
 
Last edited by a moderator:
"icrosoft recently warned that those running Haswell CPUs or older, and those with older versions Windows, will notice performance impacts from the Spectre patch."

This vulnerability was probably made on purpose to sell new CPUs. There's really no need to upgrade in the last 5 or more years so they artificially make the old ones crap. Also nice that microsoft can use this to force windows 10 on people.
 
So it's transparent calling a Blue Screen Of Death issue a "reboot issue"?

From Lenovo notes: https://support.lenovo.com/se/en/solutions/len-18282
(Broadwell E) Symptom: Intermittent blue screen during system restart.
(Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep
(Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults

From Red Hat:
Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd.

I guess a non-booting system is the best fix, oh wait - that wont work since the Intel management Engine can probably be exploited too, even when the system is off, my bad Intel, my bad.
 
When your mind is boggled reading the news, it is when you read the fine print in everything from user agreements, Bios updates, patch notes, etc., that you realize how screwed things really are and how screwed we are.
My windows update had a similar 'tiny print' warning for AMD processors very similar to the Red Hat notice. Not that I'm a Win 10 fan after the 30 Nov 17 update left my computer 'blue screening' and restarting over and over.
 
I haven't updated to the January rollup yet and I'm sure MY hardware vender DOES not HAVE PATCHES so I'm good
I also run IE9, chrome and FF 51 because I like them better
Translation: I am a HUGE target for malware/adware/bot-nets/rouge mining! COME AT ME!

Update your software already.
 
So it's transparent calling a Blue Screen Of Death issue a "reboot issue"?

From Lenovo notes: https://support.lenovo.com/se/en/solutions/len-18282
(Broadwell E) Symptom: Intermittent blue screen during system restart.
(Kaby Lake U/Y, U23e, H/S/X) Symptom: Intermittent system hang during system sleep
(Broadwell E, H, U/Y; Haswell standard, Core Extreme, ULT) Symptom: Intel has received reports of unexpected page faults

From Red Hat:
Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd.

I guess a non-booting system is the best fix, oh wait - that wont work since the Intel management Engine can probably be exploited too, even when the system is off, my bad Intel, my bad.
Funny, seems like two years ago, when I was reading stories on TechSpot, there were many many Intel fanboys claiming that AMD may quit the CPU market because of Intel's Dominance...

Sorry, I did my BS EE in the 80's......seen the whole battle....Wasn't convinced a couple years ago, don't want to say "I told you so...." but I did....
 
When your mind is boggled reading the news, it is when you read the fine print in everything from user agreements, Bios updates, patch notes, etc., that you realize how screwed things really are and how screwed we are.
My windows update had a similar 'tiny print' warning for AMD processors very similar to the Red Hat notice. Not that I'm a Win 10 fan after the 30 Nov 17 update left my computer 'blue screening' and restarting over and over.
Actually, it was a little offensive, but there were funny parts to the South Park episode about one of the kids clicking the "I accept" button without ever reading the TOU.....gross at times, but yeah, how many of those HAS anyone read, other that the legal department......
 
Funny, seems like two years ago, when I was reading stories on TechSpot, there were many many Intel fanboys claiming that AMD may quit the CPU market because of Intel's Dominance...

Sorry, I did my BS EE in the 80's......seen the whole battle....Wasn't convinced a couple years ago, don't want to say "I told you so...." but I did....
I’ve been on AMD since the 486 era. Have always found them more stable. I’ve used intel here and there, the Pentum Pro, core duo, etc, but I’ve never stayed there. I’m not a top tier 8k online gamer, so I always chose real world (mathematical) performance and stability over something that does specifically well on certain games but bombs on other things like database and video/mm.
I’m proud to have had ever generation of AMD since the AM486 and look forward to purchasing my threadripper soon.
Long live AMD.
 
Good thing I didn't update my BIOS, just Windows 10, or...it updated it self. Anyway, I didn't update cause I kinda saw this happening.
 
So, do we need to update our board's BIOS to get the security updates? Or just having Windows 10 updated is enough?
 
"Cluster fu$k". This is the perfect description!
Yep, just about covers the facts here.
Industry: the sky is falling
Microsoft: lets patch it
Chip makers: let’s patch it
Mobo manufactures: lets patch it
Software companies: lets patch it:

Windows update: 66666 updates were found and downloaded for you

User: time for a Mac?
 
"Cluster fu$k". This is the perfect description!
Yep, just about covers the facts here.
Industry: the sky is falling
Microsoft: lets patch it
Chip makers: let’s patch it
Mobo manufactures: lets patch it
Software companies: lets patch it:

Windows update: 66666 updates were found and downloaded for you

User: time for a Mac?
Macs have Intel CPUs.
 
So, do we need to update our board's BIOS to get the security updates? Or just having Windows 10 updated is enough?
Both Windows updates and BIOS updates have issues, BSOD and other stuff. I wouldn't update just yet, wait until the dust settles.
 
Intel says that the fixes will be coming from the hardware venders, eg HP, Dell, ...
 
Back