Package: intel-microcode Version: 3.20180108.1 Severity: grave According to this: https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/
and this far more helpful information: https://pcsupport.lenovo.com/br/en/product_security/ps500151 A subset of systems with the recent Haswell, Haswell/E, Broadwell, Broadwell/E/DE, and Kaby Lake microcode updates have shown regressions of either the "crash" sort, or of the "doesn't wake up from C3 sleep (sleep-to-ram) properly" sort. The Lenovo advisory implies that the regressions won't trigger always/on every system. It is unclear at this time if they would only possibly trigger when the new IBRS/IBPB Spectre mitigation functionality is active (hint: Microsoft Windows 10 already activates it, but Debian kernels don't enable it as we are still waiting for the upstream changes to Linux, gcc and clang to stabilize). To put it in simple terms: we don't know at the present time if Debian systems would be affected by these microcode regressions right now, or if they would start to be affected after the microcode-based Spectre mitigation support is enabled in the kernels, or if they would be affected at all. Some of these possibly problematic microcode updates are indeed present in Intel's 20180108 Linux microcode release. I will pause the deployment of the 20180108 update in Debian: it will be restricted to unstable (and possibly to testing, if the packages already migrated by the time this bug report is active) until we either get more information or a new set of microcode updates. Updated packages removing the subset of problematic updates are not going to be produced until at least next monday/tuesday for two reasons: 1. we don't have an exact list of signatures that are possibly affected at this time. Removing all updates is equivalent to just rolling back the package to the previous version. 2. there is a reasonably high chance of a new Intel microcode update release in the next few days, which would most probably either revert or fix the problematic microcode updates. Should you face issues with the new microcode (note: test it with an older kernel as well, since the current crop of new kernels are *ALSO* causing boot and resume-from-sleep issues that are completely unrelated to the microcode updates), please send a note to this bug report, with the output of /proc/cpuinfo. Previous versions of the packages are available here: http://snapshot.debian.org/package/intel-microcode/ -- Henrique Holschuh
