Asus Zenbook UX533FD don't boot with intel-ucode 20190312

[jledun]

Hello,

I'm an ArchLinux user on Asus Zenbook laptop and my laptop can't boot with the latest intel-ucode update 20190312. I have to downgrade to 20180807.a to make it run again.

With the latest update of intel-ucode, after power on my laptop, the Asus splash screen appears then nothing else happen. I wait a few minutes then I push the power on button for 20 seconds to hard reset the laptop. After a reboot on live session, journalctl shows no entries even with the debug option in kernel command line.

It really looks like the chipset can't find any CPU.

Here are the system packages :

$ pacman -Q | grep -e linux-lts -e systemd -e intel-ucode -e iucode
intel-ucode 20180807.a-1
iucode-tool 2.3.1-2
linux-lts 4.19.37-1
linux-lts-headers 4.19.37-1
systemd 242.16-1
systemd-libs 242.16-1
systemd-sysvcompat 242.16-1

The laptop boots with systemd EFI boot :

$ cat /boot/loader/entries/arch-lts.conf 
title   Arch Linux lts
linux   /vmlinuz-linux-lts
initrd  /intel-ucode.img
initrd  /initramfs-linux-lts.img
options root=UUID=522a7ae9-8ad6-441e-85e2-baf1074be7f2  rw debug

journalctl

$ journalctl -b
-- Logs begin at Sun 2019-01-13 21:29:21 CET, end at Mon 2019-04-29 10:54:51 CEST. --
-- No entries --

CPU details (8 identical CPUs)

$ head -n26 /proc/cpuinfo 
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model       : 142
model name  : Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
stepping    : 11
microcode   : 0x98
cpu MHz     : 800.029
cache size  : 8192 KB
physical id : 0
siblings    : 8
core id     : 0
cpu cores   : 4
apicid      : 0
initial apicid  : 0
fpu     : yes
fpu_exception   : yes
cpuid level : 22
wp      : yes
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp flush_l1d arch_capabilities
bugs        : spectre_v1 spectre_v2 spec_store_bypass
bogomips    : 3984.00
clflush size    : 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

lspci

$ lspci 
00:00.0 Host bridge: Intel Corporation Device 3e34 (rev 0b)
00:02.0 VGA compatible controller: Intel Corporation UHD Graphics 620 (Whiskey Lake)
00:04.0 Signal processing controller: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor Thermal Subsystem (rev 0b)
00:08.0 System peripheral: Intel Corporation Xeon E3-1200 v5/v6 / E3-1500 v5 / 6th/7th Gen Core Processor Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Cannon Point-LP Thermal Controller (rev 30)
00:14.0 USB controller: Intel Corporation Cannon Point-LP USB 3.1 xHCI Controller (rev 30)
00:14.2 RAM memory: Intel Corporation Cannon Point-LP Shared SRAM (rev 30)
00:14.3 Network controller: Intel Corporation Cannon Point-LP CNVi [Wireless-AC] (rev 30)
00:14.5 SD Host controller: Intel Corporation Device 9df5 (rev 30)
00:15.0 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP Serial IO I2C Controller #0 (rev 30)
00:15.1 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP Serial IO I2C Controller #1 (rev 30)
00:15.3 Serial bus controller [0c80]: Intel Corporation Device 9deb (rev 30)
00:16.0 Communication controller: Intel Corporation Cannon Point-LP MEI Controller #1 (rev 30)
00:19.0 Serial bus controller [0c80]: Intel Corporation Device 9dc5 (rev 30)
00:1c.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #1 (rev f0)
00:1c.4 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #5 (rev f0)
00:1d.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port #13 (rev f0)
00:1f.0 ISA bridge: Intel Corporation Cannon Point-LP LPC Controller (rev 30)
00:1f.3 Audio device: Intel Corporation Cannon Point-LP High Definition Audio Controller (rev 30)
00:1f.4 SMBus: Intel Corporation Cannon Point-LP SMBus Controller (rev 30)
00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP SPI Controller (rev 30)
02:00.0 3D controller: NVIDIA Corporation GP107M [GeForce GTX 1050 Mobile] (rev ff)
03:00.0 Non-Volatile memory controller: Sandisk Corp WD Black 2018/PC SN520 NVMe SSD (rev 01)

[Heidistein]

Confirmed. I tossed the microcode out of the initrd, the system works as expected. Reloading it in the os (echo 1 > /sys/devices/something/something/reload) hangs the system immediately.

[mcu-administrator]

Confirmed. I tossed the microcode out of the initrd, the system works as expected. Reloading it in the os (echo 1 > /sys/devices/something/something/reload) hangs the system immediately.

Does this also reproduce with the 20190514 release? Or only with the 20190312 release?

[jledun]

@mcu-administrator yes, I've got the same problem with 20190514 release.

[Heidistein]

Indeed, this problem is actual on the 20190514 release.

Edit: I see now that you run Arch, I experience the same thing on Fedora30. Kernel version seems not to matter, seen on 5.0.{3,6,16}-300.fc30

[victormmtorres]

I came to this issue after tried many combinations and many times installing Linux distros (Ubuntu 16.04, 18.04, 19.04, Xubuntu 18.04) all had same issue after few restarts freeze at me moment of boot and it's same laptop Asus UX533FD.

Any hope of having Linux on my new laptop?

[mcu-administrator]

@jledun , @Heidistein , @victormmtorres Thanks for reporting this issue. We've opened an investigation based on your reports.

[breznak]

I confirm this on Ubuntu and any of 4.15, 4.18, 5.0 kernels.

Any hope of having Linux on my new laptop?

@victormmtorres as a workaround, you can add dis_ucode_ldr to your kernel command line (even from GRUB), you'll be able to boot normally then.

[jerbob92]

Can confirm, same CPU, same bug. Tried kernel 4.15, 4.18 and 5.1. Have 20190514 release installed (3.20190514.0ubuntu0.18.04.2). dis_ucode_ldr does fix boot. If I can do anything to help/debug, let me know.

[victormmtorres]

Surely there is a guide to install dis_ucode_ldr could anybody give me a reference about how to do it?

cc @jerbob92 @breznak

[jerbob92]

@victormmtorres You can add the dis_ucode_ldr to the startup line when going to Advanced Startup Options and press e on the option you want to use. Then add dis_ucode_ldr to the linux line.

You can also edit /etc/default/grub and add it to GRUB_CMDLINE_LINUX_DEFAULT, then run sudo update-grub for a more permanent fix.

I'm currently on a downgraded version of the microcode, which is the best fix IMHO: sudo apt install intel-microcode=3.20180312.0~ubuntu18.04.1

[mcu-administrator]

@jledun Can you contact me through this email address? mcu_administrator@intel.com I have some additional questions and data we would like to collect to help us debug this.

@jerbob92 Can you do the same?

[tyhicks]

@mcu-administrator I recognize that it can help to take debugging offline but could you please provide periodic updates in this bug report? It will help redistributors of microcode to make decisions on whether or not rolling back this particular microcode is necessary in the short term.

[jerbob92]

@tyhicks, I'm not sure anything is happening at all... I emailed but never got a reply.

[tyhicks]

@tyhicks, I'm not sure anything is happening at all... I emailed but never got a reply.

I've spoken to their engineers about it and they are working on it.

[mcu-administrator]

@jerbob92 Sorry for the delay. We've been working on a list of what data we would like to help debug the issue. In the meantime, we have also been working to reproduce the issue and are also in contact with the system vendor. We'll get a response to you by the end of the week.

[mcu-administrator]

@jerbob92 I took a look in my inbox and I cannot seem to locate an email from you. Can you resend please?

[jerbob92]

@mcu-administrator done!

[jledun]

@mcu-administrator done too!

[jerbob92]

@mcu-administrator did you receive my mail? I did not hear anything back.

[jledun]

@jerbob92 I've got this awswer from @mcu-administrator :

Thanks for reaching out to us with the offer to help in debugging this issue. We are currently working with Asus to reproduce the issue. Based on the outcome of that work, we may have some additional questions or data we need to collect. I'll be in touch to keep you updated as we progress.

Seems like it takes some time to reproduce.

[svedrenne]

This tracker reports the issue on ASUS UX533FD. For information, I have the same issue on ASUS UX533FN.

[Heidistein]

@svedrenne Actually, yes. Reading is something. I have the UX333FN_RX333FN edition. However, I think it is not linked to the specific notebook, but the CPU.

[jerbob92]

For anyone that uses the downgrade method for the intel-microcode package, be sure to lock the version while they work on a fix to be sure that you won't upgrade it by accident. You can do this using sudo apt-mark hold intel-microcode. When a fix is released you can use sudo apt-mark unhold intel-microcode to unlock.

[mcu-administrator]

Update: Asus has shipped us a system to work with on this issue. We are expecting to have it in the lab before the weekend. I'll provide an update on progress as we have something to report.

[mcu-administrator]

Update: We have received a system from Asus and have been able to reproduce the failure in our lab. Debug is underway. I'll provide the next update when we have the root cause and a plan for the availability of a fix.

[philjoseph]

I confirm this on Ubuntu and any of 4.15, 4.18, 5.0 kernels.

Any hope of having Linux on my new laptop?

@victormmtorres as a workaround, you can add dis_ucode_ldr to your kernel command line (even from GRUB), you'll be able to boot normally then.

What is the impact of the workaround on the performance of the laptop ? Shall we switch to the fix once available or the workaround has no effect ?

[victormmtorres]

What is the impact of the workaround on the performance of the laptop ? Shall we switch to the fix once available or the workaround has no effect ?

I could not notice any impact as this was truly blocking for me, without this workaround just after install ubuntu and restart have this issue

[markgross]

What BIOS versions are folks reproducing this problem with?

[Heidistein]

BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX333FN.204
        Release Date: 09/20/2018
<snip>
        BIOS Revision: 5.13

[pcans]

        Vendor: American Megatrends Inc.
        Version: X530FN.300
        Release Date: 11/01/2018
        BIOS Revision: 5.13

and the X530FN.207 also.

[philjoseph]

BIOS Information Vendor: American Megatrends Inc. Version: X430FN.300 Release Date: 11/22/2018 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 16 MB Characteristics: <...> BIOS Revision: 5.13

[svedrenne]

ASUS UX533FN with BIOS version 202 (10/03/2018). BIOS information: Build Date: 10/03/2018 BIOS Vendor: American Megatrends Version: 202 GOP Version: 9.0.1080 EC Version: FOWL1001.002 Processor Information: i7-8565U CPU @ 1.80GHz Total Memory: 16384 MB

[Heidistein]

update: It appears that updating my BIOS did the trick. Still rather odd, and struck me with lots of trouble. What the exact trick is, could be either:

• The updated BIOS itself
• Disabling secure-boot (for my dkms modules did not load anymore)

Asus has an exceptional detailed changelog of their BIOS firmware revision:

Versie 302 2019/04/09
BIOS 302
Optimize system performance

dmesg tells me:

# dmesg | grep microcode
[    0.310176] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[    0.965209] microcode: sig=0x806eb, pf=0x80, revision=0x98
[    0.965477] microcode: Microcode Update Driver: v2.2.

dmi bios info:

BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX333FN.302
        Release Date: 01/28/2019
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics: ...
        BIOS Revision: 5.13

[jerbob92]

@Heidistein it could be that the BIOS update contains the latest microcode, the kernel won't load microcode when the latest code is already loaded from BIOS.

I just checked, the latest BIOS version for my laptop (Zenbook UX480FD) on the Asus site is BIOS 301 2018/11/28, so this update is not available for everyone.

[ghost]

Asus has an exceptional detailed changelog of their BIOS firmware revision:

If I knew THAT before buying the motherboard I would've chosen a different brand. I mean look at this: the change from bios version 1002 to version 1406 is 1.36MBytes when compressed which is higly unusual compared to their other differences! and the log says: 1. Improve system performance Ergo, the chances that I will update are slim to none, due suspecting some kind of trojan :D and frankly I wouldn't be surprised. NEVERMIND apparently it's just the backup BIOS embedded inside !

That being said, just so this post isn't completely useless, here's some info from my system(but **I'm NOT affected by the current issue**, to my knowledge): (click me to expand)

``` $ uname -a Linux i87k 5.1.9-g2df16141a2c4 #37 SMP Tue Jun 11 15:55:50 CEST 2019 x86_64 GNU/Linux $ dmesg | grep microcode [ 0.000000] microcode: microcode updated early to revision 0xb4, date = 2019-04-01 [ 2.402668] microcode: CPU: sig=0x906ea, pf=0x2, rev=0xb4 [ 2.402829] microcode: mc_saved[0]: sig=0x906e9, pf=0x2a, rev=0xb4, total size=0x18400, date = 2019-04-01 [ 2.403060] microcode: mc_saved[1]: sig=0x906ea, pf=0x22, rev=0xb4, total size=0x18000, date = 2019-04-01 [ 2.403290] microcode: mc_saved[2]: sig=0x906eb, pf=0x2, rev=0xb4, total size=0x18400, date = 2019-04-01 [ 2.403522] microcode: mc_saved[3]: sig=0x906ec, pf=0x22, rev=0xae, total size=0x18000, date = 2019-02-14 [ 2.403544] microcode: mc_saved[4]: sig=0x906ed, pf=0x22, rev=0xb8, total size=0x17c00, date = 2019-03-17 [ 3.746172] Registering platform device 'microcode'. Parent at platform [ 3.746332] device: 'microcode': device_add [ 3.746488] bus: 'platform': add device microcode [ 3.746650] PM: Adding info for platform:microcode [ 3.746809] microcode: CPU0 added [ 3.746991] microcode: sig=0x906ea, pf=0x2, revision=0xb4 [ 3.747149] microcode: CPU1 added [ 3.747331] microcode: CPU2 added [ 3.747512] microcode: CPU3 added [ 3.747694] microcode: CPU4 added [ 3.747849] microcode: CPU5 added [ 3.748031] device: 'microcode': device_add [ 3.748189] PM: Adding info for No Bus:microcode [ 3.748383] microcode: Microcode Update Driver: v2.2. [ 13.871764] microcode: data file intel-ucode/06-9e-0a load failed [ 13.872986] microcode: Not reloading previously-loaded already-in-effect microcode! $ sudo dmidecode [sudo] password for user: # dmidecode 3.2 Getting SMBIOS data from sysfs. SMBIOS 3.0.0 present. Table at 0xAAE88000. Handle 0x0000, DMI type 0, 24 bytes BIOS Information Vendor: American Megatrends Inc. Version: 1002 Release Date: 07/02/2018 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 16 MB Characteristics: PCI is supported APM is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported BIOS ROM is socketed EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 5.12 $ pacman -Qs ucode local/intel-ucode 20190514.a-1 (builtbydaddy) Microcode update files for Intel CPUs $ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 39 bits physical, 48 bits virtual CPU(s): 6 On-line CPU(s) list: 0-5 Thread(s) per core: 1 Core(s) per socket: 6 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 158 Model name: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz Stepping: 10 CPU MHz: 1123.139 CPU max MHz: 4700.0000 CPU min MHz: 800.0000 BogoMIPS: 7392.00 Virtualization: VT-x L1d cache: 192 KiB L1i cache: 192 KiB L2 cache: 1.5 MiB L3 cache: 12 MiB NUMA node0 CPU(s): 0-5 Vulnerability L1tf: Mitigation; PTE Inversion Vulnerability Mds: Mitigation; Clear CPU buffers; SMT disabled Vulnerability Meltdown: Mitigation; PTI Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp Vulnerability Spectre v1: Mitigation; __user pointer sanitization Vulnerability Spectre v2: Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, RSB filling Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx f xsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monit or ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpci d_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_ad just bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d $ cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-linux-stable root=UUID=2b8b9ab8-7ac5-4586-aa42-d7ffb12de92a rw root_trim=yes rd.luks.allow-discards rd.luks.options=discard ipv6.disable=1 ipv6.disable_ipv6=1 ipv6.autoconf=0 loglevel=15 log_buf_len=16M ignore_loglevel printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on mminit_loglevel=4 memory_corruption_check=1 fbcon=scrollback:4096k fbcon=font:ProFont6x11 net.ifnames=0 nolvm dobtrfs console=tty1 earlyprintk=vga audit=0 systemd.log_target=kmsg systemd.journald.forward_to_console=1 enforcing=0 udev.children-max=1256 rd.udev.children-max=1256 nohz=on oops=panic crashkernel=256M panic=0 page_poison=1 psi=1 sysrq_always_enabled random.trust_cpu=off logo.nologo lpj=0 mce=bootlog reboot=force,cold noexec=on nohibernate scsi_mod.use_blk_mq=1 consoleblank=120 mitigations=auto,nosmt l1tf=full,force spec_store_bypass_disable=auto spectre_v2=auto spectre_v2_user=auto mds=full,nosmt rd.log=all noefi cpuidle.governor=teo zram.num_devices=3 zswap.enabled=0 zswap.same_filled_pages_enabled=1 zswap.compressor=zstd zswap.max_pool_percent=40 zswap.zpool=z3fold i915.alpha_support=1 i915.fastboot=1 $ sudo ./spectre-meltdown-checker.sh --paranoid Spectre and Meltdown mitigation detection tool v0.42-1-g91d0699 Checking for vulnerabilities on current system Kernel is Linux 5.1.9-g2df16141a2c4 #37 SMP Tue Jun 11 15:55:50 CEST 2019 x86_64 CPU is Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz Hardware check * Hardware support (CPU microcode) for mitigation techniques * Indirect Branch Restricted Speculation (IBRS) * SPEC_CTRL MSR is available: YES * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit) * Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: YES * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit) * Single Thread Indirect Branch Predictors (STIBP) * SPEC_CTRL MSR is available: YES * CPU indicates STIBP capability: YES (Intel STIBP feature bit) * Speculative Store Bypass Disable (SSBD) * CPU indicates SSBD capability: YES (Intel SSBD) * L1 data cache invalidation * FLUSH_CMD MSR is available: YES * CPU indicates L1D flush capability: YES (L1D flush feature bit) * Microarchitecture Data Sampling * VERW instruction is available: YES (MD_CLEAR feature bit) * Enhanced IBRS (IBRS_ALL) * CPU indicates ARCH_CAPABILITIES MSR availability: NO * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO * CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO): NO * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO * CPU/Hypervisor indicates L1D flushing is not necessary on this system: NO * Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA): NO * CPU explicitly indicates not being vulnerable to Microarchitectural Data Sampling (MDS_NO): NO * CPU supports Software Guard Extensions (SGX): YES * CPU microcode is known to cause stability problems: NO (model 0x9e family 0x6 stepping 0xa ucode 0xb4 cpuid 0x906ea) * CPU microcode is the latest known available version: YES (latest version is 0xb4 dated 2019/04/01 according to builtin MCExtractor DB v112 - 2019/05/22) * CPU vulnerability to the speculative execution attack variants * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection): YES * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load): YES * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): YES * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): YES * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): YES * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)): YES * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)): YES * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)): YES * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)): YES CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass' * Mitigated according to the /sys interface: YES (Mitigation: __user pointer sanitization) * Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64 bits array_index_mask_nospec()) * Kernel has the Red Hat/Ubuntu patch: NO * Kernel has mask_nospec64 (arm64): NO > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization) CVE-2017-5715 aka 'Spectre Variant 2, branch target injection' * Mitigated according to the /sys interface: YES (Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling) * Mitigation 1 * Kernel is compiled with IBRS support: YES * IBRS enabled and active: YES (for firmware code only) * Kernel is compiled with IBPB support: YES * IBPB enabled and active: YES * Mitigation 2 * Kernel has branch predictor hardening (arm): NO * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation) * Kernel supports RSB filling: YES > STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability) CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load' * Mitigated according to the /sys interface: YES (Mitigation: PTI) * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: YES * Reduced performance impact of PTI: YES (CPU supports INVPCID, performance impact of PTI will be greatly reduced) * Running as a Xen PV DomU: NO > STATUS: NOT VULNERABLE (Mitigation: PTI) CVE-2018-3640 aka 'Variant 3a, rogue system register read' * CPU microcode mitigates the vulnerability: YES > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability) CVE-2018-3639 aka 'Variant 4, speculative store bypass' * Mitigated according to the /sys interface: YES (Mitigation: Speculative Store Bypass disabled via prctl and seccomp) * Kernel supports disabling speculative store bypass (SSB): YES (found in /proc/self/status) * SSB mitigation is enabled and active: YES (per-thread through prctl) * SSB mitigation currently active for selected processes: YES (chromium firefox systemd-journald systemd-logind systemd-udevd upowerd) > STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via prctl and seccomp) CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault' * CPU microcode mitigates the vulnerability: YES > STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability) CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault' * Mitigated according to the /sys interface: YES (Mitigation: PTE Inversion) * Kernel supports PTE inversion: YES (found in kernel image) * PTE inversion enabled and active: YES > STATUS: NOT VULNERABLE (Mitigation: PTE Inversion) CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault' * Information from the /sys interface: Mitigation: PTE Inversion * This system is a host running a hypervisor: YES (paranoid mode) * Mitigation 1 (KVM) * EPT is disabled: N/A (the kvm_intel module is not loaded) * Mitigation 2 * L1D flush is supported by kernel: YES (found flush_l1d in /proc/cpuinfo) * L1D flush enabled: UNKNOWN (unrecognized mode) * Hardware-backed L1D flush supported: YES (performance impact of the mitigation will be greatly reduced) * Hyper-Threading (SMT) is enabled: NO > STATUS: VULNERABLE (L1D unconditional flushing should be enabled to fully mitigate the vulnerability) CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)' * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled) * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo) * Kernel mitigation is enabled and active: YES * SMT is either mitigated or disabled: YES > STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT disabled) CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)' * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled) * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo) * Kernel mitigation is enabled and active: YES * SMT is either mitigated or disabled: YES > STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT disabled) CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)' * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled) * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo) * Kernel mitigation is enabled and active: YES * SMT is either mitigated or disabled: YES > STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT disabled) CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)' * Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT disabled) * Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo) * Kernel mitigation is enabled and active: YES * SMT is either mitigated or disabled: YES > STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT disabled) > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:KO CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK Need more detailed information about mitigation options? Use --explain A false sense of security is worse than no security at all, see --disclaimer ```

[breznak]

t could be that the BIOS update contains the latest microcode, the kernel won't load microcode when the latest code is already loaded from BIOS.

I don't think recent BIOS is (a fix to) the issue. I have the latest and still get the bug. See Ubuntu bugtracker for the details with peoples' debug logs.

[jledun]

@markgross here's my bios informations :

# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.
Table at 0x8A1C3000.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX533FD.207
        Release Date: 09/19/2018
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                BIOS ROM is socketed
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 5.13

[markgross]

Hmm. FWIW I'm running: the UX433FN.300

dmidecode 3.1

Getting SMBIOS data from sysfs. SMBIOS 3.1.1 present. Table at 0x8A1C4000.

Handle 0x0000, DMI type 0, 26 bytes BIOS Information Vendor: American Megatrends Inc. Version: UX433FN.300 Release Date: 10/26/2018 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 16 MB Characteristics: PCI is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported BIOS ROM is socketed EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported Smart battery is supported BIOS boot specification is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 5.13

[markgross]

FWIW taking the latest bios will avoid the hang as it will have ucode version 0xb4 or newer.

[jledun]

I've just update my bios version to 300 :

# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.1.1 present.
Table at 0x8A1C3000.

Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: American Megatrends Inc.
        Version: UX533FD.300
        Release Date: 11/15/2018
        Address: 0xF0000
        Runtime Size: 64 kB
        ROM Size: 16 MB
        Characteristics:
                PCI is supported
                BIOS is upgradeable
                BIOS shadowing is allowed
                Boot from CD is supported
                Selectable boot is supported
                BIOS ROM is socketed
                EDD is supported
                5.25"/1.2 MB floppy services are supported (int 13h)
                3.5"/720 kB floppy services are supported (int 13h)
                3.5"/2.88 MB floppy services are supported (int 13h)
                Print screen service is supported (int 5h)
                8042 keyboard services are supported (int 9h)
                Serial services are supported (int 14h)
                Printer services are supported (int 17h)
                ACPI is supported
                USB legacy is supported
                Smart battery is supported
                BIOS boot specification is supported
                Targeted content distribution is supported
                UEFI is supported
        BIOS Revision: 5.13

Then I've tried to update intel-ucode to the latest version, the problem is still the same, I had to downgrade to 20180807.a-1

[jerbob92]

@jledun that BIOS version is not up-to-date enough to have the latest microcode.

[jledun]

That's the only one I can download from asus/fr/support. There's a difference in the date of the release, I've downloaded version 330 of 2019/01/17 but dmidecode says it have been released on 2018/11/15... So where can I find latest versions ?

[jerbob92]

@jledun It could be there isn't a newer version available. My laptop also only has a 2018 BIOS available.

[Heidistein]

Thanks for the corrections my new bios already ships the latest microcode, I should have read that.

This morning I updated, and a 'new' microcode was available (not at all new, but I excluded the update from dnf), installing the 20190514 version. Which indeed breaks on BIOS mentioned by me above.

[ivanpostolski]

Hey. Same issue here with an ASUS UX433FA, Does worth the shot to upgrade the BIOS? I got the UX433FA.301 version. Downgrading the microcode version works, but what are the risks?

[peppercat10]

I had the same issue on a UX333FA. I fixed it by replacing GRUB with rEFInd.

[naijopkr]

Just updated the BIOS to version 306 and it seems that the boot problem is solved. Although it still shows on dmesg microcode updated early to revision.

[svedrenne]

@naijopkr Just curious, what laptop model do you have?

I have an ASUS UX533FN, and I just checked ASUS support website here: https://www.asus.com/Laptops/ASUS-Zenbook-15-UX533FN/HelpDesk_BIOS/ and I see a new version is available, BIOS version 302 for UX533FN, 2019/06/14. Exciting! I'm going to try this out ASAP (when I'm not busy with real work).

[naijopkr]

@svedrenne I have an ASUS UX333FA

[Phenecy]

@svedrenne Did u commit update? I'm currently at UX533FD and experiencing issue with fans at newer BIOS. Main-Left fan is not working at OS mode both Windows or Linux systems. But it works properly in bios. I'm afraid my laptop gonna melt. PS: only alternative fan is working (which is right under monitor). Probably they did something with ACPI controls. Unfortunately can't downgrade back to BIOS.300. Any help? @mcu-administrator