Another side effects of Spectre mitigation in Intel microcode

Don’t install latest intel-microcode on Ubuntu

Ubuntu shipped an updated package for intel-microcode on Thursday 29th March to mitigate Spectre:

intel-microcode (3.20180312.0~ubuntu17.10.1) artful-security; urgency=medium
* SECURITY UPDATE: New upstream microcode data file 20180312 to provide
IBRS/IBPB/STIBP microcode support for Spectre variant 2 mitigation

Unfortunately, it blocked the boot process on my PC with logs like :
NMI watchdog: Watchdog detected hard LOCKUP on cpu 0
…repeating for each CPU.

There’s a bug report open on LaunchPad.

Workaround

1a. Boot the system with a previous kernel which uses the previous microcode
or
1b. Boot with the dis_ucode_ldr kernel boot parameter to temporary disable loading the Intel microcode (see https://wiki.ubuntu.com/Kernel/KernelBootParameters)

2. Install the previous version of the package from Ubuntu repo

3. Hold the package

… and wait for a bugfix 🙂