On Tue, 10 Apr 2018, Niclas Arndt wrote: > 1. Can the latest microcode updates still in stretch-backports be > trusted to run properly by now? > https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
Yes, these microcode updates are stable. The same might or might not be true for your kernel when it activates the new codepaths to support IBPB and IBRS (the new functionality added by the Spectre-related microcode updates), though. This is the reason we are waiting for at least one extra month yet before we push them to Debian stable and oldstable. If the kernel malfunctions on the new microcode, boot with "noibpb" and/or "noibrs" to disable the new codepaths. -- Henrique Holschuh
