Commit 20b79c23 authored by intrigeri's avatar intrigeri
Browse files

Install Intel processor microcode firmware from stretch-backports (refs: #15173).

The maintainer of intel-microcode in Debian carefully uploads to
stretch-backports updates he thinks are safe for stable users. For example,
right now stretch-backports has 3.20171117.1~bpo9+1 which is the latest
available version that's not affected by the many regressions introduced by

This commit does *not* currently give us IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation: the currently available firmware with that support
is too buggy. Instead, it:

 - updates microcode firmware to the latest good enough version, which usually
   brings important bugfixes;
 - paves the way for us to get this mitigation whenever it is ready in a form
   that the maintainer of intel-microcode in Debian thinks can be safely pushed
   to Debian stable users.
parent 1e8adcc9
......@@ -36,6 +36,10 @@ Package: gir1.2-gdkpixbuf-2.0 libgdk-pixbuf2.0-*
Pin: version 2.36.5-2.0tails*
Pin-Priority: -1
Package: intel-microcode
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-source-*
Pin: release o=Debian,n=sid
Pin-Priority: 999
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment