Update: since Ubuntu 18.04 this is not longer necessary as the software update triggers this and everything is done automatically.
In the following I describe the process to update the BIOS of a Lenovo Laptop that runs Linux for the recent problems related to Spectre.
1. Download the BIOS update “Bootable CD” from Lenovo, which is just an ISO image. For example for the Thinkpad T460 download it from here.
2. Extract the BIOS from the ISO as otherwise “dd” cannot copy the ISO properly:
geteltorito -o bios.img /home/user/Downloads/r06uj58d.iso
Check that the USB stick is really at /dev/sdb (confirm size)
sudo fdisk -l /dev/sdb
3. Copy the BIOS to some USB stick:
sudo dd if=bios.img of=/dev/sdb && sync
4. Reboot and while you see “To interrupt normal startup, press Enter” at boot press F1 to boot from USB. Follow the instructions after you connected your Laptop to the power cable, otherwise the update will not proceed.
Now when have updated the BIOS you should see a new BIOS version 1.32/1.11 (BIOS/EC ID: R06ET58W/R06HT31W) in the BIOS setup.
As I understand this fixes the Spectre vulnerability only. To improve the situation related to the so called Meltdown problem do a software update:
apt update && apt upgrade
Afterwards you should have at least kernel version 4.4.0-109:
$ uname -r 4.4.0-109-generic
Karussell 