kodicd Hi, if I want to speed up an atom-based Solus 4 (and I know of the implication...) by diabling Spectre and Meltdown mitigations (speculative execution) - is this the right thing to do? echo 'noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off' | sudo tee /etc/kernel/cmdline Thanks!
striizi As of kernel version 5.0.16 it is sufficient to simply use mitigations=off, I believe. The place to put the commands should be /etc/kernel/cmdline according to the help center entry. However, I found that in my system the parameters are stored in /proc/cmdline. Maybe, someone more qualified can comment on best practice.
kodicd Thanks for your reply. Yes, "mitigations=off" is for 5.1.2, 5.0.16, 4.19.43, 4.9.176 and 4.14.119. Can someone add best practice thoughts?
kodicd Haha 😉 Yes, but I want TO KNOW if an echo 'mitigations=off' | sudo tee /etc/kernel/cmdline" will do what I expect.
Justin sundial Hah. That's easy, buy a new CPU. 😃 arkhenius Unfortunately that's beyond my understanding, hopefully, one of our other team members can help @DataDrake/@JoshStrobl?
arkhenius @Justin I was actually wondering how this is implemented for Intel and AMD CPUs. Are all mitigations activated automatically regardless of the architecture, or does the kernel understand against which vulnerabilities the CPU is not protected and enables only those ones. As AMD is inherently not vulnerable for some of them, I would like to disable those mitigations specifically if I need to.
DataDrake arkhenius The kernel automatically enables the mitigations for your architecture. AMD and Intel have made changes to the kernel to select only the necessary mitigations for their products. For AMD, this means far fewer mitigations overall.