Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regarding the IndirectBranchRestriciveSpeculation fix for Spectre 2 #71

Closed
ghost opened this issue Feb 8, 2019 · 1 comment
Closed

Regarding the IndirectBranchRestriciveSpeculation fix for Spectre 2 #71

ghost opened this issue Feb 8, 2019 · 1 comment
Labels
enhancement

Comments

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@q5sys
@ghost
Copy link

@ghost ghost commented Feb 8, 2019

On Trident I checked the state of the ibrs with
sysctl hw.ibrs_active
It came back false, meaning speculative execution was NOT restricted.
I discovered the ability to disable ibrs was true, that is, the configurable
sysctl hw.ibrs_disable
was true.

To ensure the ibrs could NOT be disabled I used
sudo sysctl hw.ibrs_disable=0

Then,
sysctl hw.ibrs_active
came back true.

For this to persist, however, across re-starts of the pc I edited
/etc/sysctl.conf
by adding
hw.ibrs_disable=0

So, shouldn’t my modification to sysctl.conf be part of the default Trident installation, or at least a choice during installation or updates?
@q5sys
Copy link
Member

@q5sys q5sys commented Feb 12, 2019

We will have to talk about this internally. Personally, I'm in favor of having speculative execution protection enabled but not restrict a user from disabling it on offline machines if they choose to. Their machine == their choice.
I'm not opposed to requiring a user to have to reboot if they want to turn it off.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment