With AMD Zen 4, It's Surprisingly Not Worthwhile Disabling CPU Security Mitigations
1 min read
Oct 05, 2022
While some Linux enthusiasts eagerly recommend users boot their systems with the "mitigations=off" kernel parameter for run-time disabling of various relevant CPU security mitigations for Spectre, Meltdown, L1TF, TAA, Retbleed, and friends, with the new AMD Ryzen 7000 "Zen 4" processors while still needing some software mitigations, it's surprisingly faster for the most part leaving the relevant mitigations enabled.
With AMD Zen 4 processors and the currently public security disclosures, Linux 6.0 on the Ryzen 7000 series CPUs has Speculative Store Bypass disabled via prctl for the SSBD / Spectre V4 mitigation and Spectre V1 mitigations of usercopy/SWAPGS barriers and __user pointer sanitization. Then for Spectre V2 there are Retpolines, conditional Indirect Branch Predictor Barriers (IBPB), IBRS firmware, always-on Single Threaded Indirect Branch Predictors (STIBP), and return stack buffer (RSB) filling. Those are the only software security mitigations involved with Zen 4 at this time with the new CPUs not being vulnerable to the assortment of other known vulnerabilities affecting different CPUs.
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
Navigating the Open Source Security Landscape in 2024
1 - 0 min read
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
1 - 0 min read
Tsurugi Linux: A Game-Changing DFIR Analysis Tool
1 - 0 min read
Hackers' Backdoor: Warning of New Linux Kernel Vulnerability
1 - 0 min read
Ansible Vulnerability Opens Door to Sensitive Data Leaks
