Hi Christian,
On Wed, Feb 1, 2023 at 2:26 AM Christian Gelinek
<christian.geli...@mailbox.org> wrote:
>
> On the same machine, I have run Debian 11 Live from a USB drive:
>
> Vulnerability Spectre v2: Mitigation; Enhanced IBRS, IBPB
> conditional, RSB filling, PBRSB-eIBRS SW sequence
Looks like the "Enhanced IBRS" feature is not active on your machine.
Intel submitted it to the kernel in 2018. [1]
Per the comments in the code it is only needed for firmware, but still
something seems to be not quite right with our kernels—or with their
initialization after booting.
Could you please check the output of 'lscpu' after running the
following command in a Bourne-compatible shell:
echo 1 > /proc/sys/kernel/ibrs_enabled
as described here? [2]
We may have to look at the other missing features too, which are:
"IBPB conditional, RSB filling, PBRSB-eIBRS SW sequence".
Thanks for helping to make Guix better (and safer) for everyone!
Kind regards
Felix Lechner
[1] https://lkml.iu.edu/hypermail/linux/kernel/1807.3/00923.html
[2]
https://www.linuxquestions.org/questions/slackware-14/how-to-enable-ibrs-support-4175671384/
