Spectre (security vulnerability) fix
Posted: Thu Jul 30, 2020 8:54 pm
Hi,
As the Spectre (security vulnerability) is going to be an ongoing issue generally for many PCs would you consider applying the partial fix in sysctl as standard?
Currently I prevent the disable of IBRS (ie make it permanently active) by creating in /etc/sysctl.d/ a conf file containing:
# Set the IndirectBranchRestriciveSpeculation fix for Spectre 2
hw.ibrs_disable=0
This then prevents services from being able to disable the restricted speculation on-the-fly.
Steve
As the Spectre (security vulnerability) is going to be an ongoing issue generally for many PCs would you consider applying the partial fix in sysctl as standard?
Currently I prevent the disable of IBRS (ie make it permanently active) by creating in /etc/sysctl.d/ a conf file containing:
# Set the IndirectBranchRestriciveSpeculation fix for Spectre 2
hw.ibrs_disable=0
This then prevents services from being able to disable the restricted speculation on-the-fly.
Steve