hey there
Anyone running Qubes on Ryzen 5 cpu ?
If you do, are you vulnerable against Speculative Store Bypass ? Old topic, I know
I have the latest R4.2.4
I have the same output for 3400G and 3600 cpus
Vulnerabilities:
Gather data sampling: Not affected
Indirect target selection: Not affected
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Reg file data sampling: Not affected
Retbleed: Mitigation; untrained return thunk; SMT disabled
Spec rstack overflow: Mitigation; SMT disabled
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines; IBPB conditional; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
Srbds: Not affected
Tsa: Not affected
Tsx async abort: Not affected
(XEN) Speculative mitigation facilities:
(XEN) Hardware hints: IBRS_FAST IBRS_SAME_MODE
(XEN) Hardware features: IBPB STIBP SSBD
(XEN) Compiled-in support: INDIRECT_THUNK RETURN_THUNK HARDEN_ARRAY HARDEN_BRANCH HARDEN_GUEST_ACCESS HARDEN_LOCK
(XEN) Xen settings: BTI-Thunk: RETPOLINE, SPEC_CTRL: No STIBP+ SSBD+, Other: BRANCH_HARDEN
(XEN) Support for HVM VMs: RSB IBPB-entry
(XEN) Support for PV VMs: IBPB-entry
(XEN) XPTI (64-bit PV only): Dom0 disabled, DomU disabled (without PCID)
(XEN) PV L1TF shadowing: Dom0 disabled, DomU disabled
I tried āspec-ctrl=ssbd=1ā on the xen command line, I see it applies with SSBD+ in āxl dmesgā but I also see āSPEC_CTRL: Noā , which Iām unable to control and looks like its dependent on IBRS support.
Am I overlooking something, or I have to live with it (I would be surprised)?
much appreciated
edit: ās/smt-ctl=ssbd=1/spec-ctrl=ssbd=1/ā