S obzirom da ovi FIX-ovi nisu neophodni za Desktop korisnike, njihovo gašenje donosi poboljšanje u performansama.
Ukoliko ste Linux Desktop korisnik, imate tu sreću da developeri Linux kernela dodali switcheve za gašenje ovih pošasti.
Izmenite grub
/etc/default/grub
Na postojeću vrednost (ovako je kod mene)
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
dodajte
pti=off nospec_store_bypass_disable no_stf_barrier l1tf=off spectre_v2=off kvm-intel.vmentry_l1d_flush=never
Na kraju to izgleda ovako
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nospec_store_bypass_disable no_stf_barrier l1tf=off spectre_v2=off kvm-intel.vmentry_l1d_flush=never"
Sačuvajte fajl, ažurirajte GRUB.
sudo update-grub
Restartujte sistem.
Provera:
dmesg | grep "isolation"
Željeni output:
[ 0.000000] Kernel/User page tables isolation: disabled on command line.
cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: PTE Inversion; VMX: vulnerable
Izvori:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
