I've recently bought a J4125 based X86 router. I've added mitigations=off line to the /boot/grub/grub.cfg kernel line but when I check cat /sys/module/i915/parameters/mitigations it says auto. How can I make sure that the mitigations are off?
What is the output of grep . /sys/devices/system/cpu/vulnerabilities/* ? cat /sys/module/i915/parameters/mitigations may not be the correct way to check, as that is related to the Intel graphics driver.
Here is for a x86_64 device without mitigations=off:
# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data:Not affected
/sys/devices/system/cpu/vulnerabilities/retbleed:Mitigation: untrained return thunk; SMT disabled
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Retpolines, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
There is some of this in the current BIOS revision, not sure if I loaded the intel-microcode update this time, or if it would add any new ones on my processor. Edit: No, I don't, new one is not installed. Not convenient to try it now, think it has to have a reboot to go into effect. Perhaps later.
Edit: It's late... I see that it's saying that I DO have the Spectre stuff on... rather than not... sorry.
Looking forward to the benchmarks as well... I have no idea how to disable it though.