--- wikisrc/security/meltdown_spectre.mdwn 2018/03/16 10:08:00 1.18 +++ wikisrc/security/meltdown_spectre.mdwn 2018/04/04 13:05:14 1.19 @@ -26,8 +26,8 @@ riscv |(Spec.) |Not vulnerable | | | [[!table data=""" Port |Vendor/Model |Spectre (V2) |NetBSD-7 |NetBSD-8 |NetBSD-current -amd64 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed -amd64 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed +amd64 |Intel |Vulnerable |Not fixed |Not fixed |Fixed [MitigB] +amd64 |AMD |Vulnerable |Not fixed |Not fixed |Fixed [MitigC] amd64 |VIA |Unknown | | | i386 |Intel |Vulnerable |Not fixed |Not fixed |Not fixed i386 |AMD |Vulnerable |Not fixed |Not fixed |Not fixed @@ -63,6 +63,20 @@ riscv |(Spec.) |Not vulnerable | | | Meltdown is mitigated with the SVS feature. It can be dynamically disabled by changing the "machdep.svs.enabled" sysctl. +### Mitigation B: Intel IBRS + +SpectreV2 can be mitigated with the IBRS method (Intel only for now). If +the CPU supports this method, it is used automatically. It can be +dynamically disabled by changing the "machdep.spectre_v2.mitigated" +sysctl. + +### Mitigation C: AMD DIS_IND + +SpectreV2 can be mitigated with the DIS_IND method, available only on a +few AMD families. If the CPU supports this method, it is used +automatically. It can be dynamically disabled by changing the +"machdep.spectre_v2.mitigated" sysctl. + ## External Resources * [MIPS Blog Post](https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/)