You are not logged in.

#1 2018-08-15 21:03:33

flower
Member
Registered: 2018-07-07
Posts: 17

Unsafe but speed optimized kernel

Hello,

with all that spectre bug fixes and performance regressions i would like touse a kernel which fits more to my security profile.

eg: i dont need protection against malicios vm's, users or processes.
but i still need protection against remote or js attack vectors.

i know that more security is always better. but for MY desktop at home performance is just more important.

my main problem atm is that i am not sure which of the spectre vulns can be used through js.

is there any interest in using such a kernel from other arch users?
or is there anybody who already has such a kernel and willing to put it in AUR?

regards

Offline

#2 2018-08-15 21:17:17

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: Unsafe but speed optimized kernel

All mitigations apart from spectre v1 can be disabled with Kernel_parameters.  Spectre v1 can not be disabled without reverting the commits that introduced it.
If your trust the browsers mitigations to prevent accurate timing from JS etc then you could disable all the mitigations.

Offline

#3 2018-08-15 21:20:09

flower
Member
Registered: 2018-07-07
Posts: 17

Re: Unsafe but speed optimized kernel

loqs wrote:

All mitigations apart from spectre v1 can be disabled with Kernel_parameters.  Spectre v1 can not be disabled without reverting the commits that introduced it.
If your trust the browsers mitigations to prevent accurate timing from JS etc then you could disable all the mitigations.

seems doable; thank you.
i'll go check the perf impact of specte v1 then and see if i should remove it

Offline

Board footer

Powered by FluxBB