Spectre 2 ibrs states


Regarding the IndirectBranchRestriciveSpeculation fix for Spectre 2

On Trident I checked the state of the ibrs with
sysctl hw.ibrs_active
It came back false, meaning speculative execution was NOT restricted.
I discovered the ability to disable ibrs was true, that is, the configurable
sysctl hw.ibrs_disable
was true.

To ensure the ibrs could NOT be disabled I used
sudo sysctl hw.ibrs_disable=0

sysctl hw.ibrs_active
came back true.

For this to persist, however, across re-starts of the pc I edited
by adding

So, shouldn’t the modification to sysctl.conf be part of the Trident installation?



head over to https://github.com/project-trident and file a Pull Request


Last I heard there were performance impacts to a lot of the Spectre mitigations, so that may be why it is not enabled by default.


Thanks Rod,

From the site it seems I’d have to create a fork or branch of Project trident to create a pull request - which is way out of my league.

Are you sure?

I’m willing to give it a go - but reticent I might stuff it up!



the original code was a piece of dung. machines took a major performance hit