Thanks for the replies. When I run the "spectre-meltdown-checker.sh" script [github.com/speed47] I see that even using a recent kernel [4.15-rc8] only Meltdown is covered.
The two mitigations for Spectre [IBRS or kernel compiled with "retpoline" option with a retpoline-aware compiler] are harder for me to achieve. The latter requires a retpoline-aware version of gcc - did anyone try to make one? Even then, it seems I need "reptoline-aware" versions of things like Firefox. I have explored disabling javascript in Firefox on a per-site basis, but this cannot be the future [devuan has old versions of Policy-Control addon compared to [say] antix-17]. Early days. I hate Intel for creating this mess and for the Management Engine fiasco. I had been using a "libre" [de-blobbed] kernel. Now I must use the blobby 4.15-rc8 kernel AND learn about firmware, which means per-arch /lib..? jacksprat
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng