Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they also have prepared PV-in-PVH mode that mitigates it also for PVs. (This probably won't work for CPUs without VT-x/AMD-v, but those are rare today. It also probably won't work for VMs with PCI devices if system does not support IOMMU (AKA VT-d), but in this case, you are already doomed due to DMA attacks.) So, Meltdown seems to be easily mitigated, it is just matter of time.
It seems that PV-in-PVH is going to fix some other issues. IIUC, it should mitigate all PV-specific vulnerabilities and even bring PVH for stubdoms, which sounds as a nice side effect of Meltdown fix. Spectre is harder to mitigate and you might need microcode update. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cedfb1cc-f143-4e68-952f-92ecdbf7f20b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
