In /etc/default/grub
, modify:
noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off
Then sudo update-grub
from https:// make-linux-fast-again.com/ This domain does not seem to be maintained any longer.
noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off
Here are some explanations from ChatGPT:
These kernel parameters are related to security and performance mitigations that can be enabled or disabled in the Linux kernel. Here is a brief explanation of each of them:
noibrs: Disables the Indirect Branch Restricted Speculation (IBRS) feature, which is a hardware mitigation for Spectre variant 2 (CVE-2017-5715). Disabling this feature can improve performance, but it can also make the system more vulnerable to Spectre variant 2 attacks.
noibpb: Disables the Indirect Branch Predictor Barrier (IBPB) feature, which is a software mitigation for Spectre variant 2. Disabling this feature can improve performance, but it can also make the system more vulnerable to Spectre variant 2 attacks.
nopti: Disables the Kernel Page Table Isolation (KPTI) feature, which is a software mitigation for Meltdown (CVE-2017-5754). Disabling this feature can improve performance, but it can also make the system more vulnerable to Meltdown attacks.
nospectre_v2: Disables all mitigations for Spectre variant 2, including IBRS and IBPB. This can significantly improve performance, but it can also make the system more vulnerable to Spectre variant 2 attacks.
nospectre_v1: Disables all mitigations for Spectre variant 1 (CVE-2017-5753). This can improve performance, but it can also make the system more vulnerable to Spectre variant 1 attacks.
l1tf=off: Disables the L1 Terminal Fault (L1TF) mitigation, which is a hardware mitigation for L1TF (CVE-2018-3620 and CVE-2018-3646). Disabling this feature can improve performance, but it can also make the system more vulnerable to L1TF attacks.
nospec_store_bypass_disable: Disables the Speculative Store Bypass Disable (SSBD) feature, which is a hardware mitigation for Spectre variant 4 (CVE-2018-3639). Disabling this feature can improve performance, but it can also make the system more vulnerable to Spectre variant 4 attacks.
no_stf_barrier: Disables the Single Thread Indirect Branch Predictors (STIBP) feature, which is a hardware mitigation for Spectre variant 2. Disabling this feature can improve performance, but it can also make the system more vulnerable to Spectre variant 2 attacks.
mds=off: Disables the Microarchitectural Data Sampling (MDS) mitigation, which is a hardware mitigation for MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091). Disabling this feature can improve performance, but it can also make the system more vulnerable to MDS attacks.
tsx=on: Enables Intel Transactional Synchronization Extensions (TSX), which can improve performance for certain workloads that use transactional memory.
tsx_async_abort=off: Disables the TSX Asynchronous Abort (TAA) mitigation, which is a hardware mitigation for TAA (CVE-2019-11135). Disabling this feature can improve performance, but it can also make the system more vulnerable to TAA attacks.
mitigations=off: Disables all security mitigations. This can significantly improve performance, but it can also make the system very vulnerable to security attacks.
It's worth noting that disabling security mitigations can significantly increase the risk of security attacks on the system, so it's important to understand the potential risks before using these kernel parameters.