Skip to content

Instantly share code, notes, and snippets.

@natesubra

natesubra/disable_mitigations.md

Last active September 22, 2021 19:27
Show Gist options
  • Save natesubra/633676b238bc677a2a088359a771c27f to your computer and use it in GitHub Desktop.
Save natesubra/633676b238bc677a2a088359a771c27f to your computer and use it in GitHub Desktop.
Download ZIP
ESXI Homelab Disable Spectre/Meltdown/SSBD
Raw
disable_mitigations.md

ESXI Mitigations Disable

I recommend this only be done on homelab/segmented hardware. This will make your host vulnerable to these exploits.

Depending on your CPU generation, you can regain 20-30% performance.

Spectre/Meltdown

Ref1

  1. SSH to ESXI Host
  2. vi /etc/vmware/config
  3. add the line:

Version 1 (Spectrev4/Meltdown/Spectre)

cpuid.7.edx = "0---:00--:----:----:----:----:----:----"

Version 2 (Spectre only)

cpuid.7.edx = "0---:----:----:----:----:----:----:----"
  1. Run /sbin/auto-backup.sh to ensure config is re-applied on boot

Disable SSBD

Ref

  1. SSH to ESXI Host

  2. Check settings

    esxcli system settings kernel list -o hyperthreadingMitigation
esxcli system settings kernel list -o hyperthreadingMitigationIntraVM

  3. Enable v2 Scheduler (90-100% of performance):

    esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE

Option B (fully disabled, 100% perf):

esxcli system settings kernel set -s hyperthreadingMitigation -v FALSE
esxcli system settings kernel set -s hyperthreadingMitigationIntraVM -v FALSE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment