I’ve seen a video from CTT demonstrating the <10 performance boosts by simply off the mitigation. The system will be secure for personal use as before.

  • dack@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    The system will be secure for personal use as before.

    I wouldn’t be so sure of that. CPU side channels allow data to be leaked across security contexts. For example, from a user process to sandboxed JavaScript in a browser, from kernel space to user space, or from one containerized process to another. This is a problem even on a single user system without any VMs.

    • StarDreamer@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      Many years ago when I was still doing my undergrad I had a cyber security prof talk about side channels:

      ”There’s no way to prevent side-channels. As long as two components are sharing the same physical resource there will be side channels. The only problem is that these side channels are leaking way more bits than we expected.”

      So the question here is how big does the side channel need to be to leak something sensitive from memory? Turning off mitigations will almost certainly lead to larger side channels. Whether that is worth the risk is up to you.