Centralized CPU issue mitigation control (incl. CPU side-channel leak attacks)
This document (7023836) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 11
All CPU side channel mitigations are disabled. This setting gives the highest performance, but least security and should only be used in settings where no untrusted code is used.
mitigations=autoAll CPU side channel mitigations are enabled as they are detected based on the CPU type. The auto-detection handles both unaffected older CPUs and unaffected newly released CPUs and transparently disables mitigations.
This options leave SMT enabled.
mitigations=auto,nosmtThe same as the auto option for mitigations, additionally the symmetric multi-threading of the CPU is disabled if necessary, for instance to mitigate the L1 Terminal Fault side channel issue.
TID 000019643 - Security Vulnerability: Special Register Buffer Data Sampling aka CrossTalk (CVE-2020-0543)
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023836
- Creation Date: 24-Apr-2019
- Modified Date:11-Jun-2020
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com