On Tue, 26 Jan 2021, Julien Grall wrote: > Hi Stefano, > > On 25/01/2021 21:27, Stefano Stabellini wrote: > > config ARM_SSBD > > - bool "Speculative Store Bypass Disable" if EXPERT > > + bool "Speculative Store Bypass Disable (UNSUPPORTED)" if UNSUPPORTED > > depends on HAS_ALTERNATIVE > > default y > > help > > @@ -87,7 +87,7 @@ config ARM_SSBD > > If unsure, say Y. > > config HARDEN_BRANCH_PREDICTOR > > - bool "Harden the branch predictor against aliasing attacks" if EXPERT > > + bool "Harden the branch predictor against aliasing attacks > > (UNSUPPORTED)" if UNSUPPORTED > > default y > > help > > Speculation attacks against some high-performance processors rely on > > I read through the back and forth between Bertrand and Jan about > "UNSUPPORTED". However, I still don't understand why those two options are > moved to UNSUPPORTED. > > Both options will only build the code to enable the mitigation. The decision > is still based on the processor you are running on. > > In addition to that, ARM_SSBD can also be forced enabled/disabled on the > command line.
Yes, you are right. HARDEN_BRANCH_PREDICTOR and ARM_SSBD should remain EXPERT as they are today. It was a mistake to change them to UNSUPPORTED. > A user may want to compile out the code if the target processor is not the > affected by the two issues. This wouldn't be much different to Xen deciding to > not enabling the mitigation. > > I would view the two options as supported but not security supported. So this > seems to fit exactly in the definition of EXPERT rather than UNSUPPORTED. Yes, I'll leave them unmodified.
