On 02/02/18 17:49, J. Bruce Fields wrote: <> >> What about a different interface for a "trusted" binary with "Spectre >> mitigation" off. I know Redhat guys have a project where they want to >> sign and verify by Kernel all systemd /sbin/* binaries. If these >> binaries have such an hardened trust could we make them faster? (ie >> back to regular speed) > > I don't think that helps. > If that does not help then I'm clueless. I understood that the slowdown is because some CPU pipelines need stalling (flushing) because back-from-kernel call in usermode can (theoretically) inspect the other side of the un-taken speculated branch ..... So if I trust the user-mode app I can trust it will not misuse that info? But again I'm completely clueless. What else then "app trust" can there be? > --b. > Thanks Boaz
