On Mon, 19 Nov 2018, Arjan van de Ven wrote: > In the documentation, AMD officially recommends against this by default, > and I can speak for Intel that our position is that as well: this really > must not be on by default. Thanks for pointing to the AMD doc, it's indeed clearly stated there. Is there any chance this could perhaps be added to Intel documentation as well, so that we avoid cases like this in the future? The revision 3.0 of Intel doc from may 2018 [1] I am always looking into doesn't say anything discouraging about STIBP to me. [1] https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf?_gclid=5b78f4d130faf8.22277271-5b78f4d130fb70.17467890&_utm_source=xakep&_utm_campaign=mention177777&_utm_medium=inline&_utm_content=lnk223716354570 Thanks, -- Jiri Kosina SUSE Labs