If I understood information here correctly, you can currently play with following mitigations. More will surely show up over time.
Value | Platform | CVE | Notes |
1 | Intel | CVE-2017-5715 | Disables Spectre Variant 2 mitigation |
2 | Intel | CVE-2017-5754 | Disables Meltdown mitigation |
8 | Intel | CVE-2018-3639 | Enables Speculative Store Bypass mitigation |
64 | AMD | CVE-2017-5715 | Enable Spectre Variant 2 mitigation on AMD |
Combinational values that are seen
- 0 – enable Spectre/Meltdown on Intel
- 3 = 2 +1 – disable Spectre/Meltdown on Intel
By adding bits together, you could create your custom mitigations. For example:
- 72 = 64+8 enable all mitigations on all platforms.
- 11 = 8+2+1 enable CVE-2018-3639 but disable CVE-2017-5715 and CVE-2017-5754
I’m not sure if these values would make any sense or work at all but my guess is that they will not crash anything. By observation, i think each mitigation is optional and can be enabled atomatically if hardware/microcode supports it. I don’t have an AMD at hand but someone could try out these homebrew combinations.