Disable Spectre and Meltdown mitigations

A number of kernel boot parameters are available to disable or fine-tune hardware vulnerability mitigations:

• for Spectre v1 and v2: nospectre_v1 (x86, PowerPC), nospectre_v2 (x86, PowerPC, S/390, ARM64), spectre_v2_user=off (x86)
• for SSB: spec_store_bypass_disable=off (x86, PowerPC), ssbd=force-off (ARM64)
• for L1TF: l1tf=off (x86)
• for MDS: mds=off (x86)
• for TAA: tsx_async_abort=off
• for iTLB multihit: nx_huge_pages=off
• KPTI can be disabled with nopti (x86, PowerPC) or kpti=0 (ARM64)
• TSX async abort: tsx_async_abort=off (x86)
• KVM NX huge pages: kvm.nx_huge_pages=off (x86)

A meta-parameter, mitigations, was introduced in 5.2 and back-ported to 5.1.2, 5.0.16, and 4.19.43 (and perhaps others). It can be used to control all mitigations, on all architectures, as follows:

• mitigations=off will disable all optional CPU mitigations;
• mitigations=auto (the default setting) will mitigate all known CPU vulnerabilities, but leave SMT enabled (if it is already);
• mitigations=auto,nosmt will mitigate all known CPU vulnerabilities and disable SMT if appropriate.

Some of these can be toggled at runtime; see the linked documentation for details.

With a kernel 5.1.13 or newer :

On boot parameter you can use

mitigations=off 

With a kernel older than 5.1.13 :

noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off 

Add either mitigations=off or that long one-liner to your /etc/sysconfig/grub and re-generate grub's configuration file with

grub2-mkconfig

(your distributions procedure will vary).

Debian/Ubuntu derived distributions:

Edit the file /etc/default/grub then run the commands

update-grub

followed by

grub-install /dev/sdX

where X is replaced by the relevant OS drive, usually a as in /dev/sda