throgh - Looking forward to this exciting new evolution!

Didn't know OpenBSD - or any BSD - was my kind of thing, even, but I do now

first just make some tea and relax, the nations are in needs for hard workers like you
i will describe the things as i can below.

first in hyperbola gnu linux stage: unless you are a big boss who holds a lot of money or power or engaged with mafia, yakuza, or deepweb activities you may rest assured that malicious hacker probably has no interest to exploit your computer. your chances on accidentaly meet malicious code and robots are pretty slim as well and those malicious code first must breach into your system too.

second stage when hyperbsd is finished: if you still paranoid with first stage, you dont have to worry anymore as hyperbsd based on a super secure openbsd, no advanced tweaks needed as these distribution are secure from the ground up.

you might find many articles on the net this is the example one:
https://why-openbsd.rocks/fact/meltdown-spectre/

Well, Hyperbola won't install any kind of mirocode. That is especially the point about rejecting firmware-blobs. To make that part clear: We will never include binary blobs into the Hyperbola-system being not open before compilation.

For GNU/Linux-libre there are therefore only that mitigations available we have done. HyperbolaBSD will get even more attention possible!

I'm not asking for binary blobs to be included in the kernel, not at all. I don't have the knowledge about what intel microcode even is. Are we sure that those are blobs? Or are they just patches?

Forgive me,, for I have been working a lot and am tired but I wanted to get this out

From the responses so far I think we need to re-look at what mitigations are available. The mainline Linux kernel has made mitigations but some options apparently have to be turned on in the compile process. So, it would just be a matter setting the defaults for the Linux-libre kernel at compile time to cover these vulnerabilities. The issue I see on my computer is that some but not all have been 'patched' or configured with the safe defaults.

With that being the case, the safe defaults are in line with Hyperbola policy

Unless I totally misunderstood, tho. But I do gather that microcode is but only one of the mitigations, the other is changes to the kernel itself. It must be stressed that Spectre affects even ARM and MIPS cpus, and I am left with the impression that this affects all kernels

Information can be found here and some astute kernel person can make the appropriate decisions:

https://docs.kernel.org/admin-guide/hw-vuln/
https://docs.kernel.org/admin-guide/hw- … ectre.html
https://wiki.archlinux.org/title/Microcode
https://wiki.archlinux.org/title/Security#CPU

Excited for HyperbolaBSD-libre btw

For GNU/Linux-libre there are therefore only that mitigations available we have done. HyperbolaBSD will get even more attention possible!

spec_store_bypass:Vulnerable

spectre_v2:Vulnerable: eIBRS with unprivileged eBPF
grep $ /sys/devices/system/cpu/vulnerabilities/*

Currently there remain a few open vulnerabilities as far as my kernel tells me.

Also I think we require packages to install "microcode", I am not sure of their licenses but they aren't in our

Mitigations should be loaded early in boot process per Arch wiki, before the initramfs