Aarch64 SoCs may have very different list of vulnerabilities and their mitigation depending upon which revision of the Cortex IP is being implemented. Although this may depend on the specifics of kernel and userspace being used but its still useful to track.
From sysfs, this info is available under /sys/devices/system/cpu/vulnerabilities/.
Each known vulnerability is in its own file, and all of them can be read from a single string like so:
(*the example is from amd64 machine but works fine on arm64)
# for file in /sys/devices/system/cpu/vulnerabilities/*; do echo "$file"; cat "$file"; done
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf
Not affected
/sys/devices/system/cpu/vulnerabilities/mds
Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown
Not affected
/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
Not affected
/sys/devices/system/cpu/vulnerabilities/retbleed
Mitigation: untrained return thunk; SMT enabled with STIBP protection
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
Mitigation: Speculative Store Bypass disabled via prctl
/sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Retpolines, IBPB: conditional, STIBP: always-on, RSB filling, PBRSB-eIBRS: Not affected
/sys/devices/system/cpu/vulnerabilities/srbds
Not affected
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
Not affected
Aarch64 SoCs may have very different list of vulnerabilities and their mitigation depending upon which revision of the Cortex IP is being implemented. Although this may depend on the specifics of kernel and userspace being used but its still useful to track.
From sysfs, this info is available under
/sys/devices/system/cpu/vulnerabilities/.Each known vulnerability is in its own file, and all of them can be read from a single string like so: (*the example is from amd64 machine but works fine on arm64)