samcday
commented
2 months ago Mmmph, well ....
Turns out re-enabling SMT is typical enough that it's an example in the page that documents modifying kernel arguments :) https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/#_removing_existing_kernel_arguments
The discussion in upstream https://github.com/coreos/fedora-coreos-tracker/issues/181 explains it well enough. I agree with the FCOS choice to default insecure SMT to disabled. It's a pretty significant thing to do, though. I wish they'd surfaced it better in documentation. Maybe even notify the operator of it in /etc/motd on first few boots or something.
I completely switched off CPU mitigations during initial CoreOS bring-up because I realized that half the CPU cores were being forced offline.
I should figure out if there's a way to enable mitigations and have the extra CPU cores.