Security Extensions Protection on the SPARC Platform

All SPARC mitigations display in the output of the sxadm status command, but some are not configurable. The following mitigations are configurable:

HW_BTI

Hardware BTI Mitigation (HW_BTI) mitigates Branch Target Injection, Spectre Variant 2 (https://nvd.nist.gov/vuln/detail/CVE-2017-5715). HW_BTI is enabled by default. You must reboot after enabling or disabling it for the changes to take effect. When enabled, some applications might experience lower performance.

SSBD

Speculative Store Bypass Disable (SSBD) mitigates CVE-2018-3639 (https://nvd.nist.gov/vuln/detail/CVE-2018-3639). It restricts loads from speculating around older stores, which mostly affects interpreters such as the JVM and Javascript engines. SSBD is enabled by default on systems where it is required and supported. When enabled, some applications might experience lower performance.

Note:

The SSBD mitigation is implemented differently on the x86 platform. See SSBD in Security Extensions Protection on the x86 Platform.

Tip:

Use the sxadm status command to display the current status of SPARC mitigations. To change the status, use the ILOM interface, as shown in Setting Host Control and Boot Properties on SPARC Host Server in Oracle ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 4.0.x.