Security Extensions Protection on the SPARC Platform
All SPARC mitigations display in the output of the sxadm status
command, but some are not configurable. The following mitigations are configurable:
-
HW_BTI
-
Hardware BTI Mitigation (
HW_BTI
) mitigates Branch Target Injection, Spectre Variant 2 (https://nvd.nist.gov/vuln/detail/CVE-2017-5715).HW_BTI
is not enabled by default. You must reboot after enabling or disabling it for the changes to take effect. When it is enabled, application performance can slow. -
SSBD
-
Speculative Store Bypass Disable (
SSBD
) mitigates CVE-2018-3639 (https://nvd.nist.gov/vuln/detail/CVE-2018-3639). It restricts loads from speculating around older stores, which mostly affects interpreters such as the JVM and Javascript engines.SSBD
is enabled by default on systems where it is required and supported. When it is enabled, application performance can slow.Note:
The
SSBD
mitigation is implemented differently on the x86 platform. SeeSSBD
in Security Extensions Protection on the x86 Platform.
Tip:
Use the sxadm status
command to display the current status of SPARC mitigations. To change the status, use the ILOM interface, as shown in Setting Host Control and Boot Properties on SPARC Host Server in Oracle ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 4.0.x.