CONFIG_DISABLE_SSBD

Disable Speculative Store Bypass

Type: bool

Help

This option will disable Speculative Store Bypass in order to
mitigate against certain kinds of side channel attacks.  Quoting
the "Speculative Execution Side Channels" document, version 2.0:

    When SSBD is set, loads will not execute speculatively
    until the addresses of all older stores are known.  This
    ensure s that a load does not speculatively consume stale
    data values due to bypassing an older store on the same
    logical processor.

If enabled, this applies to all threads in the system.

Even if enabled, will have no effect on CPUs that do not
require this feature.

Direct dependencies

USERSPACE && X86

(Includes any dependencies from ifs and menus.)

Default

• y if !X86_NO_SPECTRE_V4

Kconfig definition

At <Zephyr Architecture>/x86/Kconfig:432

Included via Kconfig:8 → Kconfig.zephyr:39 → <Zephyr Architecture>/Kconfig:12

Menu path: (Top) → X86 Architecture Options

config DISABLE_SSBD
    bool "Disable Speculative Store Bypass"
    default y if !X86_NO_SPECTRE_V4
    depends on USERSPACE && X86
    help
      This option will disable Speculative Store Bypass in order to
      mitigate against certain kinds of side channel attacks.  Quoting
      the "Speculative Execution Side Channels" document, version 2.0:

          When SSBD is set, loads will not execute speculatively
          until the addresses of all older stores are known.  This
          ensure s that a load does not speculatively consume stale
          data values due to bypassing an older store on the same
          logical processor.

      If enabled, this applies to all threads in the system.

      Even if enabled, will have no effect on CPUs that do not
      require this feature.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)