I'll stick to Firefox.

What about Firefox helps with this?

It seems not to work on leaky.pages

If someone wonders why the exploit demo page works in spite of mitigations enabled:

Spectre V1 is so-far mitigated only in software. In this case, the software is the web browser. The browser mitigates the vulnerability by enforcing a barrier between insecure javascript sandbox and the rest of the browser. However, this demo uses Spectre V1 to access data which is within the sandbox, not outside it. Meaning, the demo already has sufficient privileges to read leaked data in a usual way , but this demo additionally shows that this data is also readable using Spectre V1. Since the leaked data is a data from the sandbox, the browser doesn't complain.

Of course, in this case there is no breach of privileges, but it is still a demonstation of reading data using Spectre V1.



Wrong. Out-of-order execution is a major contributor to performance, but speculative execution isn't so much, it's just a gain of about 15% for speculative execution.

To make a hardware mitigation for Spectre v1 (and v4, too!), a CPU designer has the following choices:
1. Disable speculative execution, take a 15% performance hit.
2. Disable speculation on loads and stores, take about 7% performance hit.
3. Redesign the L1 cache to be speculation-aware. Takes 3% performance hit and 20% additional transistors in L1. Some engineering effort reqired.

So far, the CPU designers have opted for this option:
4. Don't mitigate, let it be solved by software. About 3% performance hit. Requires recompilation of current software, lots of work from software developers, and additional caution on the side of programmer for every new piece of software written that employs privilege boudaries.

P.S. Let me not surprise you: we live in a fucked-up world.

Since people seem to like that post of mine, here is some more info (I'm an amateur CPU designer).

As far as I know, "verified boot" would be virtually impossible. The problem is that for a verified boot you need a high level of certainty. But, a modern CPU contains billions of transistors, and there is practically no way to figure out, in sufficient detail, how are the transistors connected.

For a back-door, you would only need perhaps a few thousand transistors, maybe tans of thousands.

For "verified boot", you really need an open source architecture, with implementation schematic available and a silicon fab that you trust not to have modified the design.

Oh, and also, the problem is not in the firmware, the problem is if a CPU has an undiscovered security-related bug. Such a bug can easily make the firmware insecure / hackable.

Of course, this gets much worse if big parts of a CPU are undocumented, such as Intel ME / AMD PSP. The ME is worse because it is a multithreaded kernel, PSP is simpler, so less problems, but still a big problem.