[back]

Improving performance for older Intel CPU's using kernel parameters

Tags:
linux guide
Trading security for performance! How could this possibly go wrong?

Introduction

Physical hardware can be exploited for security vulnerabilities just like software.

However, the issue is: A patch on something like the CPU that is so integral to the general performance of your machine can lead to noticeable performance losses over time.

Well perhaps the performance losses aren’t noticeable, but they are there, I promise you.

This is a short post on how to revert these patches and speed up your Intel CPU!

This involves adjusting your kernel parameters to disable security mitigation’s (mitigations=off)

Warnings

  • What I am about to show you will make your system more vulnerable to specific vectors of attack. But from my knowledge, they are quite unlikely to affect a personal machine.
  • This guide requires you to adjust the Linux kernel parameters, don’t do this if you’re inexperienced! Recovering the machine may end up being painful and long if you don’t know what you are doing, and also very scary 👻.
  • I am not an expert on kernel configuration, I am just sharing information I have found and obviously I am not responsible for what occurs on your machine!

Some preparation

  • You need to know how to actually edit your grub configuration file.
  • I use the grub-mkconfig script to generate a new grub configuration file after I edit the one stored in /etc/default/grub.
  • Please figure out the process to do this for your own machine before doing anything else. You definitely do not want to edit the wrong thing and for grub to malfunction.

Modifying your kernel parameters

Okay lets stop messing around with all of the lame “warnings” and “important information”. I’m sure you are itching to get started.

  • Open your grub configuration file using vim or some other terminal text editing program.
    • Note: You should open this with root privileges.
    • The command I used: sudoedit /etc/default/grub
  • Locate the line in the file that contains the variable:
    GRUB_CMDLINE_LINUX_DEFAULT="blah blah blah"
  • Append mitigations=off to it.
    • Ensure it is within the quotes.
    • For example, it looks like this for me:
      GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet mitigations=off
  • Now you can save the file, and reboot!