Linux Desktop Kernel Optimisation

Is anyone interested in building good kernel config optimized for desktop systems/notebooks?

Right now, I am configuring 5.6.x kernel for Dell XPS 7390 2 in 1 in 1065g7 Ice lake CPU, and trying to find complete info of what spectre/meltdown can be safely disabled on new Intel CPU via kernel config or cmdline. Also I am planning to benchmark my config version with Phoronix Test Suite to see “objective” results comparing with native clear linux kernel builds.

The problem with what you’re doing is potentially insecure: If you use e.g. a browser, you are likely executing untrusted (web) code, and might possibly be vulnerable to unforeseen side channel attacks.

I would caution against making statements that would put “desktop use” in a classification that ignores side channel attacks. I would definitely write some clear disclaimers that your kernel disables security protections.

There are some valid use cases for something like this - e.g. airgapped computers. But I would caution against it for any network connected computer.

Yes, I fully understand you concern about security but I am searching for kernel flags that can be disabled safely because servers(where different users can run code ) and desktops where is one primary user are so different in security approach. Most of the side channels attacks from browsers are already solved likes this https://www.chromium.org/Home/chromium-security/ssca or https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/

Also I want to disable security patches that are not affecting my CPU(new CPU).
“Ice Lake with its Sunny Cove microarchitecture – similar to Cascade Lake – is no longer affected by Meltdown, MDS, or L1TF / Foreshadow.”