Using the Hardware Vulnerability feature tells me that my new MZ10 / J6412 processor has no microcode mitigation against CVE-2020-0543.
Reading the Intel web site at Special Register Buffer Data Sampling / CVE-2020-0543 / INTEL-SA-00232 suggests that this vulnerability would exist only for malicious code run on the processor itself. Given the device’s sole duty in silicon life is and will continue to be to run IPfire, I consider that this vulnerability can be ignored to the same extent that IPfire is secure.
If someone disagrees, please advise the further risk you identify.
Agreed, however If another vulnerability exists (like a 0 days exploit) that allows running arbitrary code on the CPU or within a virtual machine running in IPFire, it could bypass any security measures in place and potentially compromise the system. This would be a significant concern as it could lead to unauthorized access, data breaches, or other malicious activities. I would suggest to reduce the surfice of attack as much as possible.
I would run ONLY the firewall on that CPU. Anything else, should run on an another machine behind the firewall.