I have already found the problem. If is check in automatic mode "Enable Simultaneous Multi.Threading (SMT) vulnerabilities are mitigated but works with half the processors or disables MultiThreading. If it is forced (Dangerous) appear the 12 threads.
A question for connoisseurs. If IPFire is hardened and you can’t run / install software not signed by the development team (that’s what I think), how much can Processor vulnerabilities affect?
Based on what I’ve been reading (as I understand it, please correct me if I’m wrong), these vulnerabilities are exploited when malicious software is run / installed on the computer that suffers the vulnerability and accesses memory areas that it shouldn’t. But this shouldn’t happen in IPFire, right?.
This isn’t completely right.
The kernel and the addons are signed, to my opinion. But you can install modules which are interpreted: shell scripts, perl programs, …
These can use the vulnerabilities. Further IPFire is composed of many open source programs, which can’t be checked completely against these. If all parts were hardened/checked for their own, we would not need a hardening of the composed system.
Just my 2c.
You can also build addons and install them locally from the command line. This is what is done when people are testing out the creation of an addon before submitting it to the devs for inclusion in IPFire. There is no signing when you do this as the install is not being done via pakfire but manually from the command line.
If a bad player created a .ipfire addon package which had some additional code in it and someone installed that onto their IPFire then you would have some trojan software running on your system.
That is why the devs say that you should not install a .ipfire package from unknown source onto your IPfire system.
If you build the .ipfire yourself, then you control the source of all code used.
If you install a .ipfire from someone else then you are trusting that person.
There are always ways around things and things change constantly. The trick is to minimise the vulnerabilities as much as possible.