LFS201 - Chapter 11 - /sys/devices/system/cpu/vulnerabilities
Chapter 11 doesn't sound good. Joke aside, there is this folder in the /sys pseudo filesystem:
I wonder if we can use that to check for vulnerability mitigations that are available/active in the running system?
It becomes even more relevant when running the OS in a VM. Some mitigations need to be enabled in the hypervisor to be available to the VM. This would make it easy to see if the hypervisor/VM is correctly configured.
Just an idea.