Hi everyone. I'm finally trying to set up a test instance of IronClaw on an older Intel NUC I have, following the official deployment guide. I've gotten through the basic Docker Compose setup, but I'm stuck on the hardware-specific mitigation part.
The docs mention that for my CPU (it's an i5-8259U), I need to ensure the Spectre-v1 (Bounds Check Bypass) microcode updates are applied and the correct kernel parameters are set. I think I've updated the microcode via the `intel-microcode` package on Ubuntu 22.04, but I'm not totally sure how to verify it's active for the enclave components.
Also, the guide says to add `nospec_store_bypass_disable` to the kernel command line, but some older forum posts mention `spec_store_bypass_disable=seccomp`. I'm feeling a bit anxious about applying the wrong setting and either leaving the enclave vulnerable or breaking its functionality.
Could someone walk me through:
1. A surefire way to check the active microcode version relative to Spectre-v1 mitigations?
2. The current recommended kernel parameter for IronClaw's enclave security on a Coffee Lake CPU like mine?
I want to make sure my test bed is as secure as possible before I try loading any sensitive data into it. Sorry if these are basic questions!