Hi folks, As part of our work on the Safeside project (https://github.com/google/safeside), we've seen a few AArch64 platforms that don't have firmware support for mitigating Spectre V2 (branch target injection). In particular, on those systems, we believe the speculated targets of indirect branches in kernel code could potentially be controlled by userspace code. We've also tested the behavior of return stack predictors -- on those same platforms, and on other AArch64 CPUs -- and found that they seem to work in a way that would enable a Retpoline-style construction where we can depend on the return stack predictor to "win" over the branch target predictor. Implementing something like this would allow us to protect more code from Spectre V2 vulnerabilities. We'd like to get a firmer idea about the feasibility of this approach and gauge interest in working on the implementation. Kristof: would anyone at ARM be interested in contributing Retpolines for AArch64?