Comment 14 for bug 2031093

Whether the automatic mitigation strategy or manual kernel command line configuration has decided to stop using AVX, outcome appears indistinguishable: GnuTLS break just the same.

Keywords:
clearcpuid=156 clearcpuid=avx (same, just more readable on 5.19+)
setup_clear_cpu_cap(X86_FEATURE_AVX)
CONFIG_GDS_FORCE_MITIGATION
GDS_MITIGATION_FORCE
/sys/devices/system/cpu/vulnerabilities/gather_data_sampling: Mitigation: AVX disabled, no microcode
dmesg: Microcode update needed! Disabling AVX as mitigation.

Workaround: The broken GnuTLS feature can be disabled by adding GNUTLS_CPUID_OVERRIDE=0x1 to the environment of the respective shell or service.