pfSense

With the constellation of tunable workarounds for hardware-based security bugs, it might be helpful to build a table of switches (much like the current toggle for Kernel PTI) that allow firewall admins to easily see/toggle individual workarounds to manage risk vs. performance. Most of these bugs don't directly affect a generic firewall, but if, for example, a firewall is hosting SSH login users, the risk increases. These are easily settable via sysctl or the advanced/tunable interface, but for auditing purposes having a GUI might be nice.

From the thread:
https://forum.netgate.com/topic/135653/xg-1537-coreboot-update-issue/6