OP is wrong about firmware. linux-firmware package is not about mitigating firmware vulnerabilities. It's just blobs for things like nvidia and other stuff.
I don't know if Linux has firmware vulnerability mitigation but if it doesn't then QubesOS is much better because it does prevent a lot of the vulnerabilities by disabling hyperthreading.
CPU vulnerability mitigations would typically be distributed with the intel-microcode package for Intel processors on Debian-based distributions, for example.
OP is wrong about firmware. linux-firmware package is not about mitigating firmware vulnerabilities. It's just blobs for things like nvidia and other stuff. I don't know if Linux has firmware vulnerability mitigation but if it doesn't then QubesOS is much better because it does prevent a lot of the vulnerabilities by disabling hyperthreading.
CPU vulnerability mitigations would typically be distributed with the
intel-microcodepackage for Intel processors on Debian-based distributions, for example.so how much mitigations? I've heard 0. do you know? 1 mitigation? 2?