Is more work to be done? I guess the question I should ask is in what release of RELEASE will FreeBSD be fully patched?
Yes, there is probably more work to be done. Trampolines have not been mentioned in the revision note, only table isolation.
I guess this is the reason why FreeBSD didn't publicly announce that kernel revision as "fix" like OpenBSD and Linux, where trampolines and retpolines are already implemented.
Furthermore, there are at least two serious bugs in the FreeBSD microcode uploader.
I will do some PRs at the weekend, as my attempt to alert the devs via mailing list was unsuccessful.
There I will also post a patch for the first of these bugs which is very simple (fix use of uninitialized register).
The second bug involves incorrect usage of reserved register bits, would require larger changes in devcpu-data, of which I am not in the mood to do, as devcpu-data is obsolete anyway due to Intel's microcode file format change. Personally I'll use
my own updater which uses the new microcode format and doesn't have these bugs.
(As long as Intel still provides the microcodes in the legacy format in addition to the new format, devcpu-data can still be used).