Whether to allow SMT/hyperthreading. Disabling SMT means that only physical CPU cores will be usable at runtime, potentially at significant performance cost.
The primary motivation for disabling SMT is to mitigate the risk of leaking data between threads running on the same CPU core (due to e.g., shared caches). This attack vector is unproven.
Disabling SMT is a supplement to the L1 data cache flushing mitigation (see ) versus malicious VM guests (SMT could "bring back" previously flushed data).