@marcan Fantastic. We'll make sure the gofetch page gets updated and points here.
We will also need to test on the M1 since thats where the majority of our RE work is solid and we've tested. (Our original discussions with Apple only covered the M1, so I'm very curious if there is a difference)
Also interesting that you see it disabled in kernel mode. That would confirm my suspicions about why they don't set DIT in anything but EL0 in CoreCrypto (https://github.com/apple-oss-distributions/xnu/blob/94d3b452840153a99b38a3a9659680b2a006908e/osfmk/corecrypto/cc_internal.h and so on).
(And credit for the userspace PoCs belongs to the phd students actually doing all the work!)
@marcan If anyone has the infrastructure, I'm curious if this reaches back to the A14. (We know the A14 has the DMP from the prefetchers.info project, but I don't have the testing infrastructure to check for chicken bits on it!)