You mentioned the base CPU not having HW speculative execution mitigations (which I also would consider worth a CPU upgrade to get), but not having virtualization is a much bigger limitation, in my view, and you didn't mention that, so I did.
You mentioned the base CPU not having HW speculative execution mitigations (which I also would consider worth a CPU upgrade to get), but not having virtualization is a much bigger limitation, in my view, and you didn't mention that, so I did.