Has anyone tested whether Morello is less vulnerable for microarchitectural attacks than the original core on which Morello is based?
According to UCAM-CL-TR-916, CHERI might mitigate some of these attacks.
There will almost certainly be some interplay with microarchitectural issues that affect performance and are due to Morello being a first-generation implementation done on a compressed timeline by retrofitting CHERI to an existing microarchitecture without wanting to disrupt its design. I would suggest you read https://ctsrd-cheri.github.io/morello-early-performance-results/ if you wish to learn about more of these, as the branch prediction and data dependence aspects are likely to affect the behaviour of speculation-based attacks. This also makes any resistance analysis of Morello even less meaningful for a real commercial product, as it is unlikely that the same limitations would exist in such a second-generation (or later) product and would instead have quite different speculative behaviour, so it's hard to see how one could extrapolate from it.