From 8df0b5fee1f8ead04fa3e9b88036a33ed64f7ba8 Mon Sep 17 00:00:00 2001 From: Otto Bittner Date: Mon, 28 Aug 2023 14:56:51 +0200 Subject: [PATCH] image: enable smt Disabling SMT inside the image creates problems on AWS. If we need nosmt there is a cpu option available on AWS. SMT should not affect AMD CPUs. Enabling SMT could be a problem if we assume trusted and untrusted code inside the same CVM. But this is not our threat model. --- image/mkosi.conf.d/mkosi.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/mkosi.conf.d/mkosi.conf b/image/mkosi.conf.d/mkosi.conf index c10c03354..13a105bf8 100644 --- a/image/mkosi.conf.d/mkosi.conf +++ b/image/mkosi.conf.d/mkosi.conf @@ -6,7 +6,7 @@ Release=38 Format=disk ManifestFormat=json,changelog Bootable=yes -KernelCommandLine=mitigations=auto,nosmt preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 console=ttyS0 +KernelCommandLine=mitigations=auto preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 console=ttyS0 SplitArtifacts=yes # Enable Secure Boot with own PKI SecureBoot=yes