Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-10-01 00:55:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
308 Commits 1 Branch 0 Tags 1.8 MiB
a954a4a024
Commit Graph

8 Commits

Author SHA1 Message Date
Daniel Micay
d44a316624 disable 32-bit support via kernel line 
This is now supported in mainline and will be available in Linux 6.7. It
will be a while before we have it in production due to using the latest
LTS branch, but it might as well be set up in advance.

We currently have SystemCallArchitectures=native in the systemd
configuration to disallow 32-bit system calls via seccomp-bpf.
 2024-01-03 11:10:07 -05:00
Daniel Micay
3dfbd4e777 add init_on_free=1 for non-hardened kernels 2023-01-23 21:34:33 -05:00
Daniel Micay
67de376313 add slab_nomerge for non-hardened kernels 2023-01-15 14:34:44 -05:00
Daniel Micay
7b3111deb6 update grub configuration 2022-11-16 22:49:10 -05:00
Daniel Micay
74933df9cc set preempt=none for PREEMPT_DYNAMIC kernels 2022-08-07 19:26:29 -04:00
Daniel Micay
d7323bacba set lockdown to confidentiality mode 2022-08-01 01:47:22 -04:00
Daniel Micay
4a732879f3 update grub configuration 2022-03-16 22:56:06 -04:00
Daniel Micay
98ca37290a grub configuration for legacy boot 2021-09-08 03:30:41 -04:00