diff --git a/_includes/sections/operating-systems.html b/_includes/sections/operating-systems.html index 17700fbf..9dc6d511 100644 --- a/_includes/sections/operating-systems.html +++ b/_includes/sections/operating-systems.html @@ -41,6 +41,33 @@ tor="http://sejnfjrq6szgca7v.onion"
This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily. MacOS users check How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support.
+ +When running a enough recent kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/*
. By using tail -n +1
instead of cat
, the file names are also visible.
+ In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the tail
command. To mitigate this, disable hyper-threading from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports /etc/default/grub.d/
:
+
sudo mkdir /etc/default/grub.d/
to create a directory for additional grub configurationecho GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt" | sudo tee /etc/default/grub.d/mds.conf
to create a new grub config file source with the echoed contentsudo grub-mkconfig -o /boot/grub/grub.cfg
to generate a new grub config file including this new kernel boot flagsudo reboot
to reboottail -n +1 /sys/devices/system/cpu/vulnerabilities/*
again to see that MDS now says "SMT disabled."