Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2025-08-09 14:52:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'PrivSec-dev:main' into pr-typos

Browse source
This commit is contained in:
samsepi0l 2023-12-08 23:52:45 +01:00 committed by GitHub
commit 237d68296d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/posts/linux/Desktop Linux Hardening.md
View file

@ -320,7 +320,7 @@ Further reading:
##### DMA mitigations
```
intel_iommu=on amd_iommu=on efi=disable_early_pci_dma iommu.passthrough=0 iommu.strict=1
intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1
```
[Direct memory access (DMA) attacks](https://en.wikipedia.org/wiki/DMA_attack) can be mitigated via IOMMU and [disabling certain kernel modules](#kernel-modules). Furthermore, [strict enforcement of IOMMU TLB invalidation](https://github.com/Kicksecure/security-misc/blob/master/etc/default/grub.d/40_enable_iommu.cfg) should be applied so devices will never be able to access stale data contents.