mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 06:59:25 -05:00
commit
024576e330
@ -54,6 +54,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=full,force"
|
||||
## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force"
|
||||
|
||||
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html#mitigation-control-on-the-kernel-command-line-and-kvm-module-parameter
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force"
|
||||
|
||||
## Vsyscalls are obsolete, are at fixed addresses and are a target for ROP.
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user