Merge pull request #56 from HulaHoop0/patch-1

kvm.nx_huge_pages=force
This commit is contained in:
Patrick Schleizer 2020-02-04 05:24:05 +00:00 committed by GitHub
commit 024576e330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -54,6 +54,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=full,force"
## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17 ## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force"
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html#mitigation-control-on-the-kernel-command-line-and-kvm-module-parameter
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force"
## Vsyscalls are obsolete, are at fixed addresses and are a target for ROP. ## Vsyscalls are obsolete, are at fixed addresses and are a target for ROP.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"