Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #56 from HulaHoop0/patch-1

Browse Source 
kvm.nx_huge_pages=force
This commit is contained in:
Patrick Schleizer 2020-02-04 05:24:05 +00:00 committed by GitHub
commit 024576e330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -54,6 +54,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=full,force"
## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force"
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html#mitigation-control-on-the-kernel-command-line-and-kvm-module-parameter
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force"
## Vsyscalls are obsolete, are at fixed addresses and are a target for ROP.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"