From 1122b3402c0856a087415d7ba1a313048b7e3eea Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Wed, 1 May 2024 13:50:42 +1000
Subject: [PATCH] GDS mitigation for CPUs

---
 etc/default/grub.d/40_cpu_mitigations.cfg | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index 49c200e..029db6d 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -78,3 +78,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
 ## This default will used until provided sufficient evidence to modify.
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html
+
+## Mitigates Gather Data Sampling (GDS) vulnerability.
+## Note for systems that have not received a suitable microcode update this will
+## entirely disable use of the AVX instructions set.
+##
+## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/gather_data_sampling.html
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=force"