Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-25 13:35:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add info on DBX updates via the UEFI Revocation List

Browse source
This commit is contained in:
raja-grewal 2025-01-21 12:36:04 +00:00 committed by GitHub
parent f1b6bff30b
commit 15d13a8571
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -138,9 +138,12 @@ configuration file and significant hardening is applied to a myriad of component
Mitigations for known CPU vulnerabilities are enabled in their strictest form
and simultaneous multithreading (SMT) is disabled. See the
`/etc/default/grub.d/40_cpu_mitigations.cfg` configuration file. Note, to achieve
complete protection for known CPU vulnerabilities, the latest security microcode
(BIOS/UEFI) updates must also be installed on the system.
`/etc/default/grub.d/40_cpu_mitigations.cfg` configuration file.
Note, to achieve complete protection for known CPU vulnerabilities, the latest
security microcode (BIOS/UEFI) updates must be installed on the system. Furthermore,
if using Secure Boot, the Secure Boot Forbidden Signature Database (DBX) must be kept
up to date through [UEFI Revocation List](https://uefi.org/revocationlistfile) updates.
Boot parameters relating to kernel hardening, DMA mitigations, and entropy
generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg`