Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-03 02:44:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add info on DBX updates via the UEFI Revocation List

Browse source
This commit is contained in:
raja-grewal 2025-01-21 12:36:04 +00:00 committed by GitHub
parent f1b6bff30b
commit 15d13a8571
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
etc/default/grub.d/40_cpu_mitigations.cfg
View file

@ -26,6 +26,13 @@
## Note that incorrectly performing system BIOS/UEFI updates can potentially lead to serious functionality issues.
## The parameters below only provide (partial) protection at both the kernel and user space level.
## If using Secure Boot, users must also ensure the Secure Boot Forbidden Signature Database (DBX) is up to date.
## The UEFI Revocation List contains signatures of now revoked firmware and software used in booting systems.
## If using compatible hardware, the database can be updated directly in user space using fwupd.
## Note that incorrectly performing DBX updates can potentially lead to serious functionality issues.
## https://uefi.org/revocationlistfile
## https://github.com/fwupd/fwupd
## Enable a subset of known mitigations for some CPU vulnerabilities and disable SMT.
##
## KSPP=yes