diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index d1b2038..ec26311 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -9,3 +9,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
 
 # Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
+
+# Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
+
+# Disables smt which can be used to exploit the MDS vulnerability.
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt"
+
+# Enables all mitigations for the MDS vulnerability.
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full"