Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-28 07:30:53 -05:00
Code Issues Projects Releases Packages Wiki Activity

Enable vmscape=force

Browse source
This commit is contained in:
raja-grewal 2025-09-13 03:41:59 +00:00 committed by GitHub
parent d262db2e6c
commit 21c605e27e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
etc/default/grub.d/40_cpu_mitigations.cfg
View file

@ -195,3 +195,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/indirect-target-selection.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX indirect_target_selection=force"
## VMScape:
## Mitigate the vulnerability by flushing branch predictors before returning to userspace when exiting guests.
## Comprehensive protection may also require disabling SMT to limit cross-thread attacks.
## Currently affects both AMD and Intel CPUs.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/vmscape.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vmscape=force"