From 8107782fa54ec0e21893e6bd4a6baabb71eb864b Mon Sep 17 00:00:00 2001 From: raja-grewal Date: Fri, 8 Nov 2024 15:36:04 +1100 Subject: [PATCH] Enable `ssbd=force-on` --- etc/default/grub.d/40_cpu_mitigations.cfg | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg index e426673..1b900c0 100644 --- a/etc/default/grub.d/40_cpu_mitigations.cfg +++ b/etc/default/grub.d/40_cpu_mitigations.cfg @@ -47,10 +47,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_bhi=on" ## Disable Speculative Store Bypass (Spectre Variant 4). +## Unconditionally enable mitigation for both kernel and userspace. ## ## https://www.suse.com/support/kb/doc/?id=000019189 ## GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on" +GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ssbd=force-on" ## Enable mitigations for the L1TF vulnerability through disabling SMT ## and L1D flush runtime control.