Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 22:56:46 -05:00
Code Issues Projects Releases Packages Wiki Activity

Update docs on pti=on

Browse source
This commit is contained in:
raja-grewal 2025-11-03 04:31:59 +00:00 committed by GitHub
parent 5e87c9bea4
commit 322584db33
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -208,8 +208,8 @@ Kernel space:
- Enable the kernel page allocator to randomize free lists to limit some data
exfiltration and ROP attacks, especially during the early boot process.
- Enable kernel page table isolation to increase KASLR effectiveness and also
mitigate the Meltdown CPU vulnerability.
- Enable kernel page table isolation on X86_64 CPUs to increase KASLR effectiveness
and also mitigate the Meltdown CPU vulnerability.
- Enable randomization of the kernel stack offset on syscall entries to harden
against memory corruption attacks.

4
etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
View file

@ -83,8 +83,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_free=1"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_alloc.shuffle=1"
## Enable kernel page table isolation to harden against kernel ASLR (KASLR) bypasses.
## Mitigates the Meltdown CPU vulnerability.
## Mitigates the Meltdown (Spectre Variant 3) CPU vulnerability.
## Mitigations for ARM64 CPUs are done in /etc/default/grub.d/40_cpu_mitigations.cfg using "kpti=1".
##
## https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
## https://en.wikipedia.org/wiki/Kernel_page-table_isolation
##
## KSPP=yes