Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-22 12:50:41 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'github-kicksecure/master'

Browse source
This commit is contained in:
Patrick Schleizer 2025-07-21 06:00:11 -04:00
commit 36114e29a2
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -177,6 +177,8 @@ CPU mitigations:
- Register File Data Sampling (RFDS)
- Indirect Target Selection (ITS)
Boot parameters relating to kernel hardening, DMA mitigations, and entropy
generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg`
configuration file.

8
etc/default/grub.d/40_cpu_mitigations.cfg
View file

@ -187,3 +187,11 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=force"
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/reg-file-data-sampling.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"
## Indirect Target Selection (ITS):
## Mitigate the vulnerability by not allowing indirect branches in the lower half of the cacheline.
## Currently affects Intel CPUs.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/indirect-target-selection.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX indirect_target_selection=force"