Enable known mitigations for CPU vulnerabilities and disable SMT

etc/default/grub.d/40_cpu_mitigations.cfg

@@ -7,6 +7,9 @@
 ## https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
 ## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647
 
+## Enable known mitigations for CPU vulnerabilities and disable SMT.
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto,nosmt"
+
 ## Enable mitigations for Spectre variant 2 (indirect branch speculation).
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html