Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-15 17:49:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

Enable known mitigations for CPU vulnerabilities and disable SMT

Browse source
This commit is contained in:
raja-grewal 2024-01-29 12:58:14 +00:00 committed by GitHub
parent 4231155efa
commit 4509a5fc95
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
etc/default/grub.d/40_cpu_mitigations.cfg
View file

@ -7,6 +7,9 @@
## https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html ## https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647 ## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647
## Enable known mitigations for CPU vulnerabilities and disable SMT.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto,nosmt"
## Enable mitigations for Spectre variant 2 (indirect branch speculation). ## Enable mitigations for Spectre variant 2 (indirect branch speculation).
## ##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html