Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-12 19:26:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

README.md: List CPU mitigations

Browse Source
This commit is contained in:
raja-grewal 2025-01-21 12:39:06 +00:00 committed by GitHub
parent 15d13a8571
commit 4b1e530674
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -145,6 +145,38 @@ security microcode (BIOS/UEFI) updates must be installed on the system. Furtherm
if using Secure Boot, the Secure Boot Forbidden Signature Database (DBX) must be kept if using Secure Boot, the Secure Boot Forbidden Signature Database (DBX) must be kept
up to date through [UEFI Revocation List](https://uefi.org/revocationlistfile) updates. up to date through [UEFI Revocation List](https://uefi.org/revocationlistfile) updates.
CPU mitigations:
- Disable Simultaneous Multithreading (SMT)
- Spectre Side Channels (BTI and BHI)
- Speculative Store Bypass (SSB)
- L1 Terminal Fault (L1TF)
- Microarchitectural Data Sampling (MDS)
- TSX Asynchronous Abort (TAA)
- iTLB Multihit
- Special Register Buffer Data Sampling (SRBDS)
- L1D Flushing
- Processor MMIO Stale Data
- Arbitrary Speculative Code Execution with Return Instructions (Retbleed)
- Cross-Thread Return Address Predictions
- Speculative Return Stack Overflow (SRSO)
- Gather Data Sampling (GDS)
- Register File Data Sampling (RFDS)
Boot parameters relating to kernel hardening, DMA mitigations, and entropy Boot parameters relating to kernel hardening, DMA mitigations, and entropy
generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg` generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg`
configuration file. configuration file.