Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-12 17:36:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

README.md: List CPU mitigations

Browse Source
This commit is contained in:
raja-grewal 2025-01-21 12:39:06 +00:00 committed by GitHub
parent 15d13a8571
commit 4b1e530674
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -145,6 +145,38 @@ security microcode (BIOS/UEFI) updates must be installed on the system. Furtherm
if using Secure Boot, the Secure Boot Forbidden Signature Database (DBX) must be kept
up to date through [UEFI Revocation List](https://uefi.org/revocationlistfile) updates.
CPU mitigations:
- Disable Simultaneous Multithreading (SMT)
- Spectre Side Channels (BTI and BHI)
- Speculative Store Bypass (SSB)
- L1 Terminal Fault (L1TF)
- Microarchitectural Data Sampling (MDS)
- TSX Asynchronous Abort (TAA)
- iTLB Multihit
- Special Register Buffer Data Sampling (SRBDS)
- L1D Flushing
- Processor MMIO Stale Data
- Arbitrary Speculative Code Execution with Return Instructions (Retbleed)
- Cross-Thread Return Address Predictions
- Speculative Return Stack Overflow (SRSO)
- Gather Data Sampling (GDS)
- Register File Data Sampling (RFDS)
Boot parameters relating to kernel hardening, DMA mitigations, and entropy
generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg`
configuration file.