From 493576836c90653f9c3514fcd5b3bf816e56d689 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Fri, 12 Apr 2024 00:17:06 +1000
Subject: [PATCH] BHI mitigation on Intel CPUs

---
 etc/default/grub.d/40_cpu_mitigations.cfg | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index 9bd9fc5..667480e 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -75,3 +75,8 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html
 
+## Enables mitigation of Branch History Injection vulnerabilities on Intel CPUs.
+##
+## https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2bb69f5fc72183e1c62547d900f560d0e9334925
+## TODO: update the above link with better alternative when possible
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_bhi=on"