Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-03 01:14:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #304 from raja-grewal/stop_pstore

Browse source 
Disable PStore
This commit is contained in:
Patrick Schleizer 2025-04-15 15:17:25 -04:00 committed by GitHub
commit 9f2836d2ba
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 28 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
etc/default/grub.d/40_kernel_hardening.cfg
View file

@ -223,6 +223,18 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
##
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ia32_emulation=0"
## Disable EFI persistent storage feature.
## Prevents the kernel from writing crash logs and other persistent data to the EFI variable store.
##
## https://blogs.oracle.com/linux/post/pstore-linux-kernel-persistent-storage-file-system
## https://www.ais.com/understanding-pstore-linux-kernel-persistent-storage-file-system/
## https://lwn.net/Articles/434821/
## https://manpages.debian.org/testing/systemd/systemd-pstore.service.8.en.html
## https://gitlab.tails.boum.org/tails/tails/-/issues/20813
## https://github.com/Kicksecure/security-misc/issues/299
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi_pstore.pstore_disable=1"
## 2. Direct Memory Access:
##
## https://madaidans-insecurities.github.io/guides/linux-hardening.html#dma-attacks