mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-06-14 07:49:12 -04:00
Set erst_disable
This commit is contained in:
raja-grewal
GitHub
parent
341dce33fb
commit
a1bde21ccb
2 changed files with 6 additions and 3 deletions
|
|
@ -226,8 +226,8 @@ Kernel space:
|
|||
- Optional - Disable support for all x86 processes and syscalls (when using Linux kernel >= 6.7)
|
||||
to reduce attack surface.
|
||||
|
||||
- Disable EFI persistent storage feature, preventing the kernel from writing crash logs and
|
||||
other persistent data to the EFI variable store.
|
||||
- Disable the EFI persistent storage feature which prevents the kernel from writing crash logs
|
||||
and other persistent data to either the UEFI variable storage or ACPI ERST backends.
|
||||
|
||||
Direct memory access:
|
||||
|
||||
|
|
|
|||
|
|
@ -224,7 +224,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
|
|||
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ia32_emulation=0"
|
||||
|
||||
## Disable EFI persistent storage feature.
|
||||
## Prevents the kernel from writing crash logs and other persistent data to the EFI variable store.
|
||||
## Disable Error Record Serialization Table (ERST) support as a form of defense-in-depth.
|
||||
## Prevents the kernel from writing crash logs and other persistent data to the storage backend.
|
||||
## Both the UEFI variable storage and ACPI ERST backends are inactivated.
|
||||
##
|
||||
## https://blogs.oracle.com/linux/post/pstore-linux-kernel-persistent-storage-file-system
|
||||
## https://www.ais.com/understanding-pstore-linux-kernel-persistent-storage-file-system/
|
||||
|
|
@ -234,6 +236,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
|
|||
## https://github.com/Kicksecure/security-misc/issues/299
|
||||
##
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi_pstore.pstore_disable=1"
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX erst_disable"
|
||||
|
||||
## 2. Direct Memory Access:
|
||||
##
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue