Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-02 13:26:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

Set erst_disable

Browse source
This commit is contained in:
raja-grewal 2025-05-17 04:41:06 +00:00 committed by GitHub
parent 341dce33fb
commit a1bde21ccb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
etc/default/grub.d/40_kernel_hardening.cfg
View file

@ -224,7 +224,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ia32_emulation=0"
## Disable EFI persistent storage feature.
## Prevents the kernel from writing crash logs and other persistent data to the EFI variable store.
## Disable Error Record Serialization Table (ERST) support as a form of defense-in-depth.
## Prevents the kernel from writing crash logs and other persistent data to the storage backend.
## Both the UEFI variable storage and ACPI ERST backends are inactivated.
##
## https://blogs.oracle.com/linux/post/pstore-linux-kernel-persistent-storage-file-system
## https://www.ais.com/understanding-pstore-linux-kernel-persistent-storage-file-system/
@ -234,6 +236,7 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
## https://github.com/Kicksecure/security-misc/issues/299
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi_pstore.pstore_disable=1"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX erst_disable"
## 2. Direct Memory Access:
##