Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-05 11:04:14 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into arraybolt3/emerg-shutdown

Browse source
This commit is contained in:
Aaron Rainbolt 2025-07-27 21:43:43 -05:00
commit a1d1c56033
No known key found for this signature in database
GPG key ID: A709160D73C79109
4 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -177,6 +177,8 @@ CPU mitigations:
- Register File Data Sampling (RFDS)
- Indirect Target Selection (ITS)
Boot parameters relating to kernel hardening, DMA mitigations, and entropy
generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg`
configuration file.

28
changelog.upstream
View file

@ -1,3 +1,31 @@
commit 36114e29a2ce1045b5f5d82372fcf0463efc5ca7
Merge: e3ce9c3 f851886
Author: Patrick Schleizer <adrelanos@whonix.org>
Date: Mon Jul 21 06:00:11 2025 -0400
Merge remote-tracking branch 'github-kicksecure/master'
commit f851886ffd0fc82ba0b0add501964d1c812c6c15
Merge: e3ce9c3 6f9763f
Author: Patrick Schleizer <adrelanos@whonix.org>
Date: Mon Jul 21 05:58:44 2025 -0400
Merge pull request #310 from raja-grewal/its
Enable `indirect_target_selection=force`
commit 6f9763f525097b8f8ad5f9864c1694a2642e1bd6
Author: raja-grewal <rg_public@proton.me>
Date: Sat Jul 19 05:19:27 2025 +0000
Enable `indirect_target_selection=force`
commit e3ce9c38c5b241f789945de7229c0ee15fa0a266
Author: Patrick Schleizer <adrelanos@whonix.org>
Date: Wed Jul 2 20:52:17 2025 +0000
bumped changelog version
commit b06fb5428051518390439ce95c9d6894e6338951
Merge: 115b6f6 468cf40
Author: Patrick Schleizer <adrelanos@whonix.org>

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
security-misc (3:46.4-1) unstable; urgency=medium
* New upstream version (local package).
-- Patrick Schleizer <adrelanos@whonix.org> Mon, 21 Jul 2025 10:00:25 +0000
security-misc (3:46.3-1) unstable; urgency=medium
* New upstream version (local package).

8
etc/default/grub.d/40_cpu_mitigations.cfg
View file

@ -187,3 +187,11 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=force"
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/reg-file-data-sampling.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"
## Indirect Target Selection (ITS):
## Mitigate the vulnerability by not allowing indirect branches in the lower half of the cacheline.
## Currently affects Intel CPUs.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/indirect-target-selection.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX indirect_target_selection=force"