From bfd78a2c06153ebadfee39190055edf0a13958f4 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Tue, 19 Jul 2022 03:16:08 +1000
Subject: [PATCH] update SRBDS mitigation

---
 etc/default/grub.d/40_cpu_mitigations.cfg | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index 7eb5875..4537871 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -43,9 +43,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx=off tsx_async_abort=full,nosmt"
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force"
 
 ## Enables mitigations for SRBDS to prevent MDS attacks on RDRAND and RDSEED instructions.
+## Only mitigated through microcode updates from Intel.
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX srbds=on"
+## https://access.redhat.com/solutions/5142691
 
 ## Enables the prctl interface to prevent leaks from L1D on context switches.
 ##