Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-23 09:21:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

update SRBDS mitigation

Browse Source
This commit is contained in:
Raja Grewal 2022-07-19 03:16:08 +10:00
parent c3ebb9160f
commit bfd78a2c06
No known key found for this signature in database
GPG Key ID: E34A5801947020A5
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/default/grub.d/40_cpu_mitigations.cfg
View File

@ -43,9 +43,10 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx=off tsx_async_abort=full,nosmt"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force"
## Enables mitigations for SRBDS to prevent MDS attacks on RDRAND and RDSEED instructions. ## Enables mitigations for SRBDS to prevent MDS attacks on RDRAND and RDSEED instructions.
## Only mitigated through microcode updates from Intel.
## ##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/special-register-buffer-data-sampling.html
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX srbds=on" ## https://access.redhat.com/solutions/5142691
## Enables the prctl interface to prevent leaks from L1D on context switches. ## Enables the prctl interface to prevent leaks from L1D on context switches.
## ##