From dddac1dc4015a28fc6b12244809685295272edd1 Mon Sep 17 00:00:00 2001 From: Raja Grewal Date: Sat, 11 May 2024 13:15:42 +1000 Subject: [PATCH] Update README.md --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e47754f..c774837 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,9 @@ configuration file. - Set coredump file name based on core_pattern value instead of the default of naming it 'core'. +- Will disable `io_uring` interface for performing asynchronous I/O as it has + historically been a significant attack surface. + ### mmap ASLR - The bits of entropy used for mmap ASLR are maxed out via @@ -89,7 +92,7 @@ Boot parameters are outlined in configuration files located in the - Enables randomisation of the kernel stack offset on syscall entries. -- All mitigations for known CPU vulnerabilities are enabled and SMT is +- Mitigations for known CPU vulnerabilities are enabled and SMT is disabled. - IOMMU is enabled to prevent DMA attacks along with strict enforcement of @@ -169,6 +172,9 @@ surface via the `/etc/modprobe.d/30_security-misc.conf` configuration file. Engine (ME)](https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html) and the OS. +- Disables several kernel modules responsible for GPS such as GNSS (Global + Navigation Satellite System). + - Incorporates much of [Ubuntu's](https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d?h=ubuntu/disco) default blacklist of modules to be blocked from automatically loading.