mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 09:59:25 -05:00
Merge spectre mitigations
This commit is contained in:
parent
965c8641fd
commit
de4f4be947
@ -10,10 +10,11 @@
|
||||
## Enable known mitigations for CPU vulnerabilities and disable SMT.
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto,nosmt"
|
||||
|
||||
## Enable mitigations for Spectre variant 2 (indirect branch speculation).
|
||||
## Enable mitigations for both Spectre Variant 2 (indirect branch speculation)
|
||||
## and Intel branch history injection (BHI) vulnerabilities.
|
||||
##
|
||||
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on"
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on spectre_bhi=on"
|
||||
|
||||
## Disable Speculative Store Bypass.
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"
|
||||
@ -74,8 +75,3 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
|
||||
## This default will used until provided sufficient evidence to modify.
|
||||
##
|
||||
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html
|
||||
|
||||
## Enables mitigation of Branch History Injection vulnerabilities on Intel CPUs.
|
||||
##
|
||||
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html
|
||||
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_bhi=on"
|
||||
|
Loading…
Reference in New Issue
Block a user