Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-25 18:59:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'github-kicksecure/master'

Browse Source
This commit is contained in:
Patrick Schleizer 2023-12-04 11:01:02 -05:00
commit e83c1d7ed6
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
etc/default/grub.d/40_enable_iommu.cfg
View File

@ -2,7 +2,7 @@
## See the file COPYING for copying conditions.
## Enables IOMMU to prevent DMA attacks.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=on"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=force_enable"
## Disable the busmaster bit on all PCI bridges during very
## early boot to avoid holes in IOMMU.
@ -14,4 +14,4 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"
## Enables strict enforcement of IOMMU TLB invalidation so devices will never be able to access stale data contents
## https://github.com/torvalds/linux/blob/master/drivers/iommu/Kconfig#L97
## Page 11 of https://lenovopress.lenovo.com/lp1467.pdf
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu.passthrough=0 iommu.strict=1"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu=force iommu.passthrough=0 iommu.strict=1"