security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00

Author	SHA1	Message	Date
raja-grewal	1122b3402c	GDS mitigation for CPUs	2024-05-01 13:50:42 +10:00
raja-grewal	c002bd62e8	Clarify use of `mitigations=auto`	2024-05-01 13:49:34 +10:00
raja-grewal	d89d7e8ef8	Add reference for RETBleed	2024-05-01 13:49:00 +10:00
raja-grewal	015dcc4212	Add reference for SSB	2024-05-01 13:48:13 +10:00
raja-grewal	de4f4be947	Merge spectre mitigations	2024-05-01 13:47:40 +10:00
raja-grewal	965c8641fd	Update BHI mitigation reference	2024-05-01 13:47:02 +10:00
raja-grewal	493576836c	BHI mitigation on Intel CPUs	2024-04-12 00:17:06 +10:00
Patrick Schleizer	af6c6971a7	comment	2024-03-04 06:33:51 -05:00
raja-grewal	b16c99ab62	Remove hardcoded `spec_rstack_overflow` setting	2024-01-29 13:39:40 +00:00
raja-grewal	139b10a9aa	Control RAS overflow mitigation on AMD Zen CPUs	2024-01-29 12:59:13 +00:00
raja-grewal	6c54e35027	Enable mitigations for RETBleed vulnerability and disable SMT	2024-01-29 12:58:51 +00:00
raja-grewal	4509a5fc95	Enable known mitigations for CPU vulnerabilities and disable SMT	2024-01-29 12:58:14 +00:00
raja-grewal	4231155efa	Add reference for kernel parameters	2024-01-29 12:57:48 +00:00
Patrick Schleizer	c9ea7a4dca	use `amd_iommu=force_isolation` instead of `amd_iommu=force_enable` because we set `iommu=force` already anyhow fixes https://github.com/Kicksecure/security-misc/issues/175	2023-12-04 11:02:55 -05:00
monsieuremre	f2ad8383cf	fix	2023-12-03 19:51:38 +00:00
monsieuremre	dd15823a97	undo superfluousness	2023-12-03 19:50:07 +00:00
monsieuremre	83e13bb62d	Update 40_enable_iommu.cfg	2023-12-03 19:42:34 +00:00
Patrick Schleizer	97054b2b10	revert enabling kernel module signature enforcement due to issues https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63 https://github.com/dell/dkms/issues/359	2023-11-03 15:55:17 -04:00
Patrick Schleizer	b6d53f698d	Revert "allow loading unsigned modules due to issues" This reverts commit `661bcd8603`.	2023-11-03 12:17:00 -04:00
Patrick Schleizer	f6d1346e2b	fix	2023-10-22 16:22:08 -04:00
Patrick Schleizer	11382881b5	comments	2023-10-22 16:12:26 -04:00
Patrick Schleizer	4288e10554	fix, rework remount-secure kernel parameters parsing	2023-10-22 13:25:31 -04:00
Patrick Schleizer	c409e3221e	implement remount-secure	2023-10-22 09:36:03 -04:00
Patrick Schleizer	d543825d85	comments	2023-10-21 12:24:59 -04:00
Raja Grewal	7a4212dd76	Update copyright	2023-03-30 17:08:47 +11:00
Patrick Schleizer	87c4e77c01	migrate to ram-wipe package	2023-01-09 06:23:00 -05:00
Raja Grewal	92669dba18	Comment out machine check exception	2022-08-21 23:02:44 +10:00
Patrick Schleizer	0c5b1e9f57	undo `"force kernel to panic on "oopses"` because implemented differently already https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713	2022-07-23 07:49:56 -04:00
Raja Grewal	ca764d8de0	force kernel to panic on "oopses"	2022-07-20 04:06:35 +10:00
Raja Grewal	1660aaa6dd	update details around disabling SMT	2022-07-19 03:38:41 +10:00
Raja Grewal	bfd78a2c06	update SRBDS mitigation	2022-07-19 03:16:08 +10:00
Raja Grewal	c3ebb9160f	CPU mitigation - MMIO Stale Data	2022-07-19 02:33:16 +10:00
Raja Grewal	59e90ff122	CPU mitigation - L1D FLushing	2022-07-19 02:32:41 +10:00
Raja Grewal	8531fbf99d	CPU mitigation - SRBDS	2022-07-19 02:30:49 +10:00
Raja Grewal	73f1e23332	shuffle and rewording	2022-07-19 02:29:46 +10:00
Raja Grewal	a47922ad28	enforce of IOMMU TLB invalidation	2022-07-13 04:47:07 +10:00
Raja Grewal	33df16af80	disables random.trust_bootloader	2022-07-13 04:37:03 +10:00
Raja Grewal	d0779a96fc	add reference	2022-07-13 04:36:34 +10:00
Raja Grewal	74858d257b	enable randomize_kstack_offset	2022-07-13 04:34:35 +10:00
Raja Grewal	f572332108	disable slub_debug	2022-07-13 04:32:03 +10:00
Patrick Schleizer	1c0e071948	comments	2022-07-05 10:45:55 -04:00
Patrick Schleizer	5d47f5f74c	comments	2022-07-05 10:45:09 -04:00
Patrick Schleizer	435c689cf9	comments	2022-07-05 10:44:28 -04:00
Patrick Schleizer	c20d588d78	comments	2022-07-05 10:42:37 -04:00
Patrick Schleizer	b342ce930e	add `/etc/default/grub.d/40_cold_boot_attack_defense.cfg`	2022-07-05 10:28:22 -04:00
Patrick Schleizer	67eaf8c916	comments	2022-06-29 11:40:38 -04:00
Patrick Schleizer	72908d6b0d	comments	2022-06-29 11:34:55 -04:00
Patrick Schleizer	2d37e3a1af	copyright	2022-05-20 14:46:38 -04:00
Patrick Schleizer	c72567dbd2	fix	2021-09-14 14:18:44 -04:00
Patrick Schleizer	d62bbaab82	fix, unduplicate kernel command line	2021-09-12 11:40:58 -04:00

1 2

89 Commits