security-misc

mirror of https://github.com/Kicksecure/security-misc.git synced 2025-12-30 18:10:19 -05:00

Author	SHA1	Message	Date
Aaron Rainbolt	e7e6d6d373	Merge remote-tracking branch 'raja/incomplete_cpu_mitigations' into arraybolt3/trixie-raja-merge	2025-12-14 14:01:54 -06:00
raja-grewal	b8f7806267	Update usage of `mitigations=auto,nosmt`	2025-12-14 12:38:47 +00:00
Aaron Rainbolt	4d0a126955	Merge remote-tracking branch 'raja/modprobe_refresh' into arraybolt3/trixie-raja-merge	2025-12-13 18:44:03 -06:00
raja-grewal	8040ba7579	Minor fixes to docs	2025-12-12 02:04:38 +00:00
raja-grewal	fe1cfcd1a0	Update docs on CPU MSRs	2025-12-12 02:03:23 +00:00
raja-grewal	5684a12d9d	Whitelist `9p` module	2025-12-12 01:59:23 +00:00
raja-grewal	7d90121302	Add reference for AMD SEV	2025-12-11 14:12:18 +00:00
raja-grewal	72f295a3f0	Provide option to enable AMD SEV-SNP	2025-12-11 14:11:47 +00:00
raja-grewal	6a17255307	Provide option to enable AMD SEV-ES	2025-12-11 14:11:26 +00:00
raja-grewal	53c4fdbeea	Merge branch 'Kicksecure:master' into modprobe_refresh	2025-12-11 12:52:14 +11:00
Aaron Rainbolt	b3eb739fe2	Link fix, change some wording	2025-11-30 00:20:21 -06:00
Aaron Rainbolt	5f34b4146e	Merge remote-tracking branch 'raja/docs' into arraybolt3/trixie	2025-11-30 00:12:18 -06:00
Aaron Rainbolt	2c253b1312	Merge remote-tracking branch 'raja/vsyscall32' into arraybolt3/trixie	2025-11-29 21:01:51 -06:00
Aaron Rainbolt	17ab1bb00f	Documentation fix	2025-11-29 20:44:30 -06:00
Aaron Rainbolt	2b2d30afce	Merge remote-tracking branch 'raja/limit_full_force' into arraybolt3/trixie	2025-11-29 20:23:09 -06:00
Aaron Rainbolt	b73a830b0f	Merge remote-tracking branch 'raja/kpti' into arraybolt3/trixie	2025-11-29 19:59:35 -06:00
Aaron Rainbolt	e54cb007f9	Merge remote-tracking branch 'raja/limit_bdev_writes' into arraybolt3/trixie	2025-11-29 19:54:10 -06:00
raja-grewal	f75e987337	Relabel some disabled module headings	2025-11-21 13:06:42 +00:00
raja-grewal	79be87ec5f	Move (optional) CPU MSR module disable list	2025-11-21 13:05:13 +00:00
raja-grewal	1a7b0a9122	Disable more file systems	2025-11-21 12:43:05 +00:00
raja-grewal	1865cafe44	Move joydev from blacklist to disable	2025-11-21 12:42:10 +00:00
raja-grewal	28476d3d53	Update docs on GrapheneOS blacklisted modules	2025-11-21 12:40:12 +00:00
raja-grewal	446d3771bf	Update docs on CD-ROM/DVD blacklisting	2025-11-21 12:38:44 +00:00
raja-grewal	3646a2fefe	Move superseded brcm80211 to disabled Split and replaced by brcmsmac and brcmfmac in kernel 2.6.39	2025-11-21 12:37:57 +00:00
raja-grewal	66ba273d44	Add CPU MSR modules	2025-11-21 12:36:57 +00:00
raja-grewal	e6aa648d54	Update docs on CPU MSR disabling	2025-11-21 12:36:32 +00:00
raja-grewal	59869979bb	Update docs on Vivid disabling	2025-11-21 12:35:51 +00:00
raja-grewal	4597fd16a9	Sort RDNIS disabling and add docs	2025-11-21 12:35:03 +00:00
raja-grewal	5adc007536	Update docs on Intel PMT disabling	2025-11-21 12:33:15 +00:00
raja-grewal	31e3aa0c3a	Update docs on Bluetooth disabling	2025-11-21 12:32:30 +00:00
raja-grewal	62dc2d4483	Add note about Intel TME	2025-11-18 20:31:46 +11:00
raja-grewal	29176d2ed2	Remove the option to reduce the MCE tolerance level	2025-11-15 06:30:11 +00:00
raja-grewal	9f897c5ccd	Update docs on reducing the MCE tolerance level	2025-11-15 05:48:33 +00:00
raja-grewal	b6fe1a5a6e	Make panic related settings consistent Ensures the `sysctl` and boot parameters are equivalent in settings and in description. This should prevent future questions regarding having omitted boot parameters that were actually redundant.	2025-11-15 04:51:01 +00:00
raja-grewal	99e993b885	Provide options to enable AMD SME and SEV	2025-11-15 03:16:07 +00:00
raja-grewal	635c216d4e	Update docs on CPU mitigations	2025-11-05 01:44:36 +00:00
raja-grewal	a46f678c7f	Update docs on latent entropy	2025-11-05 00:05:17 +00:00
raja-grewal	37b493826e	Spit distrusting entropy settings for clarity	2025-11-05 00:03:54 +00:00
raja-grewal	019a0cf72c	Update docs on entropy	2025-11-05 00:03:19 +00:00
raja-grewal	4c88b91141	Merge branch 'Kicksecure:master' into docs	2025-11-05 10:10:10 +11:00
raja-grewal	e43d4d7f71	Set `bdev_allow_write_mounted=0`	2025-11-03 05:46:07 +00:00
raja-grewal	53d90b1128	Update docs on `ssbd=force-on`	2025-11-03 04:32:49 +00:00
raja-grewal	322584db33	Update docs on `pti=on`	2025-11-03 04:31:59 +00:00
raja-grewal	5e87c9bea4	Set `kpti=1`	2025-11-03 04:30:58 +00:00
raja-grewal	3fdfebc464	Set `proc_mem.force_override=ptrace`	2025-11-03 00:48:49 +00:00
Patrick Schleizer	5121f80f28	comment	2025-11-02 06:00:24 -05:00
Patrick Schleizer	29685938bd	move usbguard reject rules to the top	2025-11-02 05:57:52 -05:00
raja-grewal	c5f91eb33a	Add another method to disable 32-bit legacy vsyscalls	2025-11-02 06:15:06 +00:00
raja-grewal	d175d1be52	Add doc on entropy related failure on AMD Zen 5 CPUs	2025-11-02 15:54:34 +11:00
raja-grewal	8f78269949	Add docs on slab_debug	2025-10-20 05:36:54 +00:00

1 2 3 4 5 ...

688 commits