Patrick Schleizer
|
26fe9394ff
|
disable lockdown for now due to module loading
|
2019-12-23 03:41:54 -05:00 |
|
madaidan
|
535c258b83
|
More kernel hardening
|
2019-12-23 03:35:07 -05:00 |
|
Patrick Schleizer
|
0c25a96b59
|
description / comments
|
2019-12-03 02:18:32 -05:00 |
|
madaidan
|
5da2a27bf0
|
Distrust the CPU for initial entropy
|
2019-12-02 16:43:00 +00:00 |
|
Patrick Schleizer
|
94d40c68d4
|
do not set kernel boot parameter page_poison=1 in Qubes since does not work
https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
|
2019-11-05 10:02:55 -05:00 |
|
Patrick Schleizer
|
f57702c158
|
comments; copyright
|
2019-11-05 09:55:43 -05:00 |
|
madaidan
|
60db7e6294
|
fix typo
|
2019-09-07 20:08:56 +00:00 |
|
Patrick Schleizer
|
661bcd8603
|
allow loading unsigned modules due to issues
https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
|
2019-09-07 05:39:56 +00:00 |
|
Patrick Schleizer
|
cb8170fd80
|
comment
|
2019-09-06 11:44:56 +00:00 |
|
madaidan
|
9a49b8ecbb
|
Create 40_only_allow_signed_modules.cfg
Require all loaded kernel modules to be signed with a valid key.
|
2019-08-13 13:33:07 +00:00 |
|
Patrick Schleizer
|
7e12e16dc0
|
Merge pull request #11 from madaidan/patch-7
Protect against DMA attacks
|
2019-06-28 06:57:42 +00:00 |
|
Patrick Schleizer
|
2a6289980e
|
syntax fix
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
https://forums.whonix.org/t/kernel-hardening/7296/70
|
2019-06-23 18:46:52 +00:00 |
|
madaidan
|
641407c8e9
|
Enable IOMMU
|
2019-06-23 18:38:50 +00:00 |
|
madaidan
|
2178fb37a8
|
Add more kernel hardening parameters
|
2019-06-23 17:54:34 +00:00 |
|
Patrick Schleizer
|
f917c27a19
|
remove trailing spaces
|
2019-05-06 05:51:14 -04:00 |
|
madaidan
|
02e8888b0b
|
Update 40_kernel_hardening.cfg
|
2019-05-05 20:17:33 +00:00 |
|
madaidan
|
3695d7491e
|
Create 40_kernel_hardening.cfg
|
2019-05-05 14:42:03 +00:00 |
|