Patrick Schleizer
|
49902b8c56
|
move grub quiet to separate config file /etc/default/grub.d/41_quiet.cfg
|
2021-09-06 08:19:41 -04:00 |
|
Patrick Schleizer
|
db43cedcfd
|
LANG=C str_replace
|
2021-08-22 05:23:24 -04:00 |
|
Patrick Schleizer
|
a67007f4b7
|
copyright
|
2021-03-17 09:45:21 -04:00 |
|
madaidan
|
06ffd5d220
|
Restrict access to debugfs
|
2020-09-28 19:21:20 +00:00 |
|
Patrick Schleizer
|
6485df8126
|
Prevent kernel info leaks in console during boot.
add kernel parameter `quiet loglevel=0`
https://phabricator.whonix.org/T950
|
2020-04-23 12:26:31 -04:00 |
|
Patrick Schleizer
|
72228946dc
|
fix etc/default/grub.d/40_kernel_hardening.cfg
in Qubes if no kernel package is installed
|
2020-04-08 16:46:11 +00:00 |
|
Patrick Schleizer
|
2ceea8d1fe
|
update copyright year
|
2020-04-01 08:49:59 -04:00 |
|
madaidan
|
f6b6ab374e
|
Gather more entropy during boot
|
2020-02-16 19:51:32 +00:00 |
|
madaidan
|
ba0043b8a7
|
Update 40_kernel_hardening.cfg
|
2020-02-12 18:36:05 +00:00 |
|
HulaHoop0
|
e4c6e897cf
|
kvm.nx_huge_pages=force
|
2020-02-03 16:06:46 +00:00 |
|
Patrick Schleizer
|
b9d65338bc
|
unconditionally enable all CPU bugs (spectre, meltdown, L1TF, ...)
this might reduce performance
* `spectre_v2=on`
* `spec_store_bypass_disable=on`
* `tsx=off`
* `tsx_async_abort=full,nosmt`
Thanks to @madaidan for the suggestion!
https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647
|
2020-01-30 05:55:13 -05:00 |
|
Patrick Schleizer
|
c1a0da60be
|
set kernel boot parameter l1tf=full,force and nosmt=force
https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
|
2020-01-30 00:46:48 -05:00 |
|
Patrick Schleizer
|
ede536913d
|
no longer hardcode amd64
|
2019-12-24 06:00:41 -05:00 |
|
Patrick Schleizer
|
ac49c55d1f
|
Merge pull request #49 from madaidan/kver
Detect kernel upgrades
|
2019-12-24 10:55:03 +00:00 |
|
madaidan
|
98e88d1456
|
Detect kernel upgrades
|
2019-12-23 19:57:43 +00:00 |
|
madaidan
|
d1a0650fd9
|
Use only one slub_debug parameter
|
2019-12-23 19:44:52 +00:00 |
|
Patrick Schleizer
|
3e131174d5
|
comments
|
2019-12-23 05:00:35 -05:00 |
|
Patrick Schleizer
|
9f072ce4f9
|
comment
|
2019-12-23 03:46:02 -05:00 |
|
Patrick Schleizer
|
26fe9394ff
|
disable lockdown for now due to module loading
|
2019-12-23 03:41:54 -05:00 |
|
madaidan
|
535c258b83
|
More kernel hardening
|
2019-12-23 03:35:07 -05:00 |
|
Patrick Schleizer
|
94d40c68d4
|
do not set kernel boot parameter page_poison=1 in Qubes since does not work
https://github.com/QubesOS/qubes-issues/issues/5212#issuecomment-533873012
|
2019-11-05 10:02:55 -05:00 |
|
Patrick Schleizer
|
f57702c158
|
comments; copyright
|
2019-11-05 09:55:43 -05:00 |
|
madaidan
|
60db7e6294
|
fix typo
|
2019-09-07 20:08:56 +00:00 |
|
Patrick Schleizer
|
2a6289980e
|
syntax fix
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
https://forums.whonix.org/t/kernel-hardening/7296/70
|
2019-06-23 18:46:52 +00:00 |
|
madaidan
|
2178fb37a8
|
Add more kernel hardening parameters
|
2019-06-23 17:54:34 +00:00 |
|
Patrick Schleizer
|
f917c27a19
|
remove trailing spaces
|
2019-05-06 05:51:14 -04:00 |
|
madaidan
|
02e8888b0b
|
Update 40_kernel_hardening.cfg
|
2019-05-05 20:17:33 +00:00 |
|
madaidan
|
3695d7491e
|
Create 40_kernel_hardening.cfg
|
2019-05-05 14:42:03 +00:00 |
|