# Disables the merging of slabs of similar sizes. Sometimes a slab can be used in a vulnerable way which an attacker can exploit. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge" # Enables sanity checks (F), redzoning (Z) and poisoning (P). GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_debug=FZP" # Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1" # Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0" # Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on" # Enables all mitigations for the MDS vulnerability. # Disables smt which can be used to exploit the MDS vulnerability. GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"