Enable module sig enforce and lockdown=confidentiality

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-03-05 14:52:54 -07:00
parent f5411aab36
commit 2ecb5662fc
No known key found for this signature in database
GPG Key ID: 555C902A34EC968F
4 changed files with 8 additions and 0 deletions

View File

@ -12,6 +12,8 @@
"nosmt=force", "nosmt=force",
"l1d_flush=on", "l1d_flush=on",
"spec_rstack_overflow=safe-ret", "spec_rstack_overflow=safe-ret",
"module.sig_enforce=1",
"lockdown=confidentiality",
"random.trust_bootloader=off", "random.trust_bootloader=off",
"random.trust_cpu=off", "random.trust_cpu=off",
"intel_iommu=on", "intel_iommu=on",

View File

@ -192,6 +192,8 @@ kernel_arguments:
- nosmt=force - nosmt=force
- l1d_flush=on - l1d_flush=on
- spec_rstack_overflow=safe-ret - spec_rstack_overflow=safe-ret
- module.sig_enforce=1
- lockdown=confidentiality
- random.trust_bootloader=off - random.trust_bootloader=off
- random.trust_cpu=off - random.trust_cpu=off
- intel_iommu=on - intel_iommu=on

View File

@ -12,6 +12,8 @@
"nosmt=force", "nosmt=force",
"l1d_flush=on", "l1d_flush=on",
"spec_rstack_overflow=safe-ret", "spec_rstack_overflow=safe-ret",
"module.sig_enforce=1",
"lockdown=confidentiality",
"random.trust_bootloader=off", "random.trust_bootloader=off",
"random.trust_cpu=off", "random.trust_cpu=off",
"intel_iommu=on", "intel_iommu=on",

View File

@ -256,6 +256,8 @@ kernel_arguments:
- nosmt=force - nosmt=force
- l1d_flush=on - l1d_flush=on
- spec_rstack_overflow=safe-ret - spec_rstack_overflow=safe-ret
- module.sig_enforce=1
- lockdown=confidentiality
- random.trust_bootloader=off - random.trust_bootloader=off
- random.trust_cpu=off - random.trust_cpu=off
- intel_iommu=on - intel_iommu=on