From 2a6289980e07d1d9c263f2d5abfc3b9e37c5054f Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun, 23 Jun 2019 18:46:52 +0000
Subject: [PATCH] syntax fix

GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"

https://forums.whonix.org/t/kernel-hardening/7296/70
---
 etc/default/grub.d/40_kernel_hardening.cfg | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index ec26311..0506e49 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -13,8 +13,6 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
 # Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
 
-# Disables smt which can be used to exploit the MDS vulnerability.
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt"
-
 # Enables all mitigations for the MDS vulnerability.
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full"
+# Disables smt which can be used to exploit the MDS vulnerability.
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"