mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:23:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

Enable kvm-intel.vmentry_l1d_flush=always

Browse Source
This commit is contained in:
raja-grewal 2024-12-17 11:42:52 +00:00 committed by GitHub
parent defba1f245
commit 45355aabdc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/default/grub.d/40_cpu_mitigations.cfg
View File

@ -66,11 +66,13 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX ssbd=force-on"
## L1 Terminal Fault (L1TF):
## Mitigate the vulnerability by disabling L1D flush runtime control and SMT.
## If conditional L1D flushing, mitigate the vulnerability for certain KVM hypervisor configurations.
## Currently affects Intel CPUs.
##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html
##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=full,force"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm-intel.vmentry_l1d_flush=always"
## Microarchitectural Data Sampling (MDS):
## Mitigate the vulnerability by clearing the buffer cache and disabling SMT.