mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-07 05:50:41 +07:00
Code Issues Packages Projects Releases Wiki Activity

Comment out machine check exception

Browse Source
This commit is contained in:
Raja Grewal 2022-08-21 23:02:44 +10:00
parent ff8451469a
commit 92669dba18
No known key found for this signature in database
GPG Key ID: E34A5801947020A5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -17,8 +17,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
## Zero memory at allocation and free time.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1"
## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
## Machine check exception handler decides whether the system should panic or not based on the exception that happened.
## https://forums.whonix.org/t/kernel-hardening/7296/494
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
## Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"