From 92669dba186c6ac40ff601fd39639945cd7633c6 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Sun, 21 Aug 2022 23:02:44 +1000
Subject: [PATCH] Comment out machine check exception

---
 etc/default/grub.d/40_kernel_hardening.cfg | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index 5f8476e..30dd19a 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -17,8 +17,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
 ## Zero memory at allocation and free time.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX init_on_alloc=1 init_on_free=1"
 
-## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
+## Machine check exception handler decides whether the system should panic or not based on the exception that happened.
+## https://forums.whonix.org/t/kernel-hardening/7296/494
+#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
 
 ## Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"