Update 40_kernel_hardening.cfg

etc/default/grub.d/40_kernel_hardening.cfg

@@ -36,27 +36,6 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
 ## Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
 
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on"
-
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"
-
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx=off"
-
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX tsx_async_abort=full,nosmt"
-
-## Enables all mitigations for the MDS vulnerability.
-## Disables smt which can be used to exploit the MDS vulnerability.
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"
-
-## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX l1tf=full,force"
-
-## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force"
-
-## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html#mitigation-control-on-the-kernel-command-line-and-kvm-module-parameter
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kvm.nx_huge_pages=force"
-
 ## Vsyscalls are obsolete, are at fixed addresses and are a target for ROP.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vsyscall=none"