From de4f4be94762c9751ea62f744d7d6ede3ef30e88 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Wed, 1 May 2024 13:47:40 +1000
Subject: [PATCH] Merge spectre mitigations

---
 etc/default/grub.d/40_cpu_mitigations.cfg | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index 7940b25..de9ca82 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -10,10 +10,11 @@
 ## Enable known mitigations for CPU vulnerabilities and disable SMT.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto,nosmt"
 
-## Enable mitigations for Spectre variant 2 (indirect branch speculation).
+## Enable mitigations for both Spectre Variant 2 (indirect branch speculation)
+## and Intel branch history injection (BHI) vulnerabilities.
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on"
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_v2=on spectre_bhi=on"
 
 ## Disable Speculative Store Bypass.
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spec_store_bypass_disable=on"
@@ -74,8 +75,3 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX retbleed=auto,nosmt"
 ## This default will used until provided sufficient evidence to modify.
 ##
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html
-
-## Enables mitigation of Branch History Injection vulnerabilities on Intel CPUs.
-##
-## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/spectre.html
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX spectre_bhi=on"