mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-11 18:40:11 +07:00
Code Issues Packages Projects Releases Wiki Activity

comments; copyright

Browse Source
This commit is contained in:
Patrick Schleizer 2019-11-05 09:55:43 -05:00
parent 74293bcd2f
commit f57702c158
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/default/grub.d/40_enable_iommu.cfg
View File

@ -1,2 +1,5 @@
# Enables IOMMU to prevent DMA attacks.
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
## Enables IOMMU to prevent DMA attacks.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=on"

17
etc/default/grub.d/40_kernel_hardening.cfg
View File

@ -1,18 +1,21 @@
# Disables the merging of slabs of similar sizes. Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
## Disables the merging of slabs of similar sizes. Sometimes a slab can be used in a vulnerable way which an attacker can exploit.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slab_nomerge"
# Enables sanity checks (F), redzoning (Z) and poisoning (P).
## Enables sanity checks (F), redzoning (Z) and poisoning (P).
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX slub_debug=FZP"
# Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites.
## Wipes free memory so it can't leak in various ways and prevents some use-after-free vulnerabilites.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX page_poison=1"
# Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
## Makes the kernel panic on uncorrectable errors in ECC memory that an attacker could exploit.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mce=0"
# Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
## Enables Kernel Page Table Isolation which mitigates Meltdown and improves KASLR.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX pti=on"
# Enables all mitigations for the MDS vulnerability.
# Disables smt which can be used to exploit the MDS vulnerability.
## Enables all mitigations for the MDS vulnerability.
## Disables smt which can be used to exploit the MDS vulnerability.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mds=full,nosmt"