|
|
06894d1c98
|
Typo
|
2024-07-19 18:30:42 +10:00 |
|
|
|
faa9181a6c
|
Typos
|
2024-07-18 12:19:27 +10:00 |
|
|
|
d454f36c63
|
spelling
|
2024-07-17 11:52:29 -04:00 |
|
|
|
f4da582aa3
|
spelling
|
2024-07-17 11:44:17 -04:00 |
|
|
|
9e976474d5
|
spelling
|
2024-07-17 11:40:51 -04:00 |
|
|
|
b569fc02a4
|
spelling
|
2024-07-17 11:38:53 -04:00 |
|
|
|
d29a616142
|
minor
|
2024-07-17 08:39:20 -04:00 |
|
|
|
81a3715c7c
|
Add info regarding the downsides of disabling SMT
|
2024-07-17 13:32:08 +10:00 |
|
|
|
49594ccb22
|
Partially revert f4d652fa7b
|
2024-07-17 00:49:25 +10:00 |
|
|
|
73f6d4b26f
|
Fix transcription error
|
2024-07-16 01:03:41 +10:00 |
|
|
|
b2657bc61f
|
Improve docs
|
2024-07-15 15:05:00 +10:00 |
|
|
|
c8385d82fb
|
Clarify instructions for increasing log verbosity
|
2024-07-15 14:57:40 +10:00 |
|
|
|
d229e8b04d
|
Fix link
|
2024-07-15 14:50:29 +10:00 |
|
|
|
f4d652fa7b
|
Update presentation of quiet loglevel=0
|
2024-07-15 14:39:12 +10:00 |
|
|
|
48e1ac4163
|
Remove the optional slub_debug parameter since it is no longer recommended
|
2024-07-15 02:04:25 +10:00 |
|
|
|
99038c7a06
|
Add option to disable support for x86 processes and syscalls in the future
|
2024-07-15 02:02:01 +10:00 |
|
|
|
f550fbe07c
|
Add option to disable the entire IPv6 stack functionality
|
2024-07-15 01:59:04 +10:00 |
|
|
|
a33d4cd099
|
Refactor existing kernel parameters for clarity
|
2024-07-15 01:56:25 +10:00 |
|
|
|
1bb843ec38
|
Update Copyright (C) to 2024
|
2024-05-11 13:18:36 +10:00 |
|
|
|
4694268b8f
|
Remove a word
|
2024-05-05 12:52:51 +00:00 |
|
|
|
8f7768ce96
|
Add vendor links
|
2024-05-05 12:50:39 +00:00 |
|
|
|
0c031a29d3
|
RFDS mitigation on Intel Atom CPUs (including E-cores)
|
2024-05-01 13:55:09 +10:00 |
|
|
|
1122b3402c
|
GDS mitigation for CPUs
|
2024-05-01 13:50:42 +10:00 |
|
|
|
c002bd62e8
|
Clarify use of mitigations=auto
|
2024-05-01 13:49:34 +10:00 |
|
|
|
d89d7e8ef8
|
Add reference for RETBleed
|
2024-05-01 13:49:00 +10:00 |
|
|
|
015dcc4212
|
Add reference for SSB
|
2024-05-01 13:48:13 +10:00 |
|
|
|
de4f4be947
|
Merge spectre mitigations
|
2024-05-01 13:47:40 +10:00 |
|
|
|
965c8641fd
|
Update BHI mitigation reference
|
2024-05-01 13:47:02 +10:00 |
|
|
|
493576836c
|
BHI mitigation on Intel CPUs
|
2024-04-12 00:17:06 +10:00 |
|
|
|
af6c6971a7
|
comment
|
2024-03-04 06:33:51 -05:00 |
|
|
|
b16c99ab62
|
Remove hardcoded spec_rstack_overflow setting
|
2024-01-29 13:39:40 +00:00 |
|
|
|
139b10a9aa
|
Control RAS overflow mitigation on AMD Zen CPUs
|
2024-01-29 12:59:13 +00:00 |
|
|
|
6c54e35027
|
Enable mitigations for RETBleed vulnerability and disable SMT
|
2024-01-29 12:58:51 +00:00 |
|
|
|
4509a5fc95
|
Enable known mitigations for CPU vulnerabilities and disable SMT
|
2024-01-29 12:58:14 +00:00 |
|
|
|
4231155efa
|
Add reference for kernel parameters
|
2024-01-29 12:57:48 +00:00 |
|
|
|
c9ea7a4dca
|
use amd_iommu=force_isolation instead of amd_iommu=force_enable
because we set `iommu=force` already anyhow
fixes https://github.com/Kicksecure/security-misc/issues/175
|
2023-12-04 11:02:55 -05:00 |
|
|
|
f2ad8383cf
|
fix
|
2023-12-03 19:51:38 +00:00 |
|
|
|
dd15823a97
|
undo superfluousness
|
2023-12-03 19:50:07 +00:00 |
|
|
|
83e13bb62d
|
Update 40_enable_iommu.cfg
|
2023-12-03 19:42:34 +00:00 |
|
|
|
97054b2b10
|
revert enabling kernel module signature enforcement
due to issues
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63
https://github.com/dell/dkms/issues/359
|
2023-11-03 15:55:17 -04:00 |
|
|
|
b6d53f698d
|
Revert "allow loading unsigned modules due to issues"
This reverts commit 661bcd8603.
|
2023-11-03 12:17:00 -04:00 |
|
|
|
f6d1346e2b
|
fix
|
2023-10-22 16:22:08 -04:00 |
|
|
|
11382881b5
|
comments
|
2023-10-22 16:12:26 -04:00 |
|
|
|
4288e10554
|
fix, rework remount-secure kernel parameters parsing
|
2023-10-22 13:25:31 -04:00 |
|
|
|
c409e3221e
|
implement remount-secure
|
2023-10-22 09:36:03 -04:00 |
|
|
|
d543825d85
|
comments
|
2023-10-21 12:24:59 -04:00 |
|
|
|
7a4212dd76
|
Update copyright
|
2023-03-30 17:08:47 +11:00 |
|
|
|
87c4e77c01
|
migrate to ram-wipe package
|
2023-01-09 06:23:00 -05:00 |
|
|
|
92669dba18
|
Comment out machine check exception
|
2022-08-21 23:02:44 +10:00 |
|
|
|
0c5b1e9f57
|
undo "force kernel to panic on "oopses"
because implemented differently already
https://forums.whonix.org/t/set-oops-panic-kernel-parameter-or-kernel-panic-on-oops-1-sysctl-for-better-security/7713
|
2022-07-23 07:49:56 -04:00 |
|
