From 06c56bbc7865804e2f26b9f3937eab8f60ed1c9d Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Sun, 25 Aug 2019 20:32:38 +0300
Subject: [PATCH] etc/default/grub.d: add mds.conf for mitigating mds CPU vuln

Ref: #22
---
 etc/default/grub.d/mds.cfg | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 etc/default/grub.d/mds.cfg

diff --git a/etc/default/grub.d/mds.cfg b/etc/default/grub.d/mds.cfg
new file mode 100644
index 00000000..bcee837b
--- /dev/null
+++ b/etc/default/grub.d/mds.cfg
@@ -0,0 +1,6 @@
+# Enable all mitigation for Microarchitectural Data Sampling attack
+# including disabling Simultaneous multithreading
+# https://en.wikipedia.org/wiki/Simultaneous_multithreading
+# WARNING: This may have performance impact!
+# https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
+GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt"