From 06c56bbc7865804e2f26b9f3937eab8f60ed1c9d Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Sun, 25 Aug 2019 20:32:38 +0300 Subject: [PATCH] etc/default/grub.d: add mds.conf for mitigating mds CPU vuln Ref: #22 --- etc/default/grub.d/mds.cfg | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 etc/default/grub.d/mds.cfg diff --git a/etc/default/grub.d/mds.cfg b/etc/default/grub.d/mds.cfg new file mode 100644 index 00000000..bcee837b --- /dev/null +++ b/etc/default/grub.d/mds.cfg @@ -0,0 +1,6 @@ +# Enable all mitigation for Microarchitectural Data Sampling attack +# including disabling Simultaneous multithreading +# https://en.wikipedia.org/wiki/Simultaneous_multithreading +# WARNING: This may have performance impact! +# https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html +GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT mds=full,nosmt"