From 145f48a093338f00273e4a21477dddc34284ddd6 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Sat, 10 Dec 2022 21:18:34 +0300 Subject: [PATCH] Save the list of disabled mitigations of CPU vulnerabilities (for history) --- kconfig_hardened_check/__init__.py | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 8130dd4..673cb52 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -13,10 +13,27 @@ # N.B Hardening command line parameters: # iommu=force (does it help against DMA attacks?) # -# Mitigations of CPU vulnerabilities: -# Аrch-independent: -# X86: -# l1d_flush=on (a part of the l1tf option) +# The list of disabled mitigations of CPU vulnerabilities: +# mitigations=off +# pti=off +# spectre_v2=off +# spectre_v2_user=off +# spec_store_bypass_disable=off +# l1tf=off +# mds=off +# tsx_async_abort=off +# srbds=off +# mmio_stale_data=off +# retbleed=off +# nopti +# nokaslr +# nospectre_v1 +# nospectre_v2 +# nospectre_bhb +# nospec_store_bypass_disable +# kpti=0 +# ssbd=force-off +# nosmt (enabled) # # Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE): # kasan=on -- 2.31.1