PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Update content/posts/linux/Desktop-Linux-Hardening.md

Browse Source 
Co-authored-by: WfKe9vLwSvv7rN <96372288+WfKe9vLwSvv7rN@users.noreply.github.com>
Signed-off-by: Raja Grewal <rg_public@proton.me>
This commit is contained in:
Raja Grewal 2022-11-27 11:39:59 +00:00 committed by GitHub
parent 1586452f5c
commit 16ac651487
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/posts/linux/Desktop-Linux-Hardening.md
View File

@ -276,7 +276,8 @@ slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuf
Kicksecure does not enforce either `module.sig_enforce=1` or `lockdown=confidentiality` by default as they lead to a lot of hardware compatibility issues; consider enabling these if possible on your system. Additionally, [`mce=0` is no longer recommended](https://forums.whonix.org/t/kernel-hardening/7296/493).
- Entropy generation
#### Entropy generation
```
random.trust_cpu=off random.trust_bootloader=off
```