PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Update content/posts/linux/Desktop-Linux-Hardening.md

Browse Source 
Co-authored-by: WfKe9vLwSvv7rN <96372288+WfKe9vLwSvv7rN@users.noreply.github.com>
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-11-26 05:39:53 -05:00 committed by GitHub
parent f67d80d015
commit 6186101ba0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/posts/linux/Desktop-Linux-Hardening.md
View File

@ -272,7 +272,7 @@ spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=of
slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off oops=panic quiet loglevel=0
```
Kicksecure does not enforce either `module.sig_enforce=1` or ` lockdown=confidentiality` by default as they lead a lot of hardware compatibility issues, consider enabling these if possible on your system. Additionally, `mce=0` is also [no longer](https://forums.whonix.org/t/kernel-hardening/7296/493) used.
Kicksecure does not enforce either `module.sig_enforce=1` or `lockdown=confidentiality` by default as they lead to a lot of hardware compatibility issues; consider enabling these if possible on your system. Additionally, [`mce=0` is no longer recommended](https://forums.whonix.org/t/kernel-hardening/7296/493).
- Entropy generation
```