From 8a0e8dd8d4b4d43d1aa1e76799d7e1820e8fb74a Mon Sep 17 00:00:00 2001
From: TommyTran732 <57488583+tommytran732@users.noreply.github.com>
Date: Sun, 25 Jul 2021 07:03:01 +0000
Subject: [PATCH] Add some grub settings from whonix

---
 install.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/install.sh b/install.sh
index 44b59d4..3fa912d 100644
--- a/install.sh
+++ b/install.sh
@@ -3,6 +3,12 @@
 # Cleaning the TTY.
 clear
 
+# Updating the live environment
+pacman -Syu
+
+# Installing curl
+pacman -S --noconfirm curl
+
 # Selecting the kernel flavor to install. 
 kernel_selector () {
     echo "List of kernels:"
@@ -203,6 +209,15 @@ sed -i 's# part_msdos##g' /mnt/etc/default/grub
 sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/10_linux
 sed -i 's#rootflags=subvol=${rootsubvol}##g' /mnt/etc/grub.d/20_linux_xen
 
+# Enabling CPU Mitigations
+curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_cpu_mitigations.cfg >> /mnt/etc/grub.d/40_cpu_mitigations
+
+# Distrusting the CPU
+curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_distrust_cpu.cfg >> /mnt/etc/grub.d/40_distrust_cpu
+
+# Enabling IOMMU
+curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/default/grub.d/40_enable_iommu.cfg >> 40_enable_iommu
+
 # Adding keyfile to the initramfs to avoid double password.
 dd bs=512 count=4 if=/dev/random of=/mnt/cryptkey/.root.key iflag=fullblock &>/dev/null
 chmod 000 /mnt/cryptkey/.root.key &>/dev/null