diff --git a/UTM-Chrony.ign b/UTM-Chrony.ign index 9138993..e6d1419 100644 --- a/UTM-Chrony.ign +++ b/UTM-Chrony.ign @@ -12,8 +12,6 @@ "nosmt=force", "l1d_flush=on", "spec_rstack_overflow=safe-ret", - "module.sig_enforce=1", - "lockdown=confidentiality", "random.trust_bootloader=off", "random.trust_cpu=off", "intel_iommu=on", @@ -30,7 +28,9 @@ "ia32_emulation=0", "page_alloc.shuffle=1", "randomize_kstack_offset=on", - "debugfs=off" + "debugfs=off", + "lockdown=confidentiality", + "module.sig_enforce=1" ] }, "passwd": { diff --git a/UTM-Chrony.yml b/UTM-Chrony.yml index 4bb5318..6724829 100644 --- a/UTM-Chrony.yml +++ b/UTM-Chrony.yml @@ -196,8 +196,6 @@ kernel_arguments: - nosmt=force - l1d_flush=on - spec_rstack_overflow=safe-ret - - module.sig_enforce=1 - - lockdown=confidentiality - random.trust_bootloader=off - random.trust_cpu=off - intel_iommu=on @@ -214,4 +212,6 @@ kernel_arguments: - ia32_emulation=0 - page_alloc.shuffle=1 - randomize_kstack_offset=on - - debugfs=off \ No newline at end of file + - debugfs=off + - lockdown=confidentiality + - module.sig_enforce=1 \ No newline at end of file diff --git a/x86-QEMU-Docker.ign b/x86-QEMU-Docker.ign index 07cd9b9..f3952ad 100644 --- a/x86-QEMU-Docker.ign +++ b/x86-QEMU-Docker.ign @@ -12,8 +12,6 @@ "nosmt=force", "l1d_flush=on", "spec_rstack_overflow=safe-ret", - "module.sig_enforce=1", - "lockdown=confidentiality", "random.trust_bootloader=off", "random.trust_cpu=off", "intel_iommu=on", @@ -31,6 +29,8 @@ "page_alloc.shuffle=1", "randomize_kstack_offset=on", "debugfs=off", + "lockdown=confidentiality", + "module.sig_enforce=1", "console=tty0", "console=ttyS0,115200" ] diff --git a/x86-QEMU-Docker.yml b/x86-QEMU-Docker.yml index 70be587..a32fdc7 100644 --- a/x86-QEMU-Docker.yml +++ b/x86-QEMU-Docker.yml @@ -272,8 +272,6 @@ kernel_arguments: - nosmt=force - l1d_flush=on - spec_rstack_overflow=safe-ret - - module.sig_enforce=1 - - lockdown=confidentiality - random.trust_bootloader=off - random.trust_cpu=off - intel_iommu=on @@ -291,5 +289,7 @@ kernel_arguments: - page_alloc.shuffle=1 - randomize_kstack_offset=on - debugfs=off + - lockdown=confidentiality + - module.sig_enforce=1 - console=tty0 - console=ttyS0,115200 \ No newline at end of file