Tomster/Fedora-CoreOS-Ignition
1
0
Fork 0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-11-22 01:11:34 -05:00
Code

Enable module sig enforce and lockdown=confidentiality

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-03-05 14:52:54 -07:00
parent f5411aab36
commit 2ecb5662fc
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
4 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
UTM-Chrony.ign
View File

@ -12,6 +12,8 @@
"nosmt=force", "nosmt=force",
"l1d_flush=on", "l1d_flush=on",
"spec_rstack_overflow=safe-ret", "spec_rstack_overflow=safe-ret",
"module.sig_enforce=1",
"lockdown=confidentiality",
"random.trust_bootloader=off", "random.trust_bootloader=off",
"random.trust_cpu=off", "random.trust_cpu=off",
"intel_iommu=on", "intel_iommu=on",

2
UTM-Chrony.yml
View File

@ -192,6 +192,8 @@ kernel_arguments:
- nosmt=force - nosmt=force
- l1d_flush=on - l1d_flush=on
- spec_rstack_overflow=safe-ret - spec_rstack_overflow=safe-ret
- module.sig_enforce=1
- lockdown=confidentiality
- random.trust_bootloader=off - random.trust_bootloader=off
- random.trust_cpu=off - random.trust_cpu=off
- intel_iommu=on - intel_iommu=on

2
x86-QEMU-Docker.ign
View File

@ -12,6 +12,8 @@
"nosmt=force", "nosmt=force",
"l1d_flush=on", "l1d_flush=on",
"spec_rstack_overflow=safe-ret", "spec_rstack_overflow=safe-ret",
"module.sig_enforce=1",
"lockdown=confidentiality",
"random.trust_bootloader=off", "random.trust_bootloader=off",
"random.trust_cpu=off", "random.trust_cpu=off",
"intel_iommu=on", "intel_iommu=on",

2
x86-QEMU-Docker.yml
View File

@ -256,6 +256,8 @@ kernel_arguments:
- nosmt=force - nosmt=force
- l1d_flush=on - l1d_flush=on
- spec_rstack_overflow=safe-ret - spec_rstack_overflow=safe-ret
- module.sig_enforce=1
- lockdown=confidentiality
- random.trust_bootloader=off - random.trust_bootloader=off
- random.trust_cpu=off - random.trust_cpu=off
- intel_iommu=on - intel_iommu=on