From 423c3fff721a797b4d7b3dfc6efdbce24ab7258f Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Thu, 11 Jan 2024 03:25:11 -0700
Subject: [PATCH] Setup hardened_malloc

Signed-off-by: Tommy <contact@tommytran.io>
---
 Fedora-Workstation-39.sh | 19 ++++++++++++++-----
 RHEL-Server-9.sh         | 19 ++++++++++++++-----
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/Fedora-Workstation-39.sh b/Fedora-Workstation-39.sh
index eaa2504..d1d2ee2 100644
--- a/Fedora-Workstation-39.sh
+++ b/Fedora-Workstation-39.sh
@@ -189,13 +189,22 @@ else
   sudo tuned-adm profile virtual-guest
 fi
 
-# Setup real-ucode
-if [ "$virt_type" = '' ]; then
+# Setup real-ucode and hardened_malloc
+if [ "$virt_type" = '' ] || [ "${MACHINE_TYPE}" == 'x86_64' ]; then
     sudo dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
     sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
-    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
-    sudo dnf install real-ucode -y
-    sudo dracut -f
+    if [ "${MACHINE_TYPE}" != 'x86_64' ]; then
+        sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
+        sudo dnf install real-ucode -y
+        sudo dracut -f
+    elif [ "$virt_type" != '' ]; then
+        sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,hardened_malloc
+        sudo dnf install hardened_malloc -y
+    else
+        sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
+        sudo dnf install real-ucode hardened_malloc -y
+        sudo dracut -f
+    fi
 fi
 
 output 'The script is done. You can also remove gnome-terminal since gnome-console will replace it.'
diff --git a/RHEL-Server-9.sh b/RHEL-Server-9.sh
index 8313c60..3a6f2ee 100644
--- a/RHEL-Server-9.sh
+++ b/RHEL-Server-9.sh
@@ -187,13 +187,22 @@ else
   sudo tuned-adm profile virtual-guest
 fi
 
-# Setup real-ucode
-if [ "$virt_type" = "" ]; then
+# Setup real-ucode and hardened_malloc
+if [ "$virt_type" = '' ] || [ "${MACHINE_TYPE}" == 'x86_64' ]; then
   sudo dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
   sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
-  sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
-  sudo dnf install real-ucode -y
-  sudo dracut -f
+  if [ "${MACHINE_TYPE}" != 'x86_64' ]; then
+    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
+    sudo dnf install real-ucode -y
+    sudo dracut -f
+  elif [ "$virt_type" != '' ]; then
+    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,hardened_malloc
+    sudo dnf install hardened_malloc -y
+  else
+    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
+    sudo dnf install real-ucode hardened_malloc -y
+    sudo dracut -f
+  fi
 fi
 
 # Setup fwupd