Remove real-ucode

Signed-off-by: Tommy <contact@tommytran.io>

Fedora-Server-40.sh

@@ -128,6 +128,11 @@ sudo chmod 644 /etc/systemd/system/unbound.service.d/override.conf
 sudo systemctl enable --now unbound
 sudo systemctl disable systemd-resolved
 
+### Differentiating bare metal and virtual installs
+
+# Enable auto TRIM
+sudo systemctl enable fstrim.timer
+
 # Setup fwupd
 if [ "$virtualization" = 'none' ]; then
     sudo dnf install -y fwupd
@@ -140,11 +145,6 @@ if [ "$virtualization" = 'none' ]; then
     sudo systemctl enable --now fwupd-refresh.timer
 fi
 
-# Enable auto TRIM
-sudo systemctl enable fstrim.timer
-
-### Differentiating bare metal and virtual installs
-
 # Setup tuned
 sudo dnf install -y tuned
 sudo systemctl enable --now tuned
@@ -155,17 +155,6 @@ else
     sudo tuned-adm profile virtual-guest
 fi
 
-
-# Setup real-ucode
-MACHINE_TYPE=$(uname -m)
-if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
-    sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
-    sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
-    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
-    sudo dnf install -y real-ucode
-    sudo dracut -f
-fi
-
 # Setup networking
 sudo firewall-cmd --permanent --remove-service=cockpit
 sudo firewall-cmd --reload

Fedora-Workstation-40.sh

@@ -219,15 +219,15 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
     sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop
 fi
 
-# Setup fwupd
-echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
-sudo systemctl restart fwupd
-
 # Enable auto TRIM
 sudo systemctl enable fstrim.timer
 
 ### Differentiating bare metal and virtual installs
 
+# Setup fwupd
+echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
+sudo systemctl restart fwupd
+
 # Setup tuned
 if [ "$virtualization" = 'none' ]; then
     output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it."
@@ -238,15 +238,6 @@ else
     sudo tuned-adm profile virtual-guest
 fi
 
-# Setup real-ucode
-if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
-    sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
-    sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
-    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
-    sudo dnf install -y real-ucode
-    sudo dracut -f
-fi
-
 # Setup networking
 sudo firewall-cmd --set-default-zone=block
 sudo firewall-cmd --permanent --add-service=dhcpv6-client

RHEL-9.sh

@@ -89,6 +89,12 @@ sudo systemctl enable --now dnf-automatic.timer
 # Remove unnecessary packages
 sudo dnf remove -y cockpit*
 
+# Install hardened_malloc
+sudo dnf copr enable secureblue/hardened_malloc -y
+sudo dnf install -y hardened_malloc
+echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
+sudo chmod 644 /etc/ld.so.preload
+
 # Install appropriate virtualization drivers
 if [ "$virtualization" = 'kvm' ]; then
     sudo dnf install -y qemu-guest-agent
@@ -160,6 +166,11 @@ sudo systemctl enable --now unbound
 #sudo insights-client --collector malware-detection
 #sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
 
+# Enable auto TRIM
+sudo systemctl enable fstrim.timer
+
+### Differentiating bare metal and virtual installs
+
 # Setup fwupd
 if [ "$virtualization" = 'none' ]; then
     sudo dnf install -y fwupd
@@ -172,11 +183,6 @@ if [ "$virtualization" = 'none' ]; then
     sudo systemctl enable --now fwupd-refresh.timer
 fi
 
-# Enable auto TRIM
-sudo systemctl enable fstrim.timer
-
-### Differentiating bare metal and virtual installs
-
 # Setup tuned
 sudo dnf install -y tuned
 sudo systemctl enable --now tuned
@@ -187,16 +193,6 @@ else
     sudo tuned-adm profile virtual-guest
 fi
 
-# Setup real-ucode
-MACHINE_TYPE=$(uname -m)
-if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
-    sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
-    sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
-    sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
-    sudo dnf install -y real-ucode
-    sudo dracut -f
-fi
-
 # Setup networking
 sudo firewall-cmd --permanent --remove-service=cockpit
 sudo firewall-cmd --reload