Security: Add nospectre_v1 to the security params
Most of the v1 mitigation is baked into the kernel and not
optional. The swapgs barriers are, however, optional.
They have a negative performance impact so we disable them
by using the nospectre_v1 kernel bootarg.
Partial-Bug: 1860193
Depends-On: https://review.opendev.org/#/c/705300
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
(cherry picked from commit 950670ac1f
)
Change-Id: I8472e7fc4fbf5b3e01b56b79eba7feda315d29cf
This commit is contained in:
parent
17ed77faf5
commit
0c13c06b02
|
@ -1,2 +1,2 @@
|
|||
SRC_DIR="src"
|
||||
TIS_PATCH_VER=95
|
||||
TIS_PATCH_VER=96
|
||||
|
|
|
@ -7,7 +7,7 @@ platform::params::controller_hostname: controller
|
|||
platform::params::controller_0_hostname: controller-0
|
||||
platform::params::controller_1_hostname: controller-1
|
||||
platform::params::pxeboot_hostname: pxecontroller
|
||||
platform::params::security_feature: nopti nospectre_v2
|
||||
platform::params::security_feature: nopti nospectre_v2 nospectre_v1
|
||||
platform::amqp::auth_user: guest
|
||||
platform::users::params::sysadmin_password_max_age: 45
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
class platform::grub
|
||||
{
|
||||
include ::platform::params
|
||||
$managed_security_params = 'nopti nospectre_v2'
|
||||
$managed_security_params = 'nopti nospectre_v2 nospectre_v1'
|
||||
|
||||
# Run grubby to update params
|
||||
# First, remove all the parameters we manage, then we add back in the ones
|
||||
|
|
Loading…
Reference in New Issue