Security: Add nospectre_v1 to the security params
Most of the v1 mitigation is baked into the kernel and not optional. The swapgs barriers are, however, optional. They have a negative performance impact so we disable them by using the nospectre_v1 kernel bootarg. Partial-Bug: 1860193 Depends-On: https://review.opendev.org/#/c/704406 Change-Id: Iaa11ba3f430fc064ebda679cf290474d3be413da Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
This commit is contained in:
parent
b2d4e41822
commit
950670ac1f
|
@ -1,2 +1,2 @@
|
|||
SRC_DIR="src"
|
||||
TIS_PATCH_VER=95
|
||||
TIS_PATCH_VER=96
|
||||
|
|
|
@ -7,7 +7,7 @@ platform::params::controller_hostname: controller
|
|||
platform::params::controller_0_hostname: controller-0
|
||||
platform::params::controller_1_hostname: controller-1
|
||||
platform::params::pxeboot_hostname: pxecontroller
|
||||
platform::params::security_feature: nopti nospectre_v2
|
||||
platform::params::security_feature: nopti nospectre_v2 nospectre_v1
|
||||
platform::amqp::auth_user: guest
|
||||
platform::users::params::sysadmin_password_max_age: 45
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
class platform::grub
|
||||
{
|
||||
include ::platform::params
|
||||
$managed_security_params = 'nopti nospectre_v2'
|
||||
$managed_security_params = 'nopti nospectre_v2 nospectre_v1'
|
||||
|
||||
# Run grubby to update params
|
||||
# First, remove all the parameters we manage, then we add back in the ones
|
||||
|
|
Loading…
Reference in New Issue