security-misc icon indicating copy to clipboard operation
security-misc copied to clipboard
verified publisher icon Kicksecure

Flawed use of `mitigations=auto,nosmt`

Open raja-grewal opened this issue 3 months ago • 0 comments

This pull request addresses a misconception with our use of mitigations=auto,nosmt. It adds documentation explaining why the kernel boot parameter is redundant and not sufficient if maximum security hardening is the goal.

See https://github.com/Kicksecure/security-misc/issues/199#issuecomment-3327391859 for further details.

Changes

There are no changes to the functionality of the codebase.

Disabled explicitly using mitigations=auto,nosmt as it is enabled by default.

It was initially added by me in https://github.com/Kicksecure/security-misc/pull/197 based on suggestions from others inside https://github.com/Kicksecure/security-misc/issues/177 and https://github.com/Kicksecure/security-misc/issues/199.

Mandatory Checklist

  • [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements:

Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

Optional Checklist

The following items are optional but might be requested in certain cases.

  • [x] I have tested it locally
  • [x] I have reviewed and updated any documentation if relevant
  • [ ] I am providing new code and test(s) for it

raja-grewal avatar Sep 27 '25 06:09 raja-grewal