titanz/Fedora-CoreOS-Ignition
1
0
Fork 0
mirror of https://github.com/TommyTran732/Fedora-CoreOS-Ignition.git synced 2025-11-04 11:08:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enable module sig enforce and lockdown=confidentiality

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy
2024-03-05 14:52:54 -07:00
parent f5411aab36
commit 2ecb5662fc
4 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
UTM-Chrony.ign
View File

@@ -12,6 +12,8 @@
"nosmt=force",
"l1d_flush=on",
"spec_rstack_overflow=safe-ret",
"module.sig_enforce=1",
"lockdown=confidentiality",
"random.trust_bootloader=off",
"random.trust_cpu=off",
"intel_iommu=on",

2
UTM-Chrony.yml
View File

@@ -192,6 +192,8 @@ kernel_arguments:
- nosmt=force
- l1d_flush=on
- spec_rstack_overflow=safe-ret
- module.sig_enforce=1
- lockdown=confidentiality
- random.trust_bootloader=off
- random.trust_cpu=off
- intel_iommu=on

2
x86-QEMU-Docker.ign
View File

@@ -12,6 +12,8 @@
"nosmt=force",
"l1d_flush=on",
"spec_rstack_overflow=safe-ret",
"module.sig_enforce=1",
"lockdown=confidentiality",
"random.trust_bootloader=off",
"random.trust_cpu=off",
"intel_iommu=on",

2
x86-QEMU-Docker.yml
View File

@@ -256,6 +256,8 @@ kernel_arguments:
- nosmt=force
- l1d_flush=on
- spec_rstack_overflow=safe-ret
- module.sig_enforce=1
- lockdown=confidentiality
- random.trust_bootloader=off
- random.trust_cpu=off
- intel_iommu=on