Fedora通过Grubby禁用Spectre V1和l1tf

时间:2019-01-24 23:44:02

标签: security intel fedora

我已经运行了以下命令:

grubby --args="pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier nopti" --update-kernel /boot/vmlinuz-4.20.3-200.fc29.x86_64

在此之后,一些缓解措施已关闭,但仍然有更多缓解措施:

enter image description here

/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, IBPB: disabled, STIBP: disabled

我需要禁用所有缓解措施,为什么命令不起作用?我已将l1tf设置为“关闭”,但还是缓解了,幽灵v1 ?? ...

0 个答案:

没有答案