Many aspects of the Linux Kernel can be controlled via boot parameters. Knowing what kernel parameters your hosts have been booted with can help you to evaluate if there are any settings which may degrade security.
For example, are any of your hosts booted with noibrs
, noibpb
, nopti
, nospectre_v2
, nospectre_v1
, l1tf=off
, nospec_store_bypass_disable
no_stf_barrier
, mds=off
, tsx=on
, tsx_async_abort=off
, or mitigations=off
? If so, your systems are probably fast, but they are also less secure.
Inventory
-
Kernel Boot Params
- Derived from
/proc/cmdline
Dependencies
This module has no dependencies