Draft: Update recommendation for newer kernel (!7) · Merge requests · Yves-Alexis Perez / hardening-runtime

Adam Schmalhofer requested to merge adaschma/hardening-runtime:adaschma-debian/master-patch-04862 into debian/master Jan 24, 2024

On Debian Sid booting with hardening-runtime unchanged gives an early boot warning about unhashed kernel memory addresses. A relevant voidvault issue[1] say: "The kernel command-line parameter slub_debug=FZ causes this message. It’s a security setting in use in Whonix and Tails, though its usage is now discouraged". As kernsec's recommendation still use it, we must consider them as obsolete/unmaintained. Instead this commit switches to the suggestions by madaidan, "a security researcher, who works on various open source projects, mainly Whonix"[2]. His recommendation is linked in the previously mentioned voidvault issue.

Current status: As this change is potentially controversial, I delayed testing and questioning if each kernel parameter makes sense for Debian's kernel.

[1] https://github.com/atweiden/voidvault/issues/9 [2] https://madaidans-insecurities.github.io/

Draft: Update recommendation for newer kernel

Merge request reports