summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-22 21:27:20 -0600
committerJohn Estabrook <jestabro@vyos.io>2024-01-23 10:32:15 -0600
commit256346a66cc3bb20e93c68245ebca2f68f42e7b5 (patch)
treeeb4c7c191a126ecd6c4e9dec1da224c0b60b60fe
parent1b1569d5b88a20994fc65fd529f8103db371bf3f (diff)
downloadvyos-1x-256346a66cc3bb20e93c68245ebca2f68f42e7b5.tar.gz
vyos-1x-256346a66cc3bb20e93c68245ebca2f68f42e7b5.zip
T5979: add configurable kernel boot option 'disable-mitigations'
-rw-r--r--interface-definitions/system_option.xml.in13
-rwxr-xr-xsrc/conf_mode/system_option.py11
2 files changed, 22 insertions, 2 deletions
diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in
index adb45bdcc..602d7d100 100644
--- a/interface-definitions/system_option.xml.in
+++ b/interface-definitions/system_option.xml.in
@@ -32,6 +32,19 @@
<constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage>
</properties>
</leafNode>
+ <node name="kernel">
+ <properties>
+ <help>Kernel boot parameters</help>
+ </properties>
+ <children>
+ <leafNode name="disable-mitigations">
+ <properties>
+ <help>Disable all optional CPU mitigations</help>
+ <valueless/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
<leafNode name="keyboard-layout">
<properties>
<help>System keyboard layout, type ISO2</help>
diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py
index d92121b3d..3b5b67437 100755
--- a/src/conf_mode/system_option.py
+++ b/src/conf_mode/system_option.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -22,6 +22,7 @@ from time import sleep
from vyos.config import Config
from vyos.configverify import verify_source_interface
+from vyos.system import grub_util
from vyos.template import render
from vyos.utils.process import cmd
from vyos.utils.process import is_systemd_service_running
@@ -39,7 +40,6 @@ time_format_to_locale = {
'24-hour': 'en_GB.UTF-8'
}
-
def get_config(config=None):
if config:
conf = config
@@ -87,6 +87,13 @@ def verify(options):
def generate(options):
render(curlrc_config, 'system/curlrc.j2', options)
render(ssh_config, 'system/ssh_config.j2', options)
+
+ cmdline_options = []
+ if 'kernel' in options:
+ if 'disable_mitigations' in options['kernel']:
+ cmdline_options.append('mitigations=off')
+ grub_util.update_kernel_cmdline_options(' '.join(cmdline_options))
+
return None
def apply(options):