diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-22 21:27:20 -0600 |
---|---|---|
committer | John Estabrook <jestabro@vyos.io> | 2024-01-23 10:32:15 -0600 |
commit | 256346a66cc3bb20e93c68245ebca2f68f42e7b5 (patch) | |
tree | eb4c7c191a126ecd6c4e9dec1da224c0b60b60fe | |
parent | 1b1569d5b88a20994fc65fd529f8103db371bf3f (diff) | |
download | vyos-1x-256346a66cc3bb20e93c68245ebca2f68f42e7b5.tar.gz vyos-1x-256346a66cc3bb20e93c68245ebca2f68f42e7b5.zip |
T5979: add configurable kernel boot option 'disable-mitigations'
-rw-r--r-- | interface-definitions/system_option.xml.in | 13 | ||||
-rwxr-xr-x | src/conf_mode/system_option.py | 11 |
2 files changed, 22 insertions, 2 deletions
diff --git a/interface-definitions/system_option.xml.in b/interface-definitions/system_option.xml.in index adb45bdcc..602d7d100 100644 --- a/interface-definitions/system_option.xml.in +++ b/interface-definitions/system_option.xml.in @@ -32,6 +32,19 @@ <constraintErrorMessage>Must be ignore, reboot, or poweroff</constraintErrorMessage> </properties> </leafNode> + <node name="kernel"> + <properties> + <help>Kernel boot parameters</help> + </properties> + <children> + <leafNode name="disable-mitigations"> + <properties> + <help>Disable all optional CPU mitigations</help> + <valueless/> + </properties> + </leafNode> + </children> + </node> <leafNode name="keyboard-layout"> <properties> <help>System keyboard layout, type ISO2</help> diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py index d92121b3d..3b5b67437 100755 --- a/src/conf_mode/system_option.py +++ b/src/conf_mode/system_option.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2023 VyOS maintainers and contributors +# Copyright (C) 2019-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,6 +22,7 @@ from time import sleep from vyos.config import Config from vyos.configverify import verify_source_interface +from vyos.system import grub_util from vyos.template import render from vyos.utils.process import cmd from vyos.utils.process import is_systemd_service_running @@ -39,7 +40,6 @@ time_format_to_locale = { '24-hour': 'en_GB.UTF-8' } - def get_config(config=None): if config: conf = config @@ -87,6 +87,13 @@ def verify(options): def generate(options): render(curlrc_config, 'system/curlrc.j2', options) render(ssh_config, 'system/ssh_config.j2', options) + + cmdline_options = [] + if 'kernel' in options: + if 'disable_mitigations' in options['kernel']: + cmdline_options.append('mitigations=off') + grub_util.update_kernel_cmdline_options(' '.join(cmdline_options)) + return None def apply(options): |