blob: fcb94a5d0b873e8b7be0a83c60a8fda3c0ebfee7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
# mkinitcpio preset for the 'linux-hardened' kernel. Produces a UKI at
# /boot/EFI/Linux/arch-linux-hardened.efi alongside the stock linux UKI.
# Uses its own cmdline file (etc/kernel/cmdline-linux-hardened.tmpl) to
# force `mem_sleep_default=s2idle`: this hardware's S3 firmware path
# wakes reliably on stock linux but hard-hangs the hardened kernel
# (INIT_ON_FREE + slab hardening turn a latent driver race fatal).
# Stock linux keeps the minimal etc/kernel/cmdline.tmpl. Register the
# EFI entry once with efibootmgr:
#
# sudo efibootmgr --create --disk /dev/nvme0n1 --part 1 \
# --label 'Arch Hardened' --loader '\EFI\Linux\arch-linux-hardened.efi'
#
# Boot it on demand via: sudo efibootmgr --bootnext XXXX && systemctl reboot
#ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux-hardened"
ALL_cmdline="/etc/kernel/cmdline-linux-hardened"
PRESETS=('default' 'fallback')
default_uki="/boot/EFI/Linux/arch-linux-hardened.efi"
fallback_uki="/boot/EFI/Linux/arch-linux-hardened-fallback.efi"
fallback_options="-S autodetect"
|
