| security.7 (bc02c18c486fce2ca23b428a9e89b4eb3bb48da3) | security.7 (ea6020830c8f88e2b844ae9700c8ef58fbb51c75) |
|---|---|
| 1.\" Copyright (C) 1998 Matthew Dillon. All rights reserved. 2.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. 3.\" 4.\" Parts of this documentation were written by 5.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship 6.\" from the FreeBSD Foundation. 7.\" 8.\" Redistribution and use in source and binary forms, with or without --- 14 unchanged lines hidden (view full) --- 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.\" $FreeBSD$ 30.\" | 1.\" Copyright (C) 1998 Matthew Dillon. All rights reserved. 2.\" Copyright (c) 2019 The FreeBSD Foundation, Inc. 3.\" 4.\" Parts of this documentation were written by 5.\" Konstantin Belousov <kib@FreeBSD.org> under sponsorship 6.\" from the FreeBSD Foundation. 7.\" 8.\" Redistribution and use in source and binary forms, with or without --- 14 unchanged lines hidden (view full) --- 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.\" $FreeBSD$ 30.\" |
| 31.Dd February 4, 2020 | 31.Dd May 16, 2020 |
| 32.Dt SECURITY 7 33.Os 34.Sh NAME 35.Nm security 36.Nd introduction to security under FreeBSD 37.Sh DESCRIPTION 38Security is a function that begins and ends with the system administrator. 39While all --- 947 unchanged lines hidden (view full) --- 987tables are sanitized to prevent so-called Meltdown information leak on 988some Intel CPUs. 989By default, the system detects whether the CPU needs the workaround, 990and enables it automatically. 991See also 992.Xr proccontrol 1 993mode 994.Dv kpti . | 32.Dt SECURITY 7 33.Os 34.Sh NAME 35.Nm security 36.Nd introduction to security under FreeBSD 37.Sh DESCRIPTION 38Security is a function that begins and ends with the system administrator. 39While all --- 947 unchanged lines hidden (view full) --- 987tables are sanitized to prevent so-called Meltdown information leak on 988some Intel CPUs. 989By default, the system detects whether the CPU needs the workaround, 990and enables it automatically. 991See also 992.Xr proccontrol 1 993mode 994.Dv kpti . |
| 995.It Dv machdep.mitigations.flush_rsb_ctxsw 996amd64. 997Controls Return Stack Buffer flush on context switch, to prevent 998cross-process ret2spec attacks. 999Only needed, and only enabled by default, if the machine 1000supports SMEP, otherwise IBRS would do necessary flushing on kernel 1001entry anyway. |
|
| 995.It Dv hw.mds_disable 996amd64 and i386. 997Controls Microarchitectural Data Sampling hardware information leak 998mitigation. 999.It Dv hw.spec_store_bypass_disable 1000amd64 and i386. 1001Controls Speculative Store Bypass hardware information leak mitigation. 1002.It Dv hw.ibrs_disable --- 93 unchanged lines hidden --- | 1002.It Dv hw.mds_disable 1003amd64 and i386. 1004Controls Microarchitectural Data Sampling hardware information leak 1005mitigation. 1006.It Dv hw.spec_store_bypass_disable 1007amd64 and i386. 1008Controls Speculative Store Bypass hardware information leak mitigation. 1009.It Dv hw.ibrs_disable --- 93 unchanged lines hidden --- |