diff options
Diffstat (limited to 'archsetup')
| -rwxr-xr-x | archsetup | 40 |
1 files changed, 12 insertions, 28 deletions
@@ -493,14 +493,6 @@ is_btrfs_root() { [ "$(findmnt -n -o FSTYPE /)" = "btrfs" ] } -# CPU Detection -is_amd_zen5() { - # Returns 0 (true) if CPU is AMD Zen 5 (family 26/0x1a) - # Used to detect CPUs affected by RDSEED32 bug (CVE-2025-62626) - grep -q "AuthenticAMD" /proc/cpuinfo && \ - grep -E "^cpu family" /proc/cpuinfo | head -1 | grep -q ": 26$" -} - # Encryption Detection is_encrypted_root() { # Returns 0 (true) if root filesystem is on an encrypted volume @@ -1089,6 +1081,18 @@ EOF action="enabling geoclue geolocation service" && display "task" "$action" systemctl enable geoclue.service >> "$logfile" 2>&1 || error_warn "$action" "$?" + # Whitelist gammastep in geoclue (prevents "unable to obtain geoclue client path" error) + action="whitelisting gammastep in geoclue" && display "task" "$action" + if ! grep -q "^\[gammastep\]" /etc/geoclue/geoclue.conf 2>/dev/null; then + cat >> /etc/geoclue/geoclue.conf << 'EOF' + +[gammastep] +allowed=true +system=false +users= +EOF + fi + # Fix dbus-broker race condition with sysusers (geoclue user must exist before dbus parses service files) action="configuring dbus-broker to wait for sysusers" && display "task" "$action" mkdir -p /etc/systemd/system/dbus-broker.service.d @@ -1951,26 +1955,6 @@ EOF sed -i "s/.*GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"rw loglevel=2 rd.systemd.show_status=auto rd.udev.log_level=2 nvme.noacpi=1 mem_sleep_default=deep nowatchdog random.trust_cpu=off quiet splash\"/g" /etc/default/grub fi - # Hardware-specific workarounds - display "subtitle" "Hardware Workarounds" - - # AMD Zen 5 RDSEED32 bug (CVE-2025-62626) - # Zen 5 CPUs have a broken RDSEED instruction that causes kernel warnings at boot. - # Adding clearcpuid=rdseed disables the instruction via CPUID masking, suppressing - # the "RDSEED32 is broken. Disabling the corresponding CPUID bit." message. - # This is cosmetic - the kernel already disables RDSEED when it detects the bug. - if is_amd_zen5; then - action="applying AMD Zen 5 RDSEED32 workaround (CVE-2025-62626)" && display "task" "$action" - if [ -f /etc/default/grub ]; then - # Add clearcpuid=rdseed if not already present - if ! grep -q "clearcpuid=rdseed" /etc/default/grub; then - sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="\(.*\)"/GRUB_CMDLINE_LINUX_DEFAULT="\1 clearcpuid=rdseed"/' /etc/default/grub - fi - fi - else - display "task" "no hardware workarounds needed" - fi - # Regenerate GRUB config after all modifications if [ -f /etc/default/grub ]; then action="generating grub configuration" && display "task" "$action" |