From 4a8e33401dcf453130e82ba78505bf9082dbe381 Mon Sep 17 00:00:00 2001
From: Benjamin Gilbert <bgilbert@redhat.com>
Date: Thu, 16 May 2019 20:08:59 -0400
Subject: [PATCH] Have the kernel conditionally disable SMT if vulnerable

https://github.com/coreos/fedora-coreos-tracker/issues/181
---
 image.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/image.yaml b/image.yaml
index d8375864cf..8ec520bdb5 100644
--- a/image.yaml
+++ b/image.yaml
@@ -1,8 +1,11 @@
 # This replaces image.ks
 # size is the target disk size in GB.
-# Currently, it is the only supported key.
 size: 8
 
+extra-kargs:
+    # Disable SMT on systems vulnerable to MDS or any similar future issue.
+    - mitigations=auto,nosmt
+
 # After this, we plan to add support for the Ignition
 # storage/filesystems sections.  (Although one can do
 # that on boot as well)