L1 Terminal Fault (L1TF) is a hardware vulnerability which allows unprivileged
speculative access to data which is available in the Level 1 Data Cache when
the page table entry isn't present.
Select the appropriate mitigation by adding the argument
l1tf= to the default
GRUB 2 command line for the Linux operating system.
To ensure that l1tf= is added as a kernel command line
argument to newly installed kernels, add l1tf= to the
default Grub2 command line for Linux operating systems. Modify the line within
/etc/default/grub as shown below:
GRUB_CMDLINE_LINUX="... l1tf= ..."
Run the following command to update command line for already installed kernels:# grubby --update-kernel=ALL --args="l1tf="
Since Linux Kernel 4.19 you can check the L1TF vulnerability state with the
following command:
cat /sys/devices/system/cpu/vulnerabilities/l1tf