Update kernel to mitigate new MDS attacks

A very severe collection of Spectre-class hardware security vulnerabilities have been discovered which allow reading arbitrary memory. Existing Spectre defenses do not mitigate them. The only mitigation is to install new microcode updates (which add new behavior to a CPU instruction) and kernel updates (which use call those instructions at each context switch). It’s also unfortunately quite necessary to disable SMT (Hyper-Threading). On updated kernels, this can be done with mds=full,nosmt on the kernel command line. Until this is done, arbitrary memory reads are possible in Tails, potentially even from the Browser.

A proof-of-concept was also shown specifically for Tails.

See https://cpu.fail/ and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more information.

Feature Branch: bugfix/16720-linux-4.19.37-nosmt+force-all-tests

Related issues

Blocks #16209
Blocked by #16708 (closed)

Original created by @cypherpunks on 16720 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information