X870-RTB kernel: Unsupported mitigations=off,nowatchdog,udev.log_priority=3, system may still be vulnerable

When I boot up I get this message:-

X870-RTB kernel: Unsupported mitigations=off,nowatchdog,udev.log_priority=3, system may still be vulnerable
Kernel: 6.12.4-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 14.2.1
    clocksource: tsc avail: hpet,acpi_pm
    parameters: BOOT_IMAGE=/boot/vmlinuz-6.12-x86_64
    root=UUID=9fb3e1d9-3b14-40d0-a8d1-7907cafe2031 rw quiet splash
    udev.log_priority=3
  Desktop: KDE Plasma v: 6.2.4 tk: Qt v: N/A info: frameworks v: 6.8.0
    wm: kwin_x11 vt: 2 dm: SDDM Distro: Manjaro base: Arch Linux
Machine:
  Type: Desktop Mobo: Gigabyte model: X870 AORUS ELITE WIFI7 ICE v: x.x
    serial: <superuser required> uuid: <superuser required> UEFI: American
    Megatrends LLC. v: F3i date: 12/03/2024
Battery:
  Message: No system battery data found. Is one present?
Memory:
  System RAM: total: 32 GiB available: 30.46 GiB used: 2.46 GiB (8.1%)
  Message: For most reliable report, use superuser + dmidecode.
  Array-1: capacity: 128 GiB slots: 4 modules: 2 EC: None
    max-module-size: 32 GiB note: est.
  Device-1: Channel-A DIMM 0 type: no module installed
  Device-2: Channel-A DIMM 1 type: DDR5 detail: synchronous unbuffered
    (unregistered) size: 16 GiB speed: 6000 MT/s volts: note: check curr: 1
    min: 1 max: 1 width (bits): data: 64 total: 64 manufacturer: Corsair
    part-no: CMK32GX5M2E6000C36 serial: N/A
  Device-3: Channel-B DIMM 0 type: no module installed
  Device-4: Channel-B DIMM 1 type: DDR5 detail: synchronous unbuffered
    (unregistered) size: 16 GiB speed: 6000 MT/s volts: note: check curr: 1
    min: 1 max: 1 width (bits): data: 64 total: 64 manufacturer: Corsair
    part-no: CMK32GX5M2E6000C36 serial: N/A
PCI Slots:
  Permissions: Unable to run dmidecode. Root privileges required.
CPU:
  Info: model: AMD Ryzen 9 7900X bits: 64 type: MT MCP arch: Zen 4 gen: 4
    level: v4 note: check built: 2022+ process: TSMC n5 (5nm) family: 0x19 (25)
    model-id: 0x61 (97) stepping: 2 microcode: 0xA601209
  Topology: cpus: 1x dies: 2 clusters: 2x1 cores: 12 threads: 24 tpc: 2
    smt: enabled cache: L1: 768 KiB desc: d-12x32 KiB; i-12x32 KiB L2: 12 MiB
    desc: 12x1024 KiB L3: 64 MiB desc: 2x32 MiB

This is the contents of my /etc/default/grub file

#GRUB boot loader configuration

GRUB_DEFAULT=saved
GRUB_TIMEOUT=15
GRUB_DISTRIBUTOR='Manjaro'
GRUB_CMDLINE_LINUX_DEFAULT='mitigations=off,nowatchdog,udev.log_priority=3'
GRUB_CMDLINE_LINUX=""

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
#GRUB_ENABLE_CRYPTODISK=y

# Set to 'countdown' or 'menu' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=hidden

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'videoinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
GRUB_COLOR_NORMAL="light-gray/black"
GRUB_COLOR_HIGHLIGHT="green/black"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/usr/share/grub/background.png"
GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
GRUB_SAVEDEFAULT=true

# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y

# Uncomment this option to enable os-prober execution in the grub-mkconfig command
GRUB_DISABLE_OS_PROBER=false

# Uncomment to ensure that the root filesystem is mounted read-only so that
# systemd-fsck can run the check automatically. We use 'fsck' by default, which
# needs 'rw' as boot parameter, to avoid delay in boot-time. 'fsck' needs to be
# removed from 'mkinitcpio.conf' to make 'systemd-fsck' work.
# See also Arch-Wiki: https://wiki.archlinux.org/index.php/Fsck#Boot_time_checking
#GRUB_ROOT_FS_R#GRUB boot loader configuration

GRUB_DEFAULT=saved
GRUB_TIMEOUT=15
GRUB_DISTRIBUTOR='Manjaro'
GRUB_CMDLINE_LINUX_DEFAULT='mitigations=off,nowatchdog,udev.log_priority=3'
GRUB_CMDLINE_LINUX=""

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
#GRUB_ENABLE_CRYPTODISK=y

# Set to 'countdown' or 'menu' to change timeout behavior,
# press ESC key to display menu.
GRUB_TIMEOUT_STYLE=hidden

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'videoinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
GRUB_COLOR_NORMAL="light-gray/black"
GRUB_COLOR_HIGHLIGHT="green/black"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/usr/share/grub/background.png"
GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

# Uncomment to make GRUB remember the last selection. This requires
# setting 'GRUB_DEFAULT=saved' above.
GRUB_SAVEDEFAULT=true

# Uncomment to disable submenus in boot menu
#GRUB_DISABLE_SUBMENU=y

# Uncomment this option to enable os-prober execution in the grub-mkconfig command
GRUB_DISABLE_OS_PROBER=false

# Uncomment to ensure that the root filesystem is mounted read-only so that
# systemd-fsck can run the check automatically. We use 'fsck' by default, which
# needs 'rw' as boot parameter, to avoid delay in boot-time. 'fsck' needs to be
# removed from 'mkinitcpio.conf' to make 'systemd-fsck' work.
# See also Arch-Wiki: https://wiki.archlinux.org/index.php/Fsck#Boot_time_checking
#GRUB_ROOT_FS_RO=true
O=true

Hi @RaymondTheBrave,

That is probably because you have the mitigations=off kernel parameter. No, I don’t know how to fix it other than removing that parameter and rebuilding the grub configuration.

Also, please don’t reply to your own pos5t, rather edit it.

I have double quotes around those lines, instead of single quotes in your file.

and:

there are no commas in between the options - just a single space instead

commas do not belong there …

syntax errors …

2 Likes

This is wrong - delimiter is space

example

GRUB_CMDLINE_LINUX="nowatchdog mitigations=off zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=20"
3 Likes

Thanks all working after removing the commas.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.