disabling CPU MSRs breaks CPU temperature control

Disabling CPU MSRs is OK in VMs (where it probably does nothing except getting rid of a kernel module) but problematic on the host in context of a host running Kicksecure or Whonix-Host.

It breaks CPU temperature control. A high(er) than expected CPU temperature might wear down the CPU more quickly. Also spend more energy than expected (this might be more important in large scale deployments such as servers farms).

sudo apt install linux-cpupower
sudo cpupower frequency-set --governor powersave

modprobe: ERROR: …/libkmod/libkmod-module.c:979 command_do() Error running install command for msr
modprobe: ERROR: could not insert ‘msr’: Operation not permitted

security-misc issue. Requires removal of

install msr /bin/false

from file

/etc/modprobe.d/30_security-misc.conf

Might also break Debian -- Details of package thermald in buster

This was originally introduced because of this:

2 Likes

Solution remove this setting from security-misc?

Somehow make it available in vms vs baremetal if there is a major sec benefit otherwise drop?

2 Likes

https://www.reddit.com/r/Kicksecure/comments/1bjyvm5/should_i_enable_back_msr_kernel_module/