From c17a22771823f30aa710a68077e02c8081edebca Mon Sep 17 00:00:00 2001
From: Dusty Mabe <dusty@dustymabe.com>
Date: Mon, 18 Oct 2021 22:11:27 -0400
Subject: [PATCH] multi-arch-builders: disable kernel mitigations for aarch64
 builder

This isn't a shared instance so we might as well use all the horsepower.
---
 multi-arch-builders/fcos-aarch64-builder.bu | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/multi-arch-builders/fcos-aarch64-builder.bu b/multi-arch-builders/fcos-aarch64-builder.bu
index 9e4767b73..e8e1d7aec 100644
--- a/multi-arch-builders/fcos-aarch64-builder.bu
+++ b/multi-arch-builders/fcos-aarch64-builder.bu
@@ -4,6 +4,7 @@
 # - Allow the builder user to log in with the associated ssh key
 #   which is shared with the pipeline. Used a ed25519 key so we
 #   don't have to worry about https://github.com/golang/go/issues/37278
+# - disable kernel mitigations (not a shared instance)
 # - Set up the podman socket for the builder user (podman remote)
 # - Build coreos-assembler on the first boot and once a day
 # - Configure zincati to allow updates at a specific time (early Monday)
@@ -13,7 +14,7 @@
 # - Configure zram
 #
 variant: fcos
-version: 1.3.0
+version: 1.4.0
 passwd:
   users:
     - name: core
@@ -23,6 +24,11 @@ passwd:
     - name: builder
       ssh_authorized_keys:
         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJJquUOL/NRZEIRrMLW0T8H/zmBQA4XMZxoI0ElwvGp builder@fcos-aarch64-builder
+kernel_arguments:
+  should_exist:
+    - mitigations=off
+  should_not_exist:
+    - mitigations=auto,nosmt
 storage:
   directories:
     - path: /home/builder/.config