V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

.preseed/preseed.yaml

@@ -94,6 +94,7 @@ image: "linux-image-amd64"     # Could be a meta-package or a specific image lik
                                # "linux-image-cloud-amd64" || "linux-image-cloud-arm64"
                                # "linux-image-rt-amd64" || "linux-image-rt-arm64"
                                # "linux-image-6.12.30+bpo-amd64"
+needrun: false                 # Static linking to "${TARGET}/run" can cause problems if this data is "burned" into the target.
 
 ################################################################################################################################
 # Dropbear settings
@@ -156,11 +157,11 @@ grub_parameter:
 
   ##############################################################################################################################
   # Enables strict enforcement of IOMMU TLB invalidation, so devices will never be able to access stale data contents.
-  # iommu.passthrough=0
+  # - 'iommu.passthrough=0'
   # Prevents devices from operating in identity-mapped passthrough mode. Without this parameter (or with =1), devices could be
   # passed through without being monitored by the IOMMU in a truly restrictive manner. From a security standpoint,
-  # iommu.passthrough=0 is an important step toward DMA isolation for all devices, especially for untrusted PCI(e) devices.
-  # iommu.strict=1
+  # - 'iommu.passthrough=0' is an important step toward DMA isolation for all devices, especially for untrusted PCI(e) devices.
+  # - 'iommu.strict=1'
   # Enables Strict Mode for dma-iommu.c (i.e., all DMA transactions are validated synchronously). Without this parameter, the
   # kernel often runs in lazy mode, where mapping caches are used.
   # Performance vs. security: strict=1= more secure, but potentially slower, especially with many small DMA transfers.