{"id":"rhel9-full-stack-hardware-to-data-defense","text":"RHEL 9 defense-in-depth extends from hardware-level CPU mitigations (SMT disable for L1TF/MDS, BPF JIT hardening, unprivileged BPF restrictions) through cryptographic policy enforcement to data-at-rest protection (LUKS2/NBDE encryption and SELinux/MCS mandatory access control), ensuring no single layer's compromise alone exposes stored data.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"rhel9-full-stack-hardware-to-data-defense","truth_value":"IN","reason":"premise"}]}}