From 7f44ca544260614e83dc976bfccff86035930e0e Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Sat, 6 Jan 2018 21:14:22 +0000
Subject: [PATCH] doc: Security update in top level readme.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 98d58762c..94e5943ad 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@
 
 [![CircleCI](https://circleci.com/gh/linuxkit/linuxkit.svg?style=svg)](https://circleci.com/gh/linuxkit/linuxkit)
 
+**Security Update 06/01/2018: All LinuxKit `x86_64` kernels now have KPTI enabled by default. This protects against [Meltdown](https://meltdownattack.com/meltdown.pdf). Defences against [Spectre](https://spectreattack.com/spectre.pdf) are work in progress upstream. All kernels also contain the fix in the eBPF verifier used in some of the exploits. The `arm64` kernels are not yet fixed. See [Greg KH's blogpost](http://kroah.com/log/blog/2018/01/06/meltdown-status/) for details.**
+
 LinuxKit, a toolkit for building custom minimal, immutable Linux distributions.
 
 - Secure defaults without compromising usability