fix: update KARGS.md for change to IOMMU

Author: spaceoden

content/articles/KARGS.md

@@ -25,7 +25,7 @@ Stable kargs that are always applied by the `set-kargs-hardening` ujust script.
 - `lockdown=confidentiality`: Enable kernel lockdown in the strictest mode.
 - `random.trust_cpu=off`: Disable CPU-based entropy sources, as it's not auditable and has resulted in vulnerabilities.
 - `random.trust_bootloader=off`: Disable trusting the use of the seed passed by the bootloader.
-- `iommu=force`, `intel_iommu=on` and `amd_iommu=force_isolation`: Mitigate DMA attacks by enabling IOMMU.
+- `iommu=force` and `intel_iommu=on`: Mitigate DMA attacks by enabling IOMMU.
 - `iommu.passthrough=0`: Disable IOMMU bypass.
 - `iommu.strict=1`: Synchronously invalidate IOMMU hardware TLBs.
 - `pti=on`: Enable kernel page table isolation.
@@ -61,3 +61,4 @@ Sets of additional kargs that can be selectively set alongside the standard karg
 - `efi=disable_early_pci_dma`: Fill IOMMU protection gap by setting the BUSMASTER bit during early boot
 - `debugfs=off`: Disable debugfs to prevent exposure of sensitive kernel information
 - `gather_data_sampling=force`: Mitigate unprivileged speculative access to data by using the microcode mitigation when available, or by disabling AVX on affected systems where the microcode hasn’t been updated to include the mitigation.
+- `amd_iommu=force_isolation`: Mitigate DMA attacks by enabling IOMMU.