cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

security.config (468B)

      1# This is the equivalent of booting with lockdown=integrity
      2CONFIG_SECURITY=y
      3CONFIG_SECURITYFS=y
      4CONFIG_SECURITY_LOCKDOWN_LSM=y
      5CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y
      6CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y
      7
      8# These are some general, reasonably inexpensive hardening options
      9CONFIG_HARDENED_USERCOPY=y
     10CONFIG_FORTIFY_SOURCE=y
     11CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
     12
     13# UBSAN bounds checking is very cheap and good for hardening
     14CONFIG_UBSAN=y
     15# CONFIG_UBSAN_MISC is not set