projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Mention that nosmt is slow
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index 28ab04e105d342f201f51a2986619e739460f8b4..563091cd77abb9727e8b647fc59847bd1245bcaa 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-15,15
+15,14
@@
# page_alloc.shuffle=1
# iommu=force (does it help against DMA attacks?)
# slub_debug=FZ (slow)
# page_alloc.shuffle=1
# iommu=force (does it help against DMA attacks?)
# slub_debug=FZ (slow)
-# page_poison=1 (if enabled)
-# init_on_alloc=1
-# init_on_free=1
+# init_on_alloc=1 (since v5.3)
+# init_on_free=1 (since v5.3, otherwise slub_debug=P and page_poison=1)
# loadpin.enforce=1
# debugfs=no-mount (or off if possible)
#
# Mitigations of CPU vulnerabilities:
# Аrch-independent:
# loadpin.enforce=1
# debugfs=no-mount (or off if possible)
#
# Mitigations of CPU vulnerabilities:
# Аrch-independent:
-# mitigations=auto,nosmt
+# mitigations=auto,nosmt
(nosmt is slow)
# X86:
# spectre_v2=on
# pti=on
# X86:
# spectre_v2=on
# pti=on