projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Mention that nosmt is slow
[kconfig-hardened-check.git] / kconfig_hardened_check / __init__.py
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 28ab04e105d342f201f51a2986619e739460f8b4..563091cd77abb9727e8b647fc59847bd1245bcaa 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -15,15 +15,14 @@
 #    page_alloc.shuffle=1
 #    iommu=force (does it help against DMA attacks?)
 #    slub_debug=FZ (slow)
-#    page_poison=1 (if enabled)
-#    init_on_alloc=1
-#    init_on_free=1
+#    init_on_alloc=1 (since v5.3)
+#    init_on_free=1 (since v5.3, otherwise slub_debug=P and page_poison=1)
 #    loadpin.enforce=1
 #    debugfs=no-mount (or off if possible)
 #
 #    Mitigations of CPU vulnerabilities:
 #       Аrch-independent:
-#           mitigations=auto,nosmt
+#           mitigations=auto,nosmt (nosmt is slow)
 #       X86:
 #           spectre_v2=on
 #           pti=on
kconfig-hardened-check