projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update the VMAP_STACK check: it is available for ARM
[kconfig-hardened-check.git] / kconfig_hardened_check / config_files / kspp-recommendations / kspp-recommendations-arm64.config
diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm64.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm64.config
index 76c212f3b592bc690634690be1d275a13bfaf6dd..50907ab4e9795e3ab86628efc3029647b90f1e74 100644 (file)
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm64.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm64.config
@@ -1,5 +1,4 @@
-# CONFIGs
-# Linux/arm64 5.17.0 Kernel Configuration
+# Linux/arm64 6.1.5 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -238,6 +237,9 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
 # Randomize position of kernel (requires UEFI RNG or bootloader support for /chosen/kaslr-seed DT property).
 CONFIG_RANDOMIZE_BASE=y
 
+# Remove arm32 support to reduce syscall attack surface.
+# CONFIG_COMPAT is not set
+
 # Make sure PAN emulation is enabled.
 CONFIG_ARM64_SW_TTBR0_PAN=y
 
kconfig-hardened-check