projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update the KSPP recommendations
[kconfig-hardened-check.git] / kconfig_hardened_check / config_files / kspp-recommendations / kspp-recommendations-x86-64.config
diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config
index 8f67300cb3fc78455b159c0a831de4ccf50f625f..f179b4ead38def7c6cea7ce3ed5aa512f2c1d4fb 100644 (file)
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config
@@ -1,5 +1,4 @@
-# CONFIGs
-# Linux/x86_64 5.17.0 Kernel Configuration
+# Linux/x86_64 6.1.5 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -249,9 +248,11 @@ CONFIG_LEGACY_VSYSCALL_NONE=y
 # Enable Kernel Page Table Isolation to remove an entire class of cache timing side-channels.
 CONFIG_PAGE_TABLE_ISOLATION=y
 
-# Remove additional attack surface, unless you really need them.
+# Remove additional (32-bit) attack surface, unless you really need them.
+# CONFIG_COMPAT is not set
 # CONFIG_IA32_EMULATION is not set
 # CONFIG_X86_X32 is not set
+# CONFIG_X86_X32_ABI is not set
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 
 # Enable chip-specific IOMMU support. 
kconfig-hardened-check