X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;ds=sidebyside;f=kconfig-hardened-check.py;h=b1dd5eb1e824d9059bde8cb3f2cceea09531e10b;hb=46cd88746c8b84d7e02cb41b0c9d52a0accb1326;hp=692d1922a3d8c6b635daa540ab7102134f2cbe94;hpb=4d3138f62afa719ec5bf696ced214f7342d98dec;p=kconfig-hardened-check.git

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 692d192..b1dd5eb 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -18,11 +18,19 @@
 #    kernel.kptr_restrict=1
 #    lockdown=1
 #
-#    spectre_v2=on
-#    pti=on
-#    spec_store_bypass_disable=on
-#    l1tf=full,force
-#
+#    Mitigations of CPU vulnerabilities:
+#       Аrch-independent:
+#           mitigations=auto,nosmt
+#       X86:
+#           spectre_v2=on
+#           pti=on
+#           spec_store_bypass_disable=on
+#           l1tf=full,force
+#           mds=full,nosmt
+#       ARM64:
+#           ? CONFIG_HARDEN_BRANCH_PREDICTOR
+#           kpti=on
+#           ssbd=force-on
 #
 # N.B. Hardening sysctl's:
 #    net.core.bpf_jit_harden