X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=563091cd77abb9727e8b647fc59847bd1245bcaa;hb=361e571e1926ee172f22f9aad990158e2c03651d;hp=28ab04e105d342f201f51a2986619e739460f8b4;hpb=4c4f25270de55449874e018879652d2fd4668663;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 28ab04e..563091c 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -15,15 +15,14 @@
 #    page_alloc.shuffle=1
 #    iommu=force (does it help against DMA attacks?)
 #    slub_debug=FZ (slow)
-#    page_poison=1 (if enabled)
-#    init_on_alloc=1
-#    init_on_free=1
+#    init_on_alloc=1 (since v5.3)
+#    init_on_free=1 (since v5.3, otherwise slub_debug=P and page_poison=1)
 #    loadpin.enforce=1
 #    debugfs=no-mount (or off if possible)
 #
 #    Mitigations of CPU vulnerabilities:
 #       Аrch-independent:
-#           mitigations=auto,nosmt
+#           mitigations=auto,nosmt (nosmt is slow)
 #       X86:
 #           spectre_v2=on
 #           pti=on