X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fconfig_files%2Fkspp-recommendations%2Fkspp-recommendations-arm.config;h=3bba331d2d43146a766561d3e9ed1a2a083baa8e;hb=6d0bc7d9064a4aab282068cb658517f0edaa0d31;hp=3c6c0375e0b86b63e68b9d4f5e99b8b621c60ac1;hpb=1aa2467c554732ba3ac1318d4070817b077645e2;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
index 3c6c037..3bba331 100644
--- a/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
+++ b/kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config
@@ -1,5 +1,5 @@
 # CONFIGs
-# Linux/arm 5.4.0 Kernel Configuration
+# Linux/arm 5.14.0 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -80,6 +80,9 @@ CONFIG_REFCOUNT_FULL=y
 # Check for memory copies that might overflow a structure in str*() and mem*() functions both at build-time and run-time.
 CONFIG_FORTIFY_SOURCE=y
 
+# Avoid kernel memory address exposures via dmesg (sets sysctl kernel.dmesg_restrict initial value to 1)
+CONFIG_SECURITY_DMESG_RESTRICT=y
+
 # Dangerous; enabling this allows direct physical memory writing.
 # CONFIG_ACPI_CUSTOM_METHOD is not set
 
@@ -149,7 +152,6 @@ CONFIG_GCC_PLUGIN_STACKLEAK=y
 # use with caution or also use CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y
 CONFIG_GCC_PLUGIN_RANDSTRUCT=y
 
-
 # arm
 
 CONFIG_ARM=y
@@ -165,3 +167,5 @@ CONFIG_CPU_SW_DOMAIN_PAN=y
 
 # Dangerous; old interfaces and needless additional attack surface.
 # CONFIG_OABI_COMPAT is not set
+
+