Add more kernel command line parameters to comments

author Alexander Popov <alex.popov@linux.com>

Mon, 27 May 2019 14:42:53 +0000 (17:42 +0300)

committer Alexander Popov <alex.popov@linux.com>

Mon, 27 May 2019 14:42:53 +0000 (17:42 +0300)
author Alexander Popov <alex.popov@linux.com>
Mon, 27 May 2019 14:42:53 +0000 (17:42 +0300)
committer Alexander Popov <alex.popov@linux.com>
Mon, 27 May 2019 14:42:53 +0000 (17:42 +0300)
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py

index 692d1922a3d8c6b635daa540ab7102134f2cbe94..b1dd5eb1e824d9059bde8cb3f2cceea09531e10b 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -18,11 +18,19 @@
  #    kernel.kptr_restrict=1
  #    lockdown=1
  #
-#    spectre_v2=on
-#    pti=on
-#    spec_store_bypass_disable=on
-#    l1tf=full,force
-#
+#    Mitigations of CPU vulnerabilities:
+#       Аrch-independent:
+#           mitigations=auto,nosmt
+#       X86:
+#           spectre_v2=on
+#           pti=on
+#           spec_store_bypass_disable=on
+#           l1tf=full,force
+#           mds=full,nosmt
+#       ARM64:
+#           ? CONFIG_HARDEN_BRANCH_PREDICTOR
+#           kpti=on
+#           ssbd=force-on
  #
  # N.B. Hardening sysctl's:
  #    net.core.bpf_jit_harden
author	Alexander Popov <alex.popov@linux.com>
	Mon, 27 May 2019 14:42:53 +0000 (17:42 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Mon, 27 May 2019 14:42:53 +0000 (17:42 +0300)