Add kernel command line options enabling mitigations of side-channel attacks

author Alexander Popov <alex.popov@linux.com>

Fri, 21 Dec 2018 15:45:44 +0000 (18:45 +0300)

committer Alexander Popov <alex.popov@linux.com>

Fri, 21 Dec 2018 15:45:44 +0000 (18:45 +0300)
author Alexander Popov <alex.popov@linux.com>
Fri, 21 Dec 2018 15:45:44 +0000 (18:45 +0300)
committer Alexander Popov <alex.popov@linux.com>
Fri, 21 Dec 2018 15:45:44 +0000 (18:45 +0300)
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py

index fd7c50c7283659a0513697436e6c7abe30d63434..2c045d56a0fea3efe59a0fdac2067797c072273c 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -17,6 +17,12 @@
  #    kernel.kptr_restrict=1
  #    lockdown=1
  #
+#    spectre_v2=on
+#    pti=on
+#    spec_store_bypass_disable=on
+#    l1tf=full,force
+#
+#
  # N.B. Hardening sysctl's:
  #    net.core.bpf_jit_harden
  #
author	Alexander Popov <alex.popov@linux.com>
	Fri, 21 Dec 2018 15:45:44 +0000 (18:45 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Fri, 21 Dec 2018 15:45:44 +0000 (18:45 +0300)