From: Alexander Popov Date: Fri, 20 Mar 2020 19:48:15 +0000 (+0300) Subject: Update KSPP recommendations X-Git-Tag: v0.5.5~7 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0e4ee10bbfe1158a30eb88095fbb58fae39ce23d;p=kconfig-hardened-check.git Update KSPP recommendations --- diff --git a/config_files/kspp-recommendations/kspp-recommendations-arm.config b/config_files/kspp-recommendations/kspp-recommendations-arm.config index 9aaceb9..3c6c037 100644 --- a/config_files/kspp-recommendations/kspp-recommendations-arm.config +++ b/config_files/kspp-recommendations/kspp-recommendations-arm.config @@ -1,5 +1,5 @@ # CONFIGs -# Linux/arm 4.20.0 Kernel Configuration +# Linux/arm 5.4.0 Kernel Configuration # Report BUG() conditions and kill the offending process. CONFIG_BUG=y diff --git a/config_files/kspp-recommendations/kspp-recommendations-arm64.config b/config_files/kspp-recommendations/kspp-recommendations-arm64.config index b397673..013263c 100644 --- a/config_files/kspp-recommendations/kspp-recommendations-arm64.config +++ b/config_files/kspp-recommendations/kspp-recommendations-arm64.config @@ -1,5 +1,5 @@ # CONFIGs -# Linux/arm64 4.20.0 Kernel Configuration +# Linux/arm64 5.4.0 Kernel Configuration # Report BUG() conditions and kill the offending process. CONFIG_BUG=y diff --git a/config_files/kspp-recommendations/kspp-recommendations-x86-32.config b/config_files/kspp-recommendations/kspp-recommendations-x86-32.config index 04bdced..477d75c 100644 --- a/config_files/kspp-recommendations/kspp-recommendations-x86-32.config +++ b/config_files/kspp-recommendations/kspp-recommendations-x86-32.config @@ -1,5 +1,5 @@ # CONFIGs -# Linux/i386 4.20.0 Kernel Configuration +# Linux/i386 5.4.0 Kernel Configuration # Report BUG() conditions and kill the offending process. CONFIG_BUG=y @@ -165,3 +165,10 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 # Randomize position of kernel. CONFIG_RANDOMIZE_BASE=y +# Enable Kernel Page Table Isolation to remove an entire class of cache timing side-channels. +CONFIG_PAGE_TABLE_ISOLATION=y + +# Don't allow for 16-bit program emulation and associated LDT tricks. +# CONFIG_MODIFY_LDT_SYSCALL is not set + + diff --git a/config_files/kspp-recommendations/kspp-recommendations-x86-64.config b/config_files/kspp-recommendations/kspp-recommendations-x86-64.config index a0ba882..de19f33 100644 --- a/config_files/kspp-recommendations/kspp-recommendations-x86-64.config +++ b/config_files/kspp-recommendations/kspp-recommendations-x86-64.config @@ -1,5 +1,5 @@ # CONFIGs -# Linux/x86_64 4.20.0 Kernel Configuration +# Linux/x86_64 5.4.0 Kernel Configuration # Report BUG() conditions and kill the offending process. CONFIG_BUG=y @@ -149,8 +149,7 @@ CONFIG_GCC_PLUGIN_STACKLEAK=y # use with caution or also use CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y CONFIG_GCC_PLUGIN_RANDSTRUCT=y - -#x86_64 +# x86_64 # Full 64-bit means PAE and NX bit. CONFIG_X86_64=y