From: Alexander Popov Date: Mon, 27 May 2019 14:42:53 +0000 (+0300) Subject: Add more kernel command line parameters to comments X-Git-Tag: v0.5.2~27 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=8cd5f6e87d722a75fb55163050b7e98c4cb8aaa1;p=kconfig-hardened-check.git Add more kernel command line parameters to comments Going to use them in future --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index 692d192..b1dd5eb 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -18,11 +18,19 @@ # kernel.kptr_restrict=1 # lockdown=1 # -# spectre_v2=on -# pti=on -# spec_store_bypass_disable=on -# l1tf=full,force -# +# Mitigations of CPU vulnerabilities: +# Аrch-independent: +# mitigations=auto,nosmt +# X86: +# spectre_v2=on +# pti=on +# spec_store_bypass_disable=on +# l1tf=full,force +# mds=full,nosmt +# ARM64: +# ? CONFIG_HARDEN_BRANCH_PREDICTOR +# kpti=on +# ssbd=force-on # # N.B. Hardening sysctl's: # net.core.bpf_jit_harden