From: Alexander Popov Date: Fri, 21 Dec 2018 15:45:44 +0000 (+0300) Subject: Add kernel command line options enabling mitigations of side-channel attacks X-Git-Tag: v0.5.2~62 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=a5085a0dacaa2c725df7aaa3a77005687cabe1ff;p=kconfig-hardened-check.git Add kernel command line options enabling mitigations of side-channel attacks --- diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index fd7c50c..2c045d5 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -17,6 +17,12 @@ # kernel.kptr_restrict=1 # lockdown=1 # +# spectre_v2=on +# pti=on +# spec_store_bypass_disable=on +# l1tf=full,force +# +# # N.B. Hardening sysctl's: # net.core.bpf_jit_harden #