From 8cd5f6e87d722a75fb55163050b7e98c4cb8aaa1 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Mon, 27 May 2019 17:42:53 +0300 Subject: [PATCH] Add more kernel command line parameters to comments Going to use them in future --- kconfig-hardened-check.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index 692d192..b1dd5eb 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -18,11 +18,19 @@ # kernel.kptr_restrict=1 # lockdown=1 # -# spectre_v2=on -# pti=on -# spec_store_bypass_disable=on -# l1tf=full,force -# +# Mitigations of CPU vulnerabilities: +# Аrch-independent: +# mitigations=auto,nosmt +# X86: +# spectre_v2=on +# pti=on +# spec_store_bypass_disable=on +# l1tf=full,force +# mds=full,nosmt +# ARM64: +# ? CONFIG_HARDEN_BRANCH_PREDICTOR +# kpti=on +# ssbd=force-on # # N.B. Hardening sysctl's: # net.core.bpf_jit_harden -- 2.31.1