From a5085a0dacaa2c725df7aaa3a77005687cabe1ff Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Fri, 21 Dec 2018 18:45:44 +0300 Subject: [PATCH] Add kernel command line options enabling mitigations of side-channel attacks --- kconfig-hardened-check.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py index fd7c50c..2c045d5 100755 --- a/kconfig-hardened-check.py +++ b/kconfig-hardened-check.py @@ -17,6 +17,12 @@ # kernel.kptr_restrict=1 # lockdown=1 # +# spectre_v2=on +# pti=on +# spec_store_bypass_disable=on +# l1tf=full,force +# +# # N.B. Hardening sysctl's: # net.core.bpf_jit_harden # -- 2.31.1