From a5085a0dacaa2c725df7aaa3a77005687cabe1ff Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Fri, 21 Dec 2018 18:45:44 +0300
Subject: [PATCH] Add kernel command line options enabling mitigations of
 side-channel attacks

---
 kconfig-hardened-check.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index fd7c50c..2c045d5 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -17,6 +17,12 @@
 #    kernel.kptr_restrict=1
 #    lockdown=1
 #
+#    spectre_v2=on
+#    pti=on
+#    spec_store_bypass_disable=on
+#    l1tf=full,force
+#
+#
 # N.B. Hardening sysctl's:
 #    net.core.bpf_jit_harden
 #
-- 
2.31.1