| 1234567891011121314151617 |
- # Basic kernel hardening options (specific to x86)
- # Modern libc no longer needs a fixed-position mapping in userspace, remove
- # it as a possible target.
- CONFIG_LEGACY_VSYSCALL_NONE=y
- # Enable chip-specific IOMMU support.
- CONFIG_INTEL_IOMMU=y
- CONFIG_INTEL_IOMMU_DEFAULT_ON=y
- CONFIG_INTEL_IOMMU_SVM=y
- CONFIG_AMD_IOMMU=y
- # Enforce CET Indirect Branch Tracking in the kernel.
- CONFIG_X86_KERNEL_IBT=y
- # Enable CET Shadow Stack for userspace.
- CONFIG_X86_USER_SHADOW_STACK=y
|
