# Basic kernel hardening options (specific to x86) # Modern libc no longer needs a fixed-position mapping in userspace, remove # it as a possible target. CONFIG_LEGACY_VSYSCALL_NONE=y # Enable chip-specific IOMMU support. CONFIG_INTEL_IOMMU=y CONFIG_INTEL_IOMMU_DEFAULT_ON=y CONFIG_INTEL_IOMMU_SVM=y CONFIG_AMD_IOMMU=y CONFIG_AMD_IOMMU_V2=y # Enable CET Shadow Stack for userspace. CONFIG_X86_USER_SHADOW_STACK=y