summaryrefslogtreecommitdiff
path: root/arch/x86/configs/hardening.config
blob: 19bb0c7a7669305cb11fbacb1d7583431596ef45 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Basic kernel hardening options (specific to x86)

# Modern libc no longer needs a fixed-position mapping in userspace, remove
# it as a possible target.
CONFIG_LEGACY_VSYSCALL_NONE=y

# Enable chip-specific IOMMU support.
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_SVM=y
CONFIG_AMD_IOMMU=y
CONFIG_AMD_IOMMU_V2=y

# Enable CET Shadow Stack for userspace.
CONFIG_X86_USER_SHADOW_STACK=y