diff options
-rw-r--r-- | features/security/security.cfg | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/features/security/security.cfg b/features/security/security.cfg index 2e2c2d0..ed84453 100644 --- a/features/security/security.cfg +++ b/features/security/security.cfg @@ -11,6 +11,7 @@ CONFIG_SLAB_FREELIST_HARDENED=y # Stack Protector is for buffer overflow detection and hardening CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y # Disable to ensure random heap placement to make exploits harder # CONFIG_COMPAT_BRK is not set @@ -28,3 +29,18 @@ CONFIG_STRICT_DEVMEM=y # Perform additional validation of various commonly targeted structures CONFIG_SCHED_STACK_END_CHECK=y + +# Information exposure +CONFIG_PAGE_POISONING=y + +# Kernel Address Space Layout Randomization (KASLR) +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_MEMORY=y + +# Direct kernel overwrite +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_STRICT_MODULE_RWX=y + +# Meltdown and Spectre +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y |