Set default hostname to AA000-0. Enable CPU RDRAND. Enable initialising kernel stack variables at function entry. Enable poisoning kernel stack before returning from syscalls. Enable register zeroing on function exit. Disable Kernel Self Protection Project recommendations.

2022-10-06 01:54:35 +01:00 · 2022-10-06 01:54:35 +01:00 · 11e6eeee4a
commit 11e6eeee4a
parent 1e6b7eebf0
1 changed files with 8 additions and 6 deletions
--- a/linux/.config
+++ b/linux/.config
@ -28,7 +28,7 @@ CONFIG_THREAD_INFO_IN_TASK=y
 CONFIG_INIT_ENV_ARG_LIMIT=32
 # CONFIG_COMPILE_TEST is not set
 CONFIG_WERROR=y
-CONFIG_LOCALVERSION="-inferencium-AA000-0-0.5.0.8"
+CONFIG_LOCALVERSION="-inferencium-AA000-0-0.6.1.13"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_BUILD_SALT=""
 CONFIG_HAVE_KERNEL_GZIP=y
@ -46,7 +46,7 @@ CONFIG_HAVE_KERNEL_ZSTD=y
 # CONFIG_KERNEL_LZ4 is not set
 CONFIG_KERNEL_ZSTD=y
 CONFIG_DEFAULT_INIT=""
-CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_DEFAULT_HOSTNAME="AA000-0"
 CONFIG_SWAP=y
 CONFIG_SYSVIPC=y
 CONFIG_SYSVIPC_SYSCTL=y
@ -1955,7 +1955,7 @@ CONFIG_TCG_CRB=y
 # CONFIG_TELCLOCK is not set
 # CONFIG_XILLYBUS is not set
 # CONFIG_XILLYUSB is not set
-# CONFIG_RANDOM_TRUST_CPU is not set
+CONFIG_RANDOM_TRUST_CPU=y
 # CONFIG_RANDOM_TRUST_BOOTLOADER is not set
 # end of Character devices
@ -3678,11 +3678,12 @@ CONFIG_LSM_MMAP_MIN_ADDR=65536
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_HARDENED_USERCOPY_FALLBACK=y
-CONFIG_FORTIFY_SOURCE=y
+# CONFIG_FORTIFY_SOURCE is not set
 CONFIG_STATIC_USERMODEHELPER=y
 CONFIG_STATIC_USERMODEHELPER_PATH="/sbin/usermode-helper"
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 # CONFIG_SECURITY_SELINUX_DISABLE is not set
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
@ -3736,7 +3737,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
 # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set
 # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
 CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
-CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
 CONFIG_GCC_PLUGIN_STACKLEAK=y
 CONFIG_STACKLEAK_TRACK_MIN_SIZE=100
 # CONFIG_STACKLEAK_METRICS is not set
@ -4244,6 +4245,7 @@ CONFIG_FTRACE=y
 # CONFIG_TRACER_SNAPSHOT is not set
 CONFIG_BRANCH_PROFILE_NONE=y
 # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
 # CONFIG_PROFILE_ALL_BRANCHES is not set
 CONFIG_BLK_DEV_IO_TRACE=y
 CONFIG_KPROBE_EVENTS=y
 CONFIG_UPROBE_EVENTS=y
@ -4313,6 +4315,6 @@ CONFIG_GENTOO_LINUX_INIT_SCRIPT=y
 # CONFIG_GENTOO_LINUX_INIT_SYSTEMD is not set
 # end of Support for init systems, system and service managers
-CONFIG_GENTOO_KERNEL_SELF_PROTECTION=y
+# CONFIG_GENTOO_KERNEL_SELF_PROTECTION is not set
 CONFIG_GENTOO_PRINT_FIRMWARE_INFO=y
 # end of Gentoo Linux