15 lines
394 B
Plaintext
15 lines
394 B
Plaintext
# Basic kernel hardening options (specific to x86)
|
|
|
|
# Modern libc no longer needs a fixed-position mapping in userspace, remove
|
|
# it as a possible target.
|
|
CONFIG_LEGACY_VSYSCALL_NONE=y
|
|
|
|
# Enable chip-specific IOMMU support.
|
|
CONFIG_INTEL_IOMMU=y
|
|
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
|
|
CONFIG_INTEL_IOMMU_SVM=y
|
|
CONFIG_AMD_IOMMU=y
|
|
|
|
# Enable CET Shadow Stack for userspace.
|
|
CONFIG_X86_USER_SHADOW_STACK=y
|