From: Xiangyu Chen <[email protected]> Hi Bruce,
After using kernel-hardening-checker[1] utils to check current configs, we picked up some configs from failure case to feature/security/security.cfg to improve the kernel security. Following configs no impact on performance but can improve kernel security: CONFIG_HW_RANDOM_TPM=y Exposing the TPM's Random Number Generator(if have) as a hwrng device. CONFIG_DEBUG_WX=y Warn on W+X mappings at boot. CONFIG_SECURITY_DMESG_RESTRICT=y Restrict unprivileged access to the kernel syslog. CONFIG_LDISC_AUTOLOAD=n Disable automatically load TTY Line Disciplines. Thanks! Ref: [1] https://github.com/a13xp0p0v/kernel-hardening-checker Xiangyu Chen (1): feature/security: add configs to harden protection features/security/security.cfg | 12 ++++++++++++ 1 file changed, 12 insertions(+) -- 2.35.5
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13487): https://lists.yoctoproject.org/g/linux-yocto/message/13487 Mute This Topic: https://lists.yoctoproject.org/mt/103758931/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
