From: He Zhe <zhe...@windriver.com> Signed-off-by: He Zhe <zhe...@windriver.com> --- features/security/security.cfg | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
diff --git a/features/security/security.cfg b/features/security/security.cfg index 87408b6..8b7a065 100644 --- a/features/security/security.cfg +++ b/features/security/security.cfg @@ -11,6 +11,7 @@ CONFIG_SLAB_FREELIST_HARDENED=y # Stack Protector is for buffer overflow detection and hardening CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y # Perform extensive checks on reference counting CONFIG_REFCOUNT_FULL=y @@ -44,3 +45,18 @@ CONFIG_DEBUG_LIST=y CONFIG_DEBUG_SG=y CONFIG_DEBUG_NOTIFIERS=y CONFIG_DEBUG_CREDENTIALS=y + +# Information exposure +CONFIG_PAGE_POISONING=y + +# Kernel Address Space Layout Randomization (KASLR) +CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOMIZE_MEMORY=y + +# Direct kernel overwrite +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_STRICT_MODULE_RWX=y + +# Meltdown and Spectre +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y -- 2.7.4 -- _______________________________________________ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto