| Kconfig (0e1329d4045ca3606f9c06a8c47f62e758a09105) | Kconfig (8754e67ad4ac692c67ff1f99c0d07156f04ae40c) |
|---|---|
| 1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 --- 2354 unchanged lines hidden (view full) --- 2363 allocate a too small sigaltstack but 'work' because they 2364 never get a signal delivered. 2365 2366 Say 'N' unless you want to really enforce this check. 2367 2368config CFI_AUTO_DEFAULT 2369 bool "Attempt to use FineIBT by default at boot time" 2370 depends on FINEIBT | 1# SPDX-License-Identifier: GPL-2.0 2# Select 32 or 64 bit 3config 64BIT 4 bool "64-bit kernel" if "$(ARCH)" = "x86" 5 default "$(ARCH)" != "i386" 6 help 7 Say yes to build a 64-bit kernel - formerly known as x86_64 8 Say no to build a 32-bit kernel - formerly known as i386 --- 2354 unchanged lines hidden (view full) --- 2363 allocate a too small sigaltstack but 'work' because they 2364 never get a signal delivered. 2365 2366 Say 'N' unless you want to really enforce this check. 2367 2368config CFI_AUTO_DEFAULT 2369 bool "Attempt to use FineIBT by default at boot time" 2370 depends on FINEIBT |
| 2371 depends on !RUST || RUSTC_VERSION >= 108800 | |
| 2372 default y 2373 help 2374 Attempt to use FineIBT by default at boot time. If enabled, 2375 this is the same as booting with "cfi=auto". If disabled, 2376 this is the same as booting with "cfi=kcfi". 2377 2378source "kernel/livepatch/Kconfig" 2379 --- 326 unchanged lines hidden (view full) --- 2706 bool "Mitigate Speculative Store Bypass (SSB) hardware bug" 2707 default y 2708 help 2709 Enable mitigation for Speculative Store Bypass (SSB). SSB is a 2710 hardware security vulnerability and its exploitation takes advantage 2711 of speculative execution in a similar way to the Meltdown and Spectre 2712 security vulnerabilities. 2713 | 2371 default y 2372 help 2373 Attempt to use FineIBT by default at boot time. If enabled, 2374 this is the same as booting with "cfi=auto". If disabled, 2375 this is the same as booting with "cfi=kcfi". 2376 2377source "kernel/livepatch/Kconfig" 2378 --- 326 unchanged lines hidden (view full) --- 2705 bool "Mitigate Speculative Store Bypass (SSB) hardware bug" 2706 default y 2707 help 2708 Enable mitigation for Speculative Store Bypass (SSB). SSB is a 2709 hardware security vulnerability and its exploitation takes advantage 2710 of speculative execution in a similar way to the Meltdown and Spectre 2711 security vulnerabilities. 2712 |
| 2713config MITIGATION_ITS 2714 bool "Enable Indirect Target Selection mitigation" 2715 depends on CPU_SUP_INTEL && X86_64 2716 depends on MITIGATION_RETPOLINE && MITIGATION_RETHUNK 2717 default y 2718 help 2719 Enable Indirect Target Selection (ITS) mitigation. ITS is a bug in 2720 BPU on some Intel CPUs that may allow Spectre V2 style attacks. If 2721 disabled, mitigation cannot be enabled via cmdline. 2722 See <file:Documentation/admin-guide/hw-vuln/indirect-target-selection.rst> 2723 |
|
| 2714endif 2715 2716config ARCH_HAS_ADD_PAGES 2717 def_bool y 2718 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2719 2720menu "Power management and ACPI options" 2721 --- 457 unchanged lines hidden --- | 2724endif 2725 2726config ARCH_HAS_ADD_PAGES 2727 def_bool y 2728 depends on ARCH_ENABLE_MEMORY_HOTPLUG 2729 2730menu "Power management and ACPI options" 2731 --- 457 unchanged lines hidden --- |