1# Basic kernel hardening options (specific to x86) 2 3# Modern libc no longer needs a fixed-position mapping in userspace, remove 4# it as a possible target. 5CONFIG_LEGACY_VSYSCALL_NONE=y 6 7# Enable chip-specific IOMMU support. 8CONFIG_INTEL_IOMMU=y 9CONFIG_INTEL_IOMMU_DEFAULT_ON=y 10CONFIG_INTEL_IOMMU_SVM=y 11CONFIG_AMD_IOMMU=y 12 13# Enforce CET Indirect Branch Tracking in the kernel. 14CONFIG_X86_KERNEL_IBT=y 15 16# Enable CET Shadow Stack for userspace. 17CONFIG_X86_USER_SHADOW_STACK=y 18