xref: /linux/arch/x86/configs/hardening.config (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1# Basic kernel hardening options (specific to x86)
2
3# Modern libc no longer needs a fixed-position mapping in userspace, remove
4# it as a possible target.
5CONFIG_LEGACY_VSYSCALL_NONE=y
6
7# Enable chip-specific IOMMU support.
8CONFIG_INTEL_IOMMU=y
9CONFIG_INTEL_IOMMU_DEFAULT_ON=y
10CONFIG_INTEL_IOMMU_SVM=y
11CONFIG_AMD_IOMMU=y
12
13# Enforce CET Indirect Branch Tracking in the kernel.
14CONFIG_X86_KERNEL_IBT=y
15
16# Enable CET Shadow Stack for userspace.
17CONFIG_X86_USER_SHADOW_STACK=y
18