powerpc/configs/skiroot: Enable security features - kernel/linux.git

diff options

author	Joel Stanley <joel@jms.id.au>	2020-01-21 07:29:57 +0300
committer	Michael Ellerman <mpe@ellerman.id.au>	2020-01-31 13:20:17 +0300
commit	579baeece66ef9360da7d815fd328faf271a3008 (patch)
tree	f5c63e3cb0d3784e15ec2dd5525fef65fa1be06b /scripts/gdb/linux/utils.py
parent	cdc7b23f1e90983cb5fb0c9a0a5e6e08b5d71563 (diff)
download	linux-579baeece66ef9360da7d815fd328faf271a3008.tar.xz

powerpc/configs/skiroot: Enable security features

This turns on HARDENED_USERCOPY with HARDENED_USERCOPY_PAGESPAN, and FORTIFY_SOURCE. It also enables SECURITY_LOCKDOWN_LSM with _EARLY and LOCK_DOWN_KERNEL_FORCE_INTEGRITY options enabled. This still allows xmon to be used in read-only mode. MODULE_SIG is selected by lockdown, so it is still enabled. Because we're setting LOCK_DOWN_KERNELFORCE_INTEGRITY=y we also need to enable KEXEC_FILE=y so that kexec continues to work. Signed-off-by: Joel Stanley <joel@jms.id.au> [mpe: Switch to lockdown integrity mode per oohal, enable KEXEC_FILE as reported by jms] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20200121043000.16212-7-mpe@ellerman.id.au

Diffstat (limited to 'scripts/gdb/linux/utils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: