sys-kernel/hardened-kernel: update kernel config
This commit is contained in:
@@ -329,7 +329,6 @@ CONFIG_HAVE_INTEL_TXT=y
|
||||
CONFIG_X86_64_SMP=y
|
||||
CONFIG_ARCH_SUPPORTS_UPROBES=y
|
||||
CONFIG_FIX_EARLYCON_MEM=y
|
||||
CONFIG_DYNAMIC_PHYSICAL_MASK=y
|
||||
CONFIG_PGTABLE_LEVELS=4
|
||||
CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
|
||||
|
||||
@@ -359,9 +358,9 @@ CONFIG_ARCH_CPUIDLE_HALTPOLL=y
|
||||
CONFIG_PVH=y
|
||||
CONFIG_PARAVIRT_TIME_ACCOUNTING=y
|
||||
CONFIG_PARAVIRT_CLOCK=y
|
||||
CONFIG_JAILHOUSE_GUEST=y
|
||||
# CONFIG_JAILHOUSE_GUEST is not set
|
||||
# CONFIG_ACRN_GUEST is not set
|
||||
CONFIG_INTEL_TDX_GUEST=y
|
||||
# CONFIG_INTEL_TDX_GUEST is not set
|
||||
# CONFIG_MK8 is not set
|
||||
# CONFIG_MK8SSE3 is not set
|
||||
# CONFIG_MK10 is not set
|
||||
@@ -418,9 +417,9 @@ CONFIG_IA32_FEAT_CTL=y
|
||||
CONFIG_X86_VMX_FEATURE_NAMES=y
|
||||
CONFIG_CPU_SUP_INTEL=y
|
||||
CONFIG_CPU_SUP_AMD=y
|
||||
# CONFIG_CPU_SUP_HYGON is not set
|
||||
# CONFIG_CPU_SUP_CENTAUR is not set
|
||||
# CONFIG_CPU_SUP_ZHAOXIN is not set
|
||||
CONFIG_CPU_SUP_HYGON=y
|
||||
CONFIG_CPU_SUP_CENTAUR=y
|
||||
CONFIG_CPU_SUP_ZHAOXIN=y
|
||||
CONFIG_HPET_TIMER=y
|
||||
CONFIG_HPET_EMULATE_RTC=y
|
||||
CONFIG_DMI=y
|
||||
@@ -467,7 +466,6 @@ CONFIG_X86_CPUID=m
|
||||
# CONFIG_X86_5LEVEL is not set
|
||||
CONFIG_X86_DIRECT_GBPAGES=y
|
||||
# CONFIG_X86_CPA_STATISTICS is not set
|
||||
CONFIG_X86_MEM_ENCRYPT=y
|
||||
# CONFIG_AMD_MEM_ENCRYPT is not set
|
||||
CONFIG_NUMA=y
|
||||
# CONFIG_AMD_NUMA is not set
|
||||
@@ -886,7 +884,6 @@ CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
|
||||
CONFIG_ARCH_USE_MEMREMAP_PROT=y
|
||||
CONFIG_LOCK_EVENT_COUNTS=y
|
||||
CONFIG_ARCH_HAS_MEM_ENCRYPT=y
|
||||
CONFIG_ARCH_HAS_CC_PLATFORM=y
|
||||
CONFIG_HAVE_STATIC_CALL=y
|
||||
CONFIG_HAVE_STATIC_CALL_INLINE=y
|
||||
CONFIG_HAVE_PREEMPT_DYNAMIC=y
|
||||
@@ -2047,7 +2044,6 @@ CONFIG_EFI_EARLYCON=y
|
||||
# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
|
||||
# CONFIG_EFI_DISABLE_RUNTIME is not set
|
||||
CONFIG_EFI_COCO_SECRET=y
|
||||
CONFIG_UNACCEPTED_MEMORY=y
|
||||
# end of EFI (Extensible Firmware Interface) Support
|
||||
|
||||
CONFIG_UEFI_CPER=y
|
||||
@@ -5263,7 +5259,6 @@ CONFIG_VIRT_DRIVERS=y
|
||||
# CONFIG_VBOXGUEST is not set
|
||||
# CONFIG_NITRO_ENCLAVES is not set
|
||||
CONFIG_EFI_SECRET=m
|
||||
# CONFIG_TDX_GUEST_DRIVER is not set
|
||||
CONFIG_VIRTIO_ANCHOR=y
|
||||
CONFIG_VIRTIO=y
|
||||
CONFIG_VIRTIO_PCI_LIB=y
|
||||
@@ -5730,7 +5725,8 @@ CONFIG_EXPORTFS_BLOCK_OPS=y
|
||||
CONFIG_FILE_LOCKING=y
|
||||
CONFIG_FS_ENCRYPTION=y
|
||||
CONFIG_FS_ENCRYPTION_ALGS=y
|
||||
# CONFIG_FS_VERITY is not set
|
||||
CONFIG_FS_VERITY=y
|
||||
CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y
|
||||
CONFIG_FSNOTIFY=y
|
||||
CONFIG_DNOTIFY=y
|
||||
CONFIG_INOTIFY_USER=y
|
||||
@@ -6031,8 +6027,14 @@ CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
CONFIG_SECURITY_LANDLOCK=y
|
||||
# CONFIG_INTEGRITY is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
CONFIG_INTEGRITY_SIGNATURE=y
|
||||
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
# CONFIG_IMA is not set
|
||||
# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set
|
||||
# CONFIG_EVM is not set
|
||||
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
||||
# CONFIG_DEFAULT_SECURITY_DAC is not set
|
||||
CONFIG_LSM="selinux,safesetid,yama,lockdown,landlock,bpf"
|
||||
@@ -6452,7 +6454,6 @@ CONFIG_NEED_SG_DMA_FLAGS=y
|
||||
CONFIG_NEED_SG_DMA_LENGTH=y
|
||||
CONFIG_NEED_DMA_MAP_STATE=y
|
||||
CONFIG_ARCH_DMA_ADDR_T_64BIT=y
|
||||
CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED=y
|
||||
CONFIG_SWIOTLB=y
|
||||
# CONFIG_SWIOTLB_DYNAMIC is not set
|
||||
# CONFIG_DMA_API_DEBUG is not set
|
||||
@@ -6468,6 +6469,7 @@ CONFIG_LRU_CACHE=m
|
||||
CONFIG_CLZ_TAB=y
|
||||
# CONFIG_IRQ_POLL is not set
|
||||
CONFIG_MPILIB=y
|
||||
CONFIG_SIGNATURE=y
|
||||
CONFIG_OID_REGISTRY=y
|
||||
CONFIG_UCS2_STRING=y
|
||||
CONFIG_HAVE_GENERIC_VDSO=y
|
||||
|
||||
Reference in New Issue
Block a user