Adding upstream version 6.7.7.upstream/6.7.7

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 17:35:05 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 17:39:31 +0000
commit: 85c675d0d09a45a135bddd15d7b385f8758c32fb (patch)
tree: 76267dbc9b9a130337be3640948fe397b04ac629 /arch/arm/configs/hardening.config
parent: Adding upstream version 6.6.15. (diff)
download: linux-85c675d0d09a45a135bddd15d7b385f8758c32fb.tar.xz
linux-85c675d0d09a45a135bddd15d7b385f8758c32fb.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/arm/configs/hardening.config b/arch/arm/configs/hardening.config
new file mode 100644
index 0000000000..327349ce63
--- /dev/null
+++ b/arch/arm/configs/hardening.config
@@ -0,0 +1,7 @@
+# Basic kernel hardening options (specific to arm)
+
+# Make sure PXN/PAN emulation is enabled.
+CONFIG_CPU_SW_DOMAIN_PAN=y
+
+# Dangerous; old interfaces and needless additional attack surface.
+# CONFIG_OABI_COMPAT is not set
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 17:35:05 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 17:39:31 +0000
commit	85c675d0d09a45a135bddd15d7b385f8758c32fb (patch)
tree	76267dbc9b9a130337be3640948fe397b04ac629 /arch/arm/configs/hardening.config
parent	Adding upstream version 6.6.15. (diff)
download	linux-85c675d0d09a45a135bddd15d7b385f8758c32fb.tar.xz linux-85c675d0d09a45a135bddd15d7b385f8758c32fb.zip