1*feec5e1fSKees Cook# Help: Common security options for PowerPC builds 2*feec5e1fSKees Cook 3ed2bbd2bSDaniel Axtens# This is the equivalent of booting with lockdown=integrity 4ed2bbd2bSDaniel AxtensCONFIG_SECURITY=y 5ed2bbd2bSDaniel AxtensCONFIG_SECURITYFS=y 6ed2bbd2bSDaniel AxtensCONFIG_SECURITY_LOCKDOWN_LSM=y 7ed2bbd2bSDaniel AxtensCONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y 8ed2bbd2bSDaniel AxtensCONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y 9ed2bbd2bSDaniel Axtens 10ed2bbd2bSDaniel Axtens# These are some general, reasonably inexpensive hardening options 11ed2bbd2bSDaniel AxtensCONFIG_HARDENED_USERCOPY=y 12ed2bbd2bSDaniel AxtensCONFIG_FORTIFY_SOURCE=y 13ed2bbd2bSDaniel AxtensCONFIG_INIT_ON_ALLOC_DEFAULT_ON=y 14ed2bbd2bSDaniel Axtens 15ed2bbd2bSDaniel Axtens# UBSAN bounds checking is very cheap and good for hardening 16ed2bbd2bSDaniel AxtensCONFIG_UBSAN=y 17ed2bbd2bSDaniel Axtens# CONFIG_UBSAN_MISC is not set 18