mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-31 12:50:19 +00:00
Code Issues Projects Releases Wiki Activity
Files
hardknott
meta-security/meta-security-isafw/lib/isafw/isaplugins/configs/kca/x86.py
T
Armin Kuster 4842e14299 meta-security-isafw: import layer from Intel 
take over layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-01 22:16:14 -08:00

39 lines
2.7 KiB
Python
Raw Permalink Blame History

############################################################################################
# Kernel Hardening Configurations
############################################################################################
hardening_kco = {'CONFIG_DEFAULT_MMAP_MIN_ADDR': 'not set',
'CONFIG_RANDOMIZE_BASE_MAX_OFFSET': 'not set',
'CONFIG_X86_INTEL_MPX': 'not set',
'CONFIG_X86_MSR': 'not set'
}
hardening_kco_ref = {'CONFIG_DEFAULT_MMAP_MIN_ADDR': '65536', # x86 specific
'CONFIG_RANDOMIZE_BASE_MAX_OFFSET': '0x20000000,0x40000000', # x86 specific
'CONFIG_X86_INTEL_MPX': 'y', # x86 and certain HW variants specific
'CONFIG_X86_MSR': 'not set'
}
############################################################################################
# Keys Kernel Configuration
############################################################################################
keys_kco = {}
keys_kco_ref = {}
############################################################################################
# Security Kernel Configuration
############################################################################################
security_kco = {'CONFIG_LSM_MMAP_MIN_ADDR': 'not set',
'CONFIG_INTEL_TXT': 'not set'}
security_kco_ref = {'CONFIG_LSM_MMAP_MIN_ADDR': '65536', # x86 specific
'CONFIG_INTEL_TXT': 'y'}
############################################################################################
# Integrity Kernel Configuration
############################################################################################
integrity_kco = {}
integrity_kco_ref = {}
############################################################################################
# Comments
############################################################################################
comments = {'CONFIG_DEFAULT_MMAP_MIN_ADDR': 'Defines the portion of low virtual memory that should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs.',
'CONFIG_RANDOMIZE_BASE_MAX_OFFSET': 'Defines the maximal offset in bytes that will be applied to the kernel when kernel Address Space Layout Randomization (kASLR) is active.',
'CONFIG_X86_INTEL_MPX': 'Enables MPX hardware features that can be used with compiler-instrumented code to check memory references. It is designed to detect buffer overflow or underflow bugs.',
'CONFIG_X86_MSR': 'Enables privileged processes access to the x86 Model-Specific Registers (MSRs). MSR accesses are directed to a specific CPU on multi-processor systems. This alone does not provide security.'
}
Reference in New Issue View Git Blame Copy Permalink