]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f7447b1)
linux: Enable Indirect Branch Tracking by default
authorPeter Müller <peter.mueller@ipfire.org>
Sun, 9 Jul 2023 14:55:00 +0000 (14:55 +0000)
committerPeter Müller <peter.mueller@ipfire.org>
Thu, 13 Jul 2023 14:20:32 +0000 (14:20 +0000)
This became upstream default (see
https://www.phoronix.com/news/Linux-IBT-By-Default-Tip for IT news media
coverage), and given its security-relevance, we should adopt this
setting as well.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
config/kernel/kernel.config.x86_64-ipfire patch | blob | blame | history
config/rootfiles/common/x86_64/linux patch | blob | blame | history

diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 3bddd3806f44debe7aad745dee58fa3086fcd733..f4e4584c39ad246a21f843f84305c8362bbc1d05 100644 (file)
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -431,7 +431,7 @@ CONFIG_X86_PAT=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_X86_UMIP=y
 CONFIG_CC_HAS_IBT=y
-# CONFIG_X86_KERNEL_IBT is not set
+CONFIG_X86_KERNEL_IBT=y
 CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
 CONFIG_X86_INTEL_TSX_MODE_OFF=y
 # CONFIG_X86_INTEL_TSX_MODE_ON is not set
diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux
index 2da7da282dde24836961ad0c5f52127b423bf377..512246b73cbe1b79add0d6c33b6517fa469a1460 100644 (file)
--- a/config/rootfiles/common/x86_64/linux
+++ b/config/rootfiles/common/x86_64/linux
@@ -11324,6 +11324,7 @@ etc/modprobe.d/ipv6.conf
 #lib/modules/KVER-ipfire/build/include/config/X86_INTERNODE_CACHE_SHIFT
 #lib/modules/KVER-ipfire/build/include/config/X86_IOPL_IOPERM
 #lib/modules/KVER-ipfire/build/include/config/X86_IO_APIC
+#lib/modules/KVER-ipfire/build/include/config/X86_KERNEL_IBT
 #lib/modules/KVER-ipfire/build/include/config/X86_L1_CACHE_SHIFT
 #lib/modules/KVER-ipfire/build/include/config/X86_LOCAL_APIC
 #lib/modules/KVER-ipfire/build/include/config/X86_MCE
Peter's tree of IPFire 2.x