This became upstream default (see
https://www.phoronix.com/news/Linux-IBT-By-Default-Tip for IT news media
coverage), and given its security-relevance, we should adopt this
setting as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
CONFIG_ARCH_USES_PG_UNCACHED=y
CONFIG_X86_UMIP=y
CONFIG_CC_HAS_IBT=y
-# CONFIG_X86_KERNEL_IBT is not set
+CONFIG_X86_KERNEL_IBT=y
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
CONFIG_X86_INTEL_TSX_MODE_OFF=y
# CONFIG_X86_INTEL_TSX_MODE_ON is not set
#lib/modules/KVER-ipfire/build/include/config/X86_INTERNODE_CACHE_SHIFT
#lib/modules/KVER-ipfire/build/include/config/X86_IOPL_IOPERM
#lib/modules/KVER-ipfire/build/include/config/X86_IO_APIC
+#lib/modules/KVER-ipfire/build/include/config/X86_KERNEL_IBT
#lib/modules/KVER-ipfire/build/include/config/X86_L1_CACHE_SHIFT
#lib/modules/KVER-ipfire/build/include/config/X86_LOCAL_APIC
#lib/modules/KVER-ipfire/build/include/config/X86_MCE