git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Bruce Ashfield <bruce.ashfield@gmail.com>
	Fri, 19 Jan 2024 21:14:15 +0000 (16:14 -0500)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 26 Jan 2024 14:58:49 +0000 (04:58 -1000)
commit	6ee7b17677a39302bd14acbc2a4bfe5cb247f32e
tree	33a7c73d11023dae782d9f240288efa55cae8adc	tree
parent	8960ae115972015de0176ceb202c4996f5a03c75	commit \| diff

linux-yocto/6.1: security/cfg: add configs to harden protection

Integrating the following commit(s) to linux-yocto/.:

1/1 [
    Author: Xiangyu Chen
    Email: xiangyu.chen@windriver.com
    Subject: feature/security: add configs to harden protection
    Date: Tue, 16 Jan 2024 18:22:31 +0800

    Add some configs to harden protection:
      CONFIG_HW_RANDOM_TPM=y Exposing the TPM's Random Number Generator as a hwrng device.
      CONFIG_DEBUG_WX=y Warn on W+X mappings at boot.
      CONFIG_SECURITY_DMESG_RESTRICT=y Restrict unprivileged access to the kernel syslog.
      CONFIG_LDISC_AUTOLOAD=n Disable automatically load TTY Line Disciplines.

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33d3dd8f5469cb0b2999d7f935378899d447b3ce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-kernel/linux/linux-yocto-rt_6.1.bb		diff \| blob \| blame \| history
meta/recipes-kernel/linux/linux-yocto-tiny_6.1.bb		diff \| blob \| blame \| history
meta/recipes-kernel/linux/linux-yocto_6.1.bb		diff \| blob \| blame \| history