@@ -148,16 +148,17 if [ "$BUILD_KERNEL" = true ] ; then | |||||
148 | set_kernel_config CONFIG_AUDIT y |
|
148 | set_kernel_config CONFIG_AUDIT y | |
149 |
|
149 | |||
150 | # harden strcpy and memcpy |
|
150 | # harden strcpy and memcpy | |
151 |
set_kernel_config CONFIG_HARDENED_USERCOPY |
|
151 | set_kernel_config CONFIG_HARDENED_USERCOPY y | |
152 |
set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR |
|
152 | set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y | |
153 |
set_kernel_config CONFIG_FORTIFY_SOURCE |
|
153 | set_kernel_config CONFIG_FORTIFY_SOURCE y | |
154 |
|
154 | |||
155 | # integrity sub-system |
|
155 | # integrity sub-system | |
156 |
set_kernel_config CONFIG_INTEGRITY |
|
156 | set_kernel_config CONFIG_INTEGRITY y | |
157 |
set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS |
|
157 | set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y | |
158 |
set_kernel_config CONFIG_INTEGRITY_AUDIT |
|
158 | set_kernel_config CONFIG_INTEGRITY_AUDIT y | |
159 |
set_kernel_config CONFIG_INTEGRITY_SIGNATURE |
|
159 | set_kernel_config CONFIG_INTEGRITY_SIGNATURE y | |
160 |
set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING |
|
160 | set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y | |
|
161 | set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS "" | |||
161 |
|
162 | |||
162 | # This option provides support for retaining authentication tokens and access keys in the kernel. |
|
163 | # This option provides support for retaining authentication tokens and access keys in the kernel. | |
163 | set_kernel_config CONFIG_KEYS=y |
|
164 | set_kernel_config CONFIG_KEYS=y |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant