git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KAISER: Kernel Address Isolation
[pandora-kernel.git] / security / Kconfig
diff --git a/security/Kconfig b/security/Kconfig
index 51bd5a0..19f8319 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -96,6 +96,16 @@ config SECURITY
 
          If you are unsure how to answer this question, answer N.
 
+config KAISER
+       bool "Remove the kernel mapping in user mode"
+       default y
+       depends on X86_64 && SMP && !PARAVIRT
+       help
+         This enforces a strict kernel and user space isolation, in order
+         to close hardware side channels on kernel address information.
+
+         If you are unsure how to answer this question, answer Y.
+
 config SECURITYFS
        bool "Enable the securityfs filesystem"
        help
Pandora Kernel Repository