Djam/kernel-6.6
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-6.6.git synced 2025-02-25 20:02:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable wiping objects in RAM with enhanced_security

Browse source
This commit is contained in:
Mikhail Novosyolov 2019-11-14 01:08:33 +03:00
parent 95c7ee5355
commit 3eca49b16a
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
kernel.spec
View file

@ -11,7 +11,7 @@
%define sublevel 10 %define sublevel 10
# Release number. Increase this before a rebuild. # Release number. Increase this before a rebuild.
%define rpmrel 3 %define rpmrel 4
%define fullrpmrel %{rpmrel} %define fullrpmrel %{rpmrel}
%define rpmtag %{disttag} %define rpmtag %{disttag}
@ -765,6 +765,20 @@ echo CONFIG_MODULE_SIG_ALL=n >> .config
echo CONFIG_MODULE_SIG_SHA512=y >> .config echo CONFIG_MODULE_SIG_SHA512=y >> .config
# Set path to the key that will be generated later by openssl # Set path to the key that will be generated later by openssl
echo CONFIG_MODULE_SIG_KEY="%{certs_signing_key_rnd}" >> .config echo CONFIG_MODULE_SIG_KEY="%{certs_signing_key_rnd}" >> .config
# Memory wiping
# Introduced in kernel 5.3 by commit 6471384af2a6530696fc0203bafe4de41a23c9ef
# Estimated performance impact is described in the commit
# "Fill newly allocated pages and heap objects with zeroes."
# To enable, add to cmdline: init_on_alloc=1
#sed -i '/CONFIG_INIT_ON_ALLOC_DEFAULT_ON/d' .config
#echo CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y >> .config
# "Fill freed pages and heap objects with zeroes"
# To disable, add to cmdline: init_on_free=0
sed -i '/CONFIG_INIT_ON_FREE_DEFAULT_O/d' .config
echo CONFIG_INIT_ON_FREE_DEFAULT_ON=y >> .config
# Here enabling only either only init_on_free or only init_on_alloc
# makes sense; init_on_alloc is not about protecting information.
%endif %endif
# Store the config file in the appropriate directory. # Store the config file in the appropriate directory.