From 02ac343c1816936e0c5f4b8a786a1c3ff6a6adb0 Mon Sep 17 00:00:00 2001 From: Flavio Ceolin Date: Mon, 8 May 2023 15:14:46 -0700 Subject: [PATCH] security: hardening: Update general recommendations Update security recommendations. That is not a thorough list though. Signed-off-by: Flavio Ceolin --- scripts/kconfig/hardened.csv | 73 ++++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 33 deletions(-) diff --git a/scripts/kconfig/hardened.csv b/scripts/kconfig/hardened.csv index 15727bc6eab..a09defdc756 100644 --- a/scripts/kconfig/hardened.csv +++ b/scripts/kconfig/hardened.csv @@ -1,43 +1,50 @@ -HW_STACK_PROTECTION,y -INIT_STACKS,n BOOT_BANNER,n BOOT_DELAY,0 -THREAD_MONITOR,n -THREAD_NAME,n -STACK_CANARIES,y -EXECUTE_XOR_WRITE,y -STACK_POINTER_RANDOM,100 BOUNDS_CHECK_BYPASS_MITIGATION,y -STATS,n -TRACING,n -OVERRIDE_FRAME_POINTER_DEFAULT,y -LOG,n -SHELL,n -TEST_RANDOM_GENERATOR,n -TIMER_RANDOM_GENERATOR,n -ZTEST,n -TEST,n -TEST_SHELL,n -TEST_EXTRA_STACK_SIZE,0 -TEST_USERSPACE,n +BT_CONN_DISABLE_SECURITY,n +BT_DEBUG_KEYS,n +BT_DEBUG_SMP,n +BT_FIXED_PASSKEY,n +BT_LOG_SNIFFER_INFO,n +BT_OOB_DATA_FIXED,n +BT_SMP_ENFORCE_MITM,y +BT_STORE_DEBUG_KEYS,n +BT_TESTING,n +BT_USE_DEBUG_KEYS,n BUILD_OUTPUT_STRIPPED,y +BUILTIN_STACK_GUARD,y +CORTEX_M_DEBUG_MONITOR_HOOK,n +DMA_INTEL_ADSP_GPDMA_DEBUG,n +ESPI_PERIPHERAL_DEBUG_PORT_80,n +ETH_E1000_VERBOSE_DEBUG,n +ETH_MCUX_PHY_EXTRA_DEBUG,n +EXECUTE_XOR_WRITE,y +FAULT_DUMP,0 +HW_STACK_PROTECTION,y +INIT_STACKS,n +LOG,n +MODEM_CONTEXT_VERBOSE_DEBUG,n +MPU_STACK_GUARD,y +OVERRIDE_FRAME_POINTER_DEFAULT,y +SHELL,n SOC_ATMEL_SAME70_DISABLE_ERASE_PIN,y SOC_ATMEL_SAME70_WAIT_MODE,n -FAULT_DUMP,0 -X86_MMU,y -BUILTIN_STACK_GUARD,y -MPU_STACK_GUARD,y +SOC_MEC1501_DEBUG_DISABLED,y +STACK_CANARIES,y +STACK_POINTER_RANDOM,100 STACK_SENTINEL,y -BT_OOB_DATA_FIXED,n -BT_FIXED_PASSKEY,n -BT_DEBUG_KEYS,n -BT_LOG_SNIFFER_INFO,n -BT_USE_DEBUG_KEYS,n -BBT_RFCOMMT_STORE_DEBUG_KEYS,n -BT_CONN_DISABLE_SECURITY,n -MCUMGR_CMD_FS_MGMT,n -TRACING_CTF,n -USE_SEGGER_RTT,n +STATS,n +TEST,n +TEST_RANDOM_GENERATOR,n +TEST_SHELL,n +TEST_USERSPACE,n +TFM_CMAKE_BUILD_TYPE_DEBUG,n +THREAD_MONITOR,n +THREAD_NAME,n +TIMER_RANDOM_GENERATOR,n +TRACING,n +X86_MMU,y +ZTEST,n # Experimental options