162306a36Sopenharmony_ci# Help: Common security options for PowerPC builds 262306a36Sopenharmony_ci 362306a36Sopenharmony_ci# This is the equivalent of booting with lockdown=integrity 462306a36Sopenharmony_ciCONFIG_SECURITY=y 562306a36Sopenharmony_ciCONFIG_SECURITYFS=y 662306a36Sopenharmony_ciCONFIG_SECURITY_LOCKDOWN_LSM=y 762306a36Sopenharmony_ciCONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y 862306a36Sopenharmony_ciCONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY=y 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci# These are some general, reasonably inexpensive hardening options 1162306a36Sopenharmony_ciCONFIG_HARDENED_USERCOPY=y 1262306a36Sopenharmony_ciCONFIG_FORTIFY_SOURCE=y 1362306a36Sopenharmony_ciCONFIG_INIT_ON_ALLOC_DEFAULT_ON=y 1462306a36Sopenharmony_ci 1562306a36Sopenharmony_ci# UBSAN bounds checking is very cheap and good for hardening 1662306a36Sopenharmony_ciCONFIG_UBSAN=y 1762306a36Sopenharmony_ci# CONFIG_UBSAN_MISC is not set 18