On Mon, Apr 29, 2024 at 03:16:50PM -0700, Nathan Chancellor wrote: > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote: > [...] > > +# Enable Kernel Control Flow Integrity (currently Clang only). > > +CONFIG_CFI_CLANG=y > > +# CONFIG_CFI_PERMISSIVE is not set > > Should this be a part of kernel/configs/hardening.config because RISC-V > supports it (and 32-bit ARM will soon too)?
Probably yes. I was worried it might be "noisy" for archs that don't support it, but frankly if someone is using "make hardening.config" they probably want to know about unsupported options. :) -- Kees Cook
