arch/x86/configs/hardening.config - linux/kernel/git/klassert/ipsec - Git at Google

 # Basic kernel hardening options (specific to x86)

 # Modern libc no longer needs a fixed-position mapping in userspace, remove
 # it as a possible target.
 CONFIG_LEGACY_VSYSCALL_NONE=y

 # Enable chip-specific IOMMU support.
 CONFIG_INTEL_IOMMU=y
 CONFIG_INTEL_IOMMU_DEFAULT_ON=y
 CONFIG_INTEL_IOMMU_SVM=y
 CONFIG_AMD_IOMMU=y

 # Enforce CET Indirect Branch Tracking in the kernel.
 CONFIG_X86_KERNEL_IBT=y

 # Enable CET Shadow Stack for userspace.
 CONFIG_X86_USER_SHADOW_STACK=y
	# Basic kernel hardening options (specific to x86)

	# Modern libc no longer needs a fixed-position mapping in userspace, remove
	# it as a possible target.
	CONFIG_LEGACY_VSYSCALL_NONE=y

	# Enable chip-specific IOMMU support.
	CONFIG_INTEL_IOMMU=y
	CONFIG_INTEL_IOMMU_DEFAULT_ON=y
	CONFIG_INTEL_IOMMU_SVM=y
	CONFIG_AMD_IOMMU=y

	# Enforce CET Indirect Branch Tracking in the kernel.
	CONFIG_X86_KERNEL_IBT=y

	# Enable CET Shadow Stack for userspace.
	CONFIG_X86_USER_SHADOW_STACK=y