summaryrefslogtreecommitdiffstats
path: root/security-blueprint/annexes/ConfigNotes.md
diff options
context:
space:
mode:
Diffstat (limited to 'security-blueprint/annexes/ConfigNotes.md')
-rw-r--r--security-blueprint/annexes/ConfigNotes.md15
1 files changed, 8 insertions, 7 deletions
diff --git a/security-blueprint/annexes/ConfigNotes.md b/security-blueprint/annexes/ConfigNotes.md
index 6de1ca6..23b202a 100644
--- a/security-blueprint/annexes/ConfigNotes.md
+++ b/security-blueprint/annexes/ConfigNotes.md
@@ -139,6 +139,10 @@ Domain | `Config` name | `Value`
------------------------------ | ------------------------- | -------
Kernel-General-ModuleSigning-1 | `CONFIG_MODULE_SIG_FORCE` | `y`
+Domain | `Variable` name | `Value`
+------------------------------ | ------------------------- | -------
+Kernel-General-ModuleSigning-2 | `kernel.modules_disabled` | `1`
+
Domain | Object | _State_
------------------------ | ------------------- | ----------
Kernel-General-Drivers-1 | `USB` | _Disabled_
@@ -154,10 +158,6 @@ Domain | `compiler` and `linker` options | _State_
Kernel-General-OverwriteAttacks-1 | `-z,relro` | _Enable_
Kernel-General-OverwriteAttacks-2 | `-z,now` | _Enable_
-Domain | `compiler` and `linker` options | _State_
-------------------------------- | ------------------------------- | --------
-Kernel-General-LibraryLinking-1 | `-static` | _Enable_
-
Domain | `Config` name | `Value`
------------------------------ | ---------------- | -------
Kernel-Memory-RestrictAccess-1 | `CONFIG_DEVKMEM` | `n`
@@ -192,9 +192,10 @@ Domain | `compiler` and `linker` options | _State_
----------------------------- | ------------------------------- | --------
Kernel-Memory-StackSmashing-1 | `-fstack-protector-all` | _Enable_
-Domain | `compiler` and `linker` options | `Value`
-------------------------------- | ------------------------------- | -------
-Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2`
+Domain | `compiler` options and `config` name | `Value`
+------------------------------- | ------------------------------------ | -------
+Kernel-Memory-BufferOverflows-1 | `-D_FORTIFY_SOURCE` | `2`
+Kernel-Memory-BufferOverflows-2 | `CONFIG_FORTIFY_SOURCE` | `y`
Domain | `Config` name | `Value`
------------------------ | ---------------------------- | -------