On 11.04.2019 21:01, Kees Cook wrote: > Right now kernel hardening options are scattered around various Kconfig > files. This can be a central place to collect these kinds of options > going forward. This is initially populated with the memory initialization > options from the gcc-plugins. > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Hello Kees, hello everyone! After applying this series the kernel config looks like that: ... ... CONFIG_LSM="yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor" # # Kernel hardening options # # # Memory initialization # CONFIG_INIT_STACK_NONE=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set # CONFIG_GCC_PLUGIN_STACKLEAK is not set CONFIG_CRYPTO=y # # Crypto core or helper # CONFIG_CRYPTO_ALGAPI=y ... ... What do you think about some separator between memory initialization options and CONFIG_CRYPTO? Best regards, Alexander