| menu "Kernel hacking" |
| |
| source "lib/Kconfig.debug" |
| |
| config ARM64_PTDUMP_CORE |
| def_bool n |
| |
| config ARM64_PTDUMP_DEBUGFS |
| bool "Export kernel pagetable layout to userspace via debugfs" |
| depends on DEBUG_KERNEL |
| select ARM64_PTDUMP_CORE |
| select DEBUG_FS |
| help |
| Say Y here if you want to show the kernel pagetable layout in a |
| debugfs file. This information is only useful for kernel developers |
| who are working in architecture specific areas of the kernel. |
| It is probably not a good idea to enable this feature in a production |
| kernel. |
| |
| If in doubt, say N. |
| |
| config PID_IN_CONTEXTIDR |
| bool "Write the current PID to the CONTEXTIDR register" |
| help |
| Enabling this option causes the kernel to write the current PID to |
| the CONTEXTIDR register, at the expense of some additional |
| instructions during context switch. Say Y here only if you are |
| planning to use hardware trace tools with this kernel. |
| |
| config ARM64_RANDOMIZE_TEXT_OFFSET |
| bool "Randomize TEXT_OFFSET at build time" |
| help |
| Say Y here if you want the image load offset (AKA TEXT_OFFSET) |
| of the kernel to be randomized at build-time. When selected, |
| this option will cause TEXT_OFFSET to be randomized upon any |
| build of the kernel, and the offset will be reflected in the |
| text_offset field of the resulting Image. This can be used to |
| fuzz-test bootloaders which respect text_offset. |
| |
| This option is intended for bootloader and/or kernel testing |
| only. Bootloaders must make no assumptions regarding the value |
| of TEXT_OFFSET and platforms must not require a specific |
| value. |
| |
| config DEBUG_EXCEPTION_STACK |
| bool "Preserve stack data when the exception happened" |
| default n |
| help |
| If this is set, kernel can preserve the specific size of stack data |
| when an exception occurs from EL1. This can help to fiqure out the |
| stack data before the exception happened. |
| |
| config DEBUG_WX |
| bool "Warn on W+X mappings at boot" |
| select ARM64_PTDUMP_CORE |
| ---help--- |
| Generate a warning if any W+X mappings are found at boot. |
| |
| This is useful for discovering cases where the kernel is leaving |
| W+X mappings after applying NX, as such mappings are a security risk. |
| This check also includes UXN, which should be set on all kernel |
| mappings. |
| |
| Look for a message in dmesg output like this: |
| |
| arm64/mm: Checked W+X mappings: passed, no W+X pages found. |
| |
| or like this, if the check failed: |
| |
| arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found. |
| |
| Note that even if the check fails, your kernel is possibly |
| still fine, as W+X mappings are not a security hole in |
| themselves, what they do is that they make the exploitation |
| of other unfixed kernel bugs easier. |
| |
| There is no runtime or memory usage effect of this option |
| once the kernel has booted up - it's a one time check. |
| |
| If in doubt, say "Y". |
| |
| config DEBUG_ALIGN_RODATA |
| depends on STRICT_KERNEL_RWX |
| bool "Align linker sections up to SECTION_SIZE" |
| help |
| If this option is enabled, sections that may potentially be marked as |
| read only or non-executable will be aligned up to the section size of |
| the kernel. This prevents sections from being split into pages and |
| avoids a potential TLB penalty. The downside is an increase in |
| alignment and potentially wasted space. Turn on this option if |
| performance is more important than memory pressure. |
| |
| If in doubt, say N. |
| |
| config DEBUG_EFI |
| depends on EFI && DEBUG_INFO |
| bool "UEFI debugging" |
| help |
| Enable this option to include EFI specific debugging features into |
| the kernel that are only useful when using a debug build of the |
| UEFI firmware |
| |
| config ARM64_RELOC_TEST |
| depends on m |
| tristate "Relocation testing module" |
| |
| comment "Samsung Rooting Restriction Feature" |
| config SEC_RESTRICT_ROOTING |
| bool "Samsung Rooting Restriction Feature" |
| depends on SAMSUNG_PRODUCT_SHIP |
| default n |
| help |
| Restrict unauthorized executions with root permission. |
| |
| config SEC_RESTRICT_SETUID |
| bool "Restrict changing root privilege except allowed process" |
| depends on SEC_RESTRICT_ROOTING |
| default y |
| help |
| Say Y here if you want to restrict functions related setuid. Only allowed |
| process can chanage ROOT privilege. Saying N will not restrict changing |
| permission. |
| |
| config SEC_RESTRICT_FORK |
| bool "Restrict forking process except allowed process" |
| depends on SEC_RESTRICT_ROOTING |
| default y |
| help |
| Say Y here if you want to restrict function related fork. Process matched |
| special condition will be not forked. Saying N will not restrict forking |
| process. |
| |
| config SEC_RESTRICT_ROOTING_LOG |
| bool "Print restricted result to kernel log" |
| depends on SEC_RESTRICT_ROOTING |
| default n |
| help |
| Say Y here if you want to see result of restricting SETUID or FORK. It will |
| be displayed by kernel error log. Saying N will not be displayed anything. |
| |
| source "drivers/hwtracing/coresight/Kconfig" |
| |
| endmenu |