File tree Expand file tree Collapse file tree 2 files changed +1
-29
lines changed Expand file tree Collapse file tree 2 files changed +1
-29
lines changed Original file line number Diff line number Diff line change @@ -9,6 +9,7 @@ config ARM64
99 select ACPI_MCFG if (ACPI && PCI)
1010 select ACPI_SPCR_TABLE if ACPI
1111 select ACPI_PPTT if ACPI
12+ select ARCH_HAS_DEBUG_WX
1213 select ARCH_BINFMT_ELF_STATE
1314 select ARCH_HAS_DEBUG_VIRTUAL
1415 select ARCH_HAS_DEVMEM_IS_ALLOWED
Original file line number Diff line number Diff line change @@ -23,35 +23,6 @@ config ARM64_RANDOMIZE_TEXT_OFFSET
2323 of TEXT_OFFSET and platforms must not require a specific
2424 value.
2525
26- config DEBUG_WX
27- bool "Warn on W+X mappings at boot"
28- select PTDUMP_CORE
29- ---help---
30- Generate a warning if any W+X mappings are found at boot.
31-
32- This is useful for discovering cases where the kernel is leaving
33- W+X mappings after applying NX, as such mappings are a security risk.
34- This check also includes UXN, which should be set on all kernel
35- mappings.
36-
37- Look for a message in dmesg output like this:
38-
39- arm64/mm: Checked W+X mappings: passed, no W+X pages found.
40-
41- or like this, if the check failed:
42-
43- arm64/mm: Checked W+X mappings: FAILED, <N> W+X pages found.
44-
45- Note that even if the check fails, your kernel is possibly
46- still fine, as W+X mappings are not a security hole in
47- themselves, what they do is that they make the exploitation
48- of other unfixed kernel bugs easier.
49-
50- There is no runtime or memory usage effect of this option
51- once the kernel has booted up - it's a one time check.
52-
53- If in doubt, say "Y".
54-
5526config DEBUG_EFI
5627 depends on EFI && DEBUG_INFO
5728 bool "UEFI debugging"
You can’t perform that action at this time.
0 commit comments