168 lines
5.5 KiB
Plaintext
168 lines
5.5 KiB
Plaintext
menu "Kernel hacking"
|
|
|
|
source "lib/Kconfig.debug"
|
|
|
|
config FRAME_POINTER
|
|
bool
|
|
default y
|
|
|
|
config STRICT_DEVMEM
|
|
bool "Filter access to /dev/mem"
|
|
depends on MMU
|
|
help
|
|
If this option is disabled, you allow userspace (root) access to all
|
|
of memory, including kernel and userspace memory. Accidental
|
|
access to this is obviously disastrous, but specific access can
|
|
be used by people debugging the kernel.
|
|
|
|
If this option is switched on, the /dev/mem file only allows
|
|
userspace access to memory mapped peripherals.
|
|
|
|
If in doubt, say Y.
|
|
|
|
config ARM64_PTDUMP
|
|
bool "Export kernel pagetable layout to userspace via debugfs"
|
|
depends on DEBUG_KERNEL
|
|
select DEBUG_FS
|
|
help
|
|
Say Y here if you want to show the kernel pagetable layout in a
|
|
debugfs file. This information is only useful for kernel developers
|
|
who are working in architecture specific areas of the kernel.
|
|
It is probably not a good idea to enable this feature in a production
|
|
kernel.
|
|
If in doubt, say "N"
|
|
|
|
config EARLY_PRINTK
|
|
bool "Early printk support"
|
|
default y
|
|
help
|
|
Say Y here if you want to have an early console using the
|
|
earlyprintk=<name>[,<addr>][,<options>] kernel parameter. It
|
|
is assumed that the early console device has been initialised
|
|
by the boot loader prior to starting the Linux kernel.
|
|
|
|
comment "PowerManagement Feature"
|
|
menuconfig SEC_PM
|
|
bool "Samsung TN PowerManagement Feature"
|
|
default y
|
|
help
|
|
Samsung TN PowerManagement Feature.
|
|
|
|
if SEC_PM
|
|
config SEC_PM_DEBUG
|
|
bool "Samsung TN PowerManagement Debug Feature"
|
|
default n
|
|
help
|
|
Samsung TN PowerManagement Debug Feature.
|
|
|
|
endif
|
|
|
|
config PID_IN_CONTEXTIDR
|
|
bool "Write the current PID to the CONTEXTIDR register"
|
|
help
|
|
Enabling this option causes the kernel to write the current PID to
|
|
the CONTEXTIDR register, at the expense of some additional
|
|
instructions during context switch. Say Y here only if you are
|
|
planning to use hardware trace tools with this kernel.
|
|
|
|
config DEBUG_SET_MODULE_RONX
|
|
bool "Set loadable kernel module data as NX and text as RO"
|
|
depends on MODULES
|
|
---help---
|
|
This option helps catch unintended modifications to loadable
|
|
kernel module's text and read-only data. It also prevents execution
|
|
of module data. Such protection may interfere with run-time code
|
|
patching and dynamic kernel tracing - and they might also protect
|
|
against certain classes of kernel exploits.
|
|
If in doubt, say "N".
|
|
|
|
config FORCE_PAGES
|
|
bool "Force lowmem to be mapped with 4K pages"
|
|
help
|
|
There are some advanced debug features that can only be done when
|
|
memory is mapped with pages instead of sections. Enable this option
|
|
to always map lowmem pages with pages. This may have a performance
|
|
cost due to increased TLB pressure.
|
|
|
|
If unsure say N.
|
|
|
|
config FREE_PAGES_RDONLY
|
|
bool "Set pages as read only while on the buddy list"
|
|
select FORCE_PAGES
|
|
select DEBUG_PAGEALLOC
|
|
help
|
|
Pages are always mapped in the kernel. This means that anyone
|
|
can write to the page if they have the address. Enable this option
|
|
to mark pages as read only to trigger a fault if any code attempts
|
|
to write to a page on the buddy list. This may have a performance
|
|
impact.
|
|
|
|
If unsure, say N.
|
|
|
|
config KERNEL_TEXT_RDONLY
|
|
bool "Set kernel text section pages as read only"
|
|
depends on FREE_PAGES_RDONLY
|
|
help
|
|
The kernel text pages are always mapped in the kernel.
|
|
This means that anyone can write to the page if they have
|
|
the address. Enable this option to mark the kernel text pages
|
|
as read only to trigger a fault if any code attempts to write
|
|
to a page part of the kernel text section. This may have a
|
|
performance impact.
|
|
|
|
If unsure, say N.
|
|
|
|
config RESTART_REASON_SEC_PARAM
|
|
bool "Save restart reason in SEC param partition"
|
|
default n
|
|
help
|
|
Param partition can retain the values across reboot, hence this comes in handy backup, when restart reason saved in IMEM is lost.
|
|
|
|
comment "Samsung Rooting Restriction Feature"
|
|
config SEC_RESTRICT_ROOTING
|
|
bool "Samsung Rooting Restriction Feature"
|
|
default n
|
|
help
|
|
Restrict unauthorized executions with root permission.
|
|
|
|
config SEC_RESTRICT_SETUID
|
|
bool "Restrict changing root privilege except allowed process"
|
|
depends on SEC_RESTRICT_ROOTING
|
|
default n
|
|
help
|
|
Say Y here if you want to restrict functions related setuid. Only allowed
|
|
process can chanage ROOT privilege. Saying N will not restrict changing
|
|
permission.
|
|
|
|
config SEC_RESTRICT_FORK
|
|
bool "Restrict forking process except allowed process"
|
|
depends on SEC_RESTRICT_ROOTING
|
|
default n
|
|
help
|
|
Say Y here if you want to restrict function related fork. Process matched
|
|
special condition will be not forked. Saying N will not restrict forking
|
|
process.
|
|
|
|
config SEC_RESTRICT_ROOTING_LOG
|
|
bool "Print restricted result to kernel log"
|
|
depends on SEC_RESTRICT_ROOTING
|
|
default n
|
|
help
|
|
Say Y here if you want to see result of restricting SETUID or FORK. It will
|
|
be displayed by kernel error log. Saying N will not be displayed anything.
|
|
|
|
config UNUSED_PR_SET_TIMERSLACK_PID
|
|
bool "Unused PR_SET_TIMERSLACK_PID feature"
|
|
default n
|
|
help
|
|
Due to some potential bug of this android kernel feature that suggested by Google, it is disabled not to use in SEC project.
|
|
|
|
comment "BSP Feature"
|
|
menuconfig SEC_BSP
|
|
bool "Samsung TN BSP Feature"
|
|
default n
|
|
help
|
|
Samsung TN BSP Feature.
|
|
|
|
endmenu
|