diff mbox series

[3/3] linux: Align default IOMMU handling on aarch64

Message ID f117b300-14e5-f625-f938-a23746a6eca5@ipfire.org
State Accepted
Commit 7f8b75f8badcfb58710093a4d352cff6fec59b70
Headers
Series [1/3] linux: Enable Indirect Branch Tracking by default |

Commit Message

Peter Müller July 9, 2023, 2:56 p.m. UTC 
  Resorting to strict default IOMMU handling has been our default for
several Core Updates on x86_64 by now, so bring this security
improvement to our aarch64 userbase as well.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index a85704e96..dec736a56 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -7257,9 +7257,9 @@  CONFIG_IOMMU_IO_PGTABLE_LPAE=y
 # CONFIG_IOMMU_IO_PGTABLE_DART is not set
 # end of Generic IOMMU Pagetable Support
 
-# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set
+CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
 # CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set
-CONFIG_IOMMU_DEFAULT_PASSTHROUGH=y
+# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set
 CONFIG_OF_IOMMU=y
 CONFIG_IOMMU_DMA=y
 CONFIG_ROCKCHIP_IOMMU=y