From 77ee331be0958126f2f49b4889bd2196c4b2505c Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Mon, 24 Feb 2020 15:18:05 +0000
Subject: [PATCH] resources: Enable KASLR in kernel config

This option improves the security of the guest by randomising the start
address of the kernel in physical memory. We should turn this on so as
to ensure all our functionality such as memory hotplug and kernel
loading works as this is an option used widely in production.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 resources/linux-virtio-fs-virtio-iommu-config | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/resources/linux-virtio-fs-virtio-iommu-config b/resources/linux-virtio-fs-virtio-iommu-config
index fa43bbb27..d6c69dc0a 100644
--- a/resources/linux-virtio-fs-virtio-iommu-config
+++ b/resources/linux-virtio-fs-virtio-iommu-config
@@ -411,8 +411,12 @@ CONFIG_ARCH_HAS_KEXEC_PURGATORY=y
 # CONFIG_CRASH_DUMP is not set
 CONFIG_PHYSICAL_START=0x1000000
 CONFIG_RELOCATABLE=y
-# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_RANDOMIZE_BASE=y
+CONFIG_X86_NEED_RELOCS=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
+CONFIG_DYNAMIC_MEMORY_LAYOUT=y
+CONFIG_RANDOMIZE_MEMORY=y
+CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
 CONFIG_HOTPLUG_CPU=y
 # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
 # CONFIG_DEBUG_HOTPLUG_CPU0 is not set