# optimize vs. default security or some features KERNEL_CONFIG+=" -RCU_STALL_COMMON -NETWORK_PHY_TIMESTAMPING -KALLSYMS ISA==y;-ISA_.+" KERNEL_CONFIG+=" -SPECULATION_MITIGATIONS -PAGE_TABLE_ISOLATION -RETPOLINE -CPU_IBPB_ENTRY" KERNEL_CONFIG+=" -CPU_MITIGATIONS -MITIGATION_.+" # -EFI_STUB -RANDOMIZE_BASE -RANDOMIZE_KSTACK_OFFSET # broken in 6.6.18+ (6.7+) EFI (after offset cleanup?) use efi || KERNEL_CONFIG+=" -RELOCATABLE" KERNEL_CONFIG+=" -RANDOMIZE_BASE -RANDOMIZE_KSTACK_OFFSET" KERNEL_CONFIG+=" UNWINDER_ORC==y;-STACK_VALIDATION" KERNEL_CONFIG+=" -REFCOUNT_FULL" KERNEL_CONFIG+=" -KASAN" KERNEL_CONFIG+=" -USB_OTG_PRODUCTLIST" KERNEL_CONFIG+=" COMPAT_BRK" KERNEL_CONFIG+=" INIT_STACK_NONE" KERNEL_CONFIG+=" RANDOM_TRUST_CPU RANDOM_TRUST_BOOTLOADER" KERNEL_CONFIG+=" -GENTOO_KERNEL_SELF_PROTECTION"