increase security

PKGBUILD

@@ -32,12 +32,15 @@ _srctag=v${pkgver%.*}-${pkgver##*.}
 source=(
   https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/${_srcname}.tar.xz
   config  # the main kernel config file
+  defaultmaxASLR.patch
 )
 # https://www.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc
 sha256sums=('2be05b487eb239a3bf687d628a8f104177d09c310f00bcc2a5e50f1733421eb9'
-            '254c531c49080ffb399a6246537a9c7b65718acdf1515b72f3570d23aa0a4fe6')
+            '254c531c49080ffb399a6246537a9c7b65718acdf1515b72f3570d23aa0a4fe6'
+            '9f29efd7acf37d8e3015029216865fb590362d9589feb91dc84e68fee6dabff0')
 b2sums=('a228397902894f566d49adef24e4d44271893173cf0c58e8eb6006137dfb870b5f3aea17cadc775988a0682ba4a5261ebd3f10689b6c096f762cc8af666c56ff'
-        'ea46d444dcbec8d6edc761b84ee047b72d9d9d65802902c8fc01f0cef55adf4f16c35834c2c8c01ccb20b249efa8054f20ce851c7eb6cfd2eb2ee90ee8bf6ad5')
+        'ea46d444dcbec8d6edc761b84ee047b72d9d9d65802902c8fc01f0cef55adf4f16c35834c2c8c01ccb20b249efa8054f20ce851c7eb6cfd2eb2ee90ee8bf6ad5'
+        '30f9ecc8011b67e89166a01cf15c6994ba72cb7277cf8cce3461db66c3f0dfa77f396976dc82b6b78c723845282ea721a07a8fb1f3baff43dbf46bee10940b1a')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

README.md

@@ -1,11 +1,16 @@
-patches folder contains all the patches. files shipped are already prepatched 
+My personal custom kernel
 
-patch order:
+defaultmaxASLR.patch - increase security
+
+
+patches folder contains all the config patches. config shipped are already prepatched 
+
+config patch order:
 
 1. waydroid.patch
 2. security.patch
 
-sources: 
+config sources: 
 
 - waydroid.patch: https://wiki.archlinux.org/title/Waydroid
 - security.patch: selected from https://www.kicksecure.com/wiki/Hardened-kernel

defaultmaxASLR.patch

@@ -0,0 +1,33 @@
+From db70c38e74c8850174dcc09b302c41543583c980 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
+Date: Sat, 13 Jan 2024 15:29:25 +0100
+Subject: [PATCH] arch/Kconfig: Default to maximum amount of ASLR bits
+
+To mitigate https://zolutal.github.io/aslrnt/; do this with a patch to
+avoid having to enable `CONFIG_EXPERT`.
+---
+ arch/Kconfig | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/Kconfig b/arch/Kconfig
+index 30f7930275d838..318a4e75058b3b 100644
+--- a/arch/Kconfig
++++ b/arch/Kconfig
+@@ -1033,7 +1033,7 @@ config ARCH_MMAP_RND_BITS
+ 	int "Number of bits to use for ASLR of mmap base address" if EXPERT
+ 	range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
+ 	default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
+-	default ARCH_MMAP_RND_BITS_MIN
++	default ARCH_MMAP_RND_BITS_MAX
+ 	depends on HAVE_ARCH_MMAP_RND_BITS
+ 	help
+ 	  This value can be used to select the number of bits to use to
+@@ -1067,7 +1067,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
+ 	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
+ 	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
+ 	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
+-	default ARCH_MMAP_RND_COMPAT_BITS_MIN
++	default ARCH_MMAP_RND_COMPAT_BITS_MAX
+ 	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
+ 	help
+ 	  This value can be used to select the number of bits to use to