Documentation updates

b3ab0ddc · Opt Out · f9df8767 · b3ab0ddc
Verified Commit b3ab0ddc authored Feb 1, 2024 by Opt Out
--- a/README.md
+++ b/README.md
@@ -11,6 +11,11 @@
 ### Trimming Efforts
 - While linux-hardened security patchsets along with kernel configurations are notable for this kernel project, the purpose was to practice minimalism by reducing the size of the linux kernel, thereby cutting attack surface. This is not a trivial thing to record, therefore we are displaying the size purely as a point of comparison.

+|Plague |
+|--- | --- |
+|Size (/lib/modules/)|47.0 MB |
+|Size (vmlinuz)|8.1 MB|
+

 ### Current kconfig-hardened-check results
 #### Successes
@@ -185,6 +190,7 @@ CONFIG_TRIM_UNUSED_KSYMS                |     y      |    my    |cut_attack_surf
 CONFIG_MODULE_FORCE_LOAD                | is not set |    my    |cut_attack_surface| OK
 CONFIG_COREDUMP                         | is not set |  clipos  | harden_userspace | OK
 CONFIG_ARCH_MMAP_RND_BITS               |     32     |    my    | harden_userspace | OK
+CONFIG_BINFMT_MISC                      | is not set |   kspp   |cut_attack_surface| OK

 #### Fails
 Option | Desired Value | Source | Reason | Result |
@@ -210,7 +216,6 @@ CONFIG_CFI_CLANG                        |     y      |   kspp   | self_protectio
 CONFIG_CFI_PERMISSIVE                   | is not set |   kspp   | self_protection  | FAIL: CONFIG_CFI_CLANG is not "y"
 CONFIG_SECURITY_SELINUX_BOOTPARAM       | is not set |   kspp   | security_policy  | FAIL: "y"
 CONFIG_SECURITY_SELINUX_DEVELOP         | is not set |   kspp   | security_policy  | FAIL: "y"
-CONFIG_BINFMT_MISC                      | is not set |   kspp   |cut_attack_surface| FAIL: "m"
 CONFIG_MODULES                          | is not set |   kspp   |cut_attack_surface| FAIL: "y"
 CONFIG_FAIL_FUTEX                       | is not set |  grsec   |cut_attack_surface| OK: is not found
 CONFIG_KCMP                             | is not set |  grsec   |cut_attack_surface| FAIL: "y"
@@ -220,5 +225,5 @@ CONFIG_USER_NS                          | is not set |  clipos  |cut_attack_surf
 CONFIG_BPF_SYSCALL                      | is not set | lockdown |cut_attack_surface| FAIL: "y"

 ```
-[+] Config check is finished: 'OK' - 168 / 'FAIL' - 28
+[+] Config check is finished: 'OK' - 169 / 'FAIL' - 27