It’s really simple. It just makes any TIOCSTI call exit with ENODEV (“No such device”) if CONFIG_TIOCSTI_DISABLE is set.
This won’t lead to that. TIOCSTI is a known security risk and is rarely used and when it is used, it’s not for anything important like crypto. OpenBSD has even removed it entirely 'CVS: cvs.openbsd.org: src' - MARC
Upstream will never accept this. They instantly shot down the patch to restrict it to CAP_SYS_ADMIN LKML: Alan Cox: Re: [PATCH v6 0/2] security: tty: make TIOCSTI ioctl require CAP_SYS_ADMIN
A patch to remove it entirely is never going to happen.