kernel recompilation for better hardening

hardened-vm-config:

• Debian might be interested.
  • They already have Debian -- Details of package linux-image-cloud-amd64 in buster
    • (which did not work for us - discussed in Kernel versions and security / Debian backports - contacting upstream might help to get this fixed)
  • Working with Debian might either result in get above package fixed/improved or an alternative one created.
• KSPP?
• GitHub - anthraxx/linux-hardened: Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening?
• Upstream Linux?

source code level patches:

• Submit to KSPP?
• and/or GitHub - anthraxx/linux-hardened: Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening?