Could you please check the diff between hardened-host-kernel and hardened-vm-kernel config?
Using your favorite diff viewer.
meld hardened-host-kernel hardened-vm-kernel
kdiff3 hardened-host-kernel hardened-vm-kernel
diff hardened-host-kernel hardened-vm-kernel
The following difference seems wrong…
hardened-host-kernel:
CONFIG_BUILD_SALT=“4.19.0-6-amd64”
hardened-vm-kernel:
CONFIG_BUILD_SALT=“4.19.0-67-amd64”
Also any other differences where the delta can be reduced? Ideally, the delta should be as minimal as possible to make this more easy to review.
Also during automated testing (CI) is there some command make defconfig, make oldconfig or similar (I don’t understand all of these yet) that could be run?
[1] Maybe we can give up on the top comment. Reset that to whatever the default is.
Then during testing run “make configsomething” (whatever appropriate) and check that our .config stays the same prior and after running “make configsomething” ?
I guess make oldconfig makes most sense and shouldn’t prompt for anything. Presupposing [1] it shouldn’t result in any changes to the .config.