GrapheneOS on Nostr: nprofile1q…e9chj The baseline kernel hardening is attack surface reduction via ...

nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqtj85y66ltw6deckl7kk8qw8akpd3y6ktd4gf2vw2ej75e9gfwftq9e9chj (nprofile…9chj) The baseline kernel hardening is attack surface reduction via disabling features, seccomp-bpf and SELinux policies far more advanced than what any desktop distribution uses. Those don't require kernel patches. Enabling the subset of the upstream security features worth using is also straightforward. Traditional distributions aren't doing those things let alone adding significant hardening to the kernel. Should start with taking advantage of what's already available upstream.