aboutsummaryrefslogtreecommitdiff
path: root/sys/conf/options
diff options
context:
space:
mode:
Diffstat (limited to 'sys/conf/options')
-rw-r--r--sys/conf/options8
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/conf/options b/sys/conf/options
index 882460fbf35b..774850158221 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -1021,3 +1021,11 @@ IICHID_DEBUG opt_hid.h
IICHID_SAMPLING opt_hid.h
HKBD_DFLT_KEYMAP opt_hkbd.h
HIDRAW_MAKE_UHID_ALIAS opt_hid.h
+
+# kenv options
+# The early kernel environment (loader environment, config(8)-provided static)
+# is typically cleared after the dynamic environment comes up to ensure that
+# we're not inadvertently holding on to 'secret' values in these stale envs.
+# This option is insecure except in controlled environments where the static
+# environment's contents are known to be safe.
+PRESERVE_EARLY_KENV opt_global.h