Update the KSPP recommendations

kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm.config

-# CONFIGs
-# Linux/arm 5.17.0 Kernel Configuration
+# Linux/arm 6.1.5 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y

kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-arm64.config

-# CONFIGs
-# Linux/arm64 5.17.0 Kernel Configuration
+# Linux/arm64 6.1.5 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -238,6 +237,9 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=32768
 # Randomize position of kernel (requires UEFI RNG or bootloader support for /chosen/kaslr-seed DT property).
 CONFIG_RANDOMIZE_BASE=y
 
+# Remove arm32 support to reduce syscall attack surface.
+# CONFIG_COMPAT is not set
+
 # Make sure PAN emulation is enabled.
 CONFIG_ARM64_SW_TTBR0_PAN=y
 

kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-32.config

-# CONFIGs
-# Linux/i386 5.17.0 Kernel Configuration
+# Linux/i386 6.1.5 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y

kconfig_hardened_check/config_files/kspp-recommendations/kspp-recommendations-x86-64.config

-# CONFIGs
-# Linux/x86_64 5.17.0 Kernel Configuration
+# Linux/x86_64 6.1.5 Kernel Configuration
 
 # Report BUG() conditions and kill the offending process.
 CONFIG_BUG=y
@@ -249,9 +248,11 @@ CONFIG_LEGACY_VSYSCALL_NONE=y
 # Enable Kernel Page Table Isolation to remove an entire class of cache timing side-channels.
 CONFIG_PAGE_TABLE_ISOLATION=y
 
-# Remove additional attack surface, unless you really need them.
+# Remove additional (32-bit) attack surface, unless you really need them.
+# CONFIG_COMPAT is not set
 # CONFIG_IA32_EMULATION is not set
 # CONFIG_X86_X32 is not set
+# CONFIG_X86_X32_ABI is not set
 # CONFIG_MODIFY_LDT_SYSCALL is not set
 
 # Enable chip-specific IOMMU support.