# Kernel Hardening > Objective, measurement-backed analysis of Root Lock by HeartSuite's kernel hardening posture — design rationale, comparison against industry references, and reproducible evidence. --- LLMS index: [llms.txt](/llms.txt) --- Root Lock by HeartSuite runs a custom-built Linux kernel (5.19.6) with a specific hardening philosophy: remove the kernel subsystems that make security-control bypass possible, rather than patch around them. This section documents that posture with reproducible measurements. Every number derives from the open-source `kernel-hardening-checker` tool applied identically to HeartSuite and the reference kernels. No estimates. The raw evidence file and the config SHA-256 are included so any qualified team can verify independently. ## In this section - [Comparison Matrix](kernel-comparison-matrix-5.19.6/) — Full scoring table: HeartSuite vs vanilla defconfig, Debian, NixOS hardened, Arch hardened, and KSPP target. Two axes: attack-surface reduction and exploit-resistance mitigations. - [LSM Comparison](lsm-comparison/) — HeartSuite vs SELinux, AppArmor, and TOMOYO: enforcement model, bypass-primitive resistance, and co-existence. - [Auditor Brief](auditor-brief/) — Threat model, measured strengths and gaps, residual risks, and self-reproduction commands for security auditors and red teams. - [Procurement Brief](procurement-brief/) — Plain-language comparison table and decision guide for buyers. - [Analyst Summary](analyst-summary/) — Non-technical summary for journalists and analysts, with fact-checker citations. --- Section pages: - [Kernel Hardening Comparison Matrix](/docs/kernel-hardening/kernel-comparison-matrix-5.19.6/): Objective comparison of Root Lock by HeartSuite 5.19.6 kernel configuration against industry hardened kernels and standard references, using kernel-hardening-checker (commit b9b83a0). - [Security Auditor Brief: Kernel Hardening Posture](/docs/kernel-hardening/auditor-brief/): Technical assessment of Root Lock by HeartSuite kernel 5.19.6 hardening posture for security auditors and red teams — threat model, measured scores, residual risks, and self-reproduction instructions. - [Procurement Brief: Kernel Hardening at a Glance](/docs/kernel-hardening/procurement-brief/): Plain-language comparison of Root Lock by HeartSuite kernel hardening against industry alternatives — for buyers and security decision-makers. - [LSM Comparison: HeartSuite vs SELinux, AppArmor, and TOMOYO](/docs/kernel-hardening/lsm-comparison/): Comparison of Root Lock by HeartSuite's enforcement model against SELinux, AppArmor, and TOMOYO — focused on bypass-primitive resistance and purpose-fit for containment deployments. - [Analyst Summary: HeartSuite Kernel Hardening](/docs/kernel-hardening/analyst-summary/): Plain-language summary of Root Lock by HeartSuite kernel hardening for journalists, analysts, and non-technical reviewers — with fact-checker citations.