diff --git a/meta-ohos-core/recipes-kernel/linux/linux-yocto-all.inc b/meta-ohos-core/recipes-kernel/linux/linux-yocto-all.inc
index 81334c2df238236dfc9284ce79fedb4f2196f0fa..0db2de8e41a94dcfa54e04015f72a2bb123e6d43 100644
--- a/meta-ohos-core/recipes-kernel/linux/linux-yocto-all.inc
+++ b/meta-ohos-core/recipes-kernel/linux/linux-yocto-all.inc
@@ -5,6 +5,15 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
 
 SRC_URI += "file://misc.cfg"
+SRC_URI += "file://hardening_allocator.cfg"
+SRC_URI += "file://hardening_allocator_perf.cfg"
+SRC_URI += "file://hardening_disable_misc.cfg"
+SRC_URI += "file://hardening_dmesg.cfg"
+SRC_URI += "file://hardening_fortify_source.cfg"
+SRC_URI += "file://hardening_memory.cfg"
+# SRC_URI += "file://hardening_oops.cfg"
+SRC_URI += "file://hardening_usercopy.cfg"
+SRC_URI += "file://hardening_validation_checks.cfg"
 
 # For the gcc-plugins build of the kernel we need to ensure the right include
 # path for headers is picked up to use the natively build dependencies.
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_allocator.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_allocator.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..918b9b09911c61b63256d473c9c61771eaffaf3d
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_allocator.cfg
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Randomize freelist order. Reduces predictability of the kernel slab allocator
+CONFIG_SLAB_FREELIST_RANDOM=y
+CONFIG_SLAB_FREELIST_HARDENED=y
+#
+# Randomize the page allocator. Can improve performance
+CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_allocator_perf.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_allocator_perf.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..254845e0dbf5abad7ebab7c5c71e4cce3e1a7ae9
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_allocator_perf.cfg
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Fill pages with poison when freed. Requires page_poison=1 at the kernel boot
+CONFIG_PAGE_POISONING=y
+CONFIG_PAGE_POISONING_NO_SANITY=y
+CONFIG_PAGE_POISONING_ZERO=y
+#
+# Zero memory when allocated. Can disable with init_on_alloc=0 on the kernel boot
+# Might have performance impact
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+# Zero memory when freed. Can disable with init_on_free=0 on the kernel boot
+# Can have performance impact
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_disable_misc.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_disable_misc.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..2f7b3ea03b1145aea46bc13076311fba09595d4f
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_disable_misc.cfg
@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Make sure heap randomization is enabled
+# CONFIG_COMPAT_BRK is not set
+
+# Remove /proc/kcore
+# CONFIG_PROC_KCORE is not set
+
+# Disable wrapped binary formats
+# CONFIG_BINFMT_MISC is not set
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_dmesg.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_dmesg.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..b03fa4ec1c17d9106f4642b636196d70750b7849
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_dmesg.cfg
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Restict unprivlidged users from reading the kernel dmesg
+CONFIG_SECURITY_DMESG_RESTRICT=y
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_fortify_source.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_fortify_source.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..0a4ce1c325fa203d5fe8293988f2ef391fc4bb68
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_fortify_source.cfg
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Detect buffer overflows on string and memory functions, when the compiler
+# can verify the buffer sizes
+CONFIG_FORTIFY_SOURCE=y
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_memory.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_memory.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..81ca6b1274ce836ab2ae08b315bec40c044fc20f
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_memory.cfg
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Report dangerous memory permissions W+X (write+execute) at boot time
+# Output is in the dmesg log
+CONFIG_DEBUG_WX=y
+
+# Disable access to all memory for root
+# CONFIG_DEVMEM is not set
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_oops.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_oops.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..8a31e870d1c7c0209f004d2135158eafb40a95d4
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_oops.cfg
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Always panic when get an oops
+CONFIG_PANIC_ON_OOPS=y
+CONFIG_PANIC_TIMEOUT=-1
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_usercopy.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_usercopy.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..ed14f4a2b0432777c4daea0342219937f1deedd5
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_usercopy.cfg
@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Perform boundary checks on memory when copying to/from the kernel.
+# Also disable whitelisting with the above check
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
diff --git a/meta-ohos-core/recipes-kernel/linux/linux/hardening_validation_checks.cfg b/meta-ohos-core/recipes-kernel/linux/linux/hardening_validation_checks.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..3f6f7343e6c4f29a9239659895758bb90044d5b5
--- /dev/null
+++ b/meta-ohos-core/recipes-kernel/linux/linux/hardening_validation_checks.cfg
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Needed for CONFIG_SCHED_STACK_END_CHECK
+CONFIG_DEBUG_KERNEL=y
+
+# Validate common data structures
+# add CONFIG_DEBUG_CREDENTIALS=y
+CONFIG_DEBUG_NOTIFIERS=y
+CONFIG_DEBUG_LIST=y
+CONFIG_DEBUG_SG=y
+
+# Do a BUG() if a data corruption is detected
+CONFIG_BUG_ON_DATA_CORRUPTION=y
+# Check stack overflow when calling schedule()
+CONFIG_SCHED_STACK_END_CHECK=y