diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 754278de395d..c532516c557f 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -43,12 +43,15 @@ choice
 		  and information exposures.
 
 	config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-		bool "Force initialize all struct type variables passed by reference"
-		depends on GCC_PLUGIN_STRUCTLEAK
-		depends on !COMPILE_TEST
+		bool "zero-init anything passed by reference (very strong)"
+		depends on GCC_PLUGINS
+		select GCC_PLUGIN_STRUCTLEAK
 		help
-		  Zero initialize any struct type local variable that may
-		  be passed by reference without having been initialized.
+		  Zero-initialize any stack variables that may be passed
+		  by reference and had not already been explicitly
+		  initialized. This is intended to eliminate all classes
+		  of uninitialized stack variable exploits and information
+		  exposures.
 
 	config INIT_STACK_ALL
 		bool "0xAA-init everything on the stack (strongest)"