Add randomize_kstack_offset=1 to boot parameters
This enables a security feature with low performance overhead (https://www.phoronix.com/scan.php?page=news_item&px=randomize_kstack_offset-perf). I've been testing it for a while on both Tails and other Linux systems and do not see any observable changes to usability.
There is no risk of hardware or software compatibility issues. This feature randomizes the kernel stack on each syscall to increase the difficulty of attacking the kernel.