Fix false positive about CONFIG_MODULE_SIG_FORCE.

author Alexander Popov <alex.popov@linux.com>

Mon, 4 Mar 2019 13:38:14 +0000 (16:38 +0300)

committer Alexander Popov <alex.popov@linux.com>

Mon, 4 Mar 2019 13:38:14 +0000 (16:38 +0300)
author Alexander Popov <alex.popov@linux.com>
Mon, 4 Mar 2019 13:38:14 +0000 (16:38 +0300)
committer Alexander Popov <alex.popov@linux.com>
Mon, 4 Mar 2019 13:38:14 +0000 (16:38 +0300)
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py

index 3ed0f9e9c1cf26a8e4dff19f19ab09a407c9abf8..a13969714daf4c445642711da306ad8bf29fd6f9 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -187,7 +187,8 @@ def construct_checklist(arch):
                          modules_not_set))
      checklist.append(OR(OptCheck('MODULE_SIG_SHA512',             'y', 'kspp', 'self_protection'), \
                          modules_not_set))
-    checklist.append(OptCheck('MODULE_SIG_FORCE',                 'y', 'kspp', 'self_protection')) # refers to LOCK_DOWN_KERNEL
+    checklist.append(OR(OptCheck('MODULE_SIG_FORCE',              'y', 'kspp', 'self_protection'), \
+                        modules_not_set)) # refers to LOCK_DOWN_KERNEL
      if debug_mode or arch == 'X86_64' or arch == 'X86_32':
          checklist.append(OptCheck('DEFAULT_MMAP_MIN_ADDR',        '65536', 'kspp', 'self_protection'))
          checklist.append(OptCheck('REFCOUNT_FULL',                'y', 'kspp', 'self_protection'))
author	Alexander Popov <alex.popov@linux.com>
	Mon, 4 Mar 2019 13:38:14 +0000 (16:38 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Mon, 4 Mar 2019 13:38:14 +0000 (16:38 +0300)