Check x86 hardening features: X86_SMAP and X86_INTEL_UMIP

author Alexander Popov <alex.popov@linux.com>

Wed, 12 Dec 2018 21:55:34 +0000 (00:55 +0300)

committer Alexander Popov <alex.popov@linux.com>

Wed, 12 Dec 2018 21:55:34 +0000 (00:55 +0300)
author Alexander Popov <alex.popov@linux.com>
Wed, 12 Dec 2018 21:55:34 +0000 (00:55 +0300)
committer Alexander Popov <alex.popov@linux.com>
Wed, 12 Dec 2018 21:55:34 +0000 (00:55 +0300)
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py

index e509174115c128b2fd7b9c976cad9467a09fcfff..7e8b869f649efc85f9ad4b5dfd6f980175b3c0e0 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -108,6 +108,8 @@ def construct_checklist():
      checklist.append(OptCheck('PAGE_TABLE_ISOLATION',        'y', 'ubuntu18', 'self_protection'))
      checklist.append(OptCheck('RETPOLINE',                   'y', 'ubuntu18', 'self_protection'))
      checklist.append(OptCheck('X86_64',                      'y', 'ubuntu18', 'self_protection'))
+    checklist.append(OptCheck('X86_SMAP',                    'y', 'ubuntu18', 'self_protection'))
+    checklist.append(OptCheck('X86_INTEL_UMIP',              'y', 'ubuntu18', 'self_protection'))
      checklist.append(OR(OptCheck('STRICT_KERNEL_RWX',        'y', 'ubuntu18', 'self_protection'), \
                          OptCheck('DEBUG_RODATA',             'y', 'before_v4.11', 'self_protection')))
      checklist.append(OptCheck('DEBUG_WX',                    'y', 'ubuntu18', 'self_protection'))
author	Alexander Popov <alex.popov@linux.com>
	Wed, 12 Dec 2018 21:55:34 +0000 (00:55 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Wed, 12 Dec 2018 21:55:34 +0000 (00:55 +0300)