Add my recommendations for AMD (similar to CLIP OS recommendations for Intel)

Refers to the issue #19 by @HacKurx

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 962e1202b71b028344a9ce07c8589e0c11f80c07..777f8db674b3ad1cd7a24683c440528b272b7e8c 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -256,6 +256,11 @@ def construct_checklist(arch):
         checklist.append(AND(OptCheck('INTEL_IOMMU_DEFAULT_ON',   'y', 'clipos', 'self_protection'), \
                              iommu_support_is_set))
 
+    if debug_mode or arch == 'X86_64':
+        checklist.append(AND(OptCheck('AMD_IOMMU',                'y', 'my', 'self_protection'), \
+                             iommu_support_is_set))
+        checklist.append(AND(OptCheck('AMD_IOMMU_V2',             'y', 'my', 'self_protection'), \
+                             iommu_support_is_set))
     if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
         stackleak_is_set = OptCheck('GCC_PLUGIN_STACKLEAK',       'y', 'my', 'self_protection')
         checklist.append(stackleak_is_set)