projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Check that --config and --print are not used together
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index fa06f8ecf169e388e931301bd47ad3c0fbab9dde..01ffcbdd0a2cdd18ecd1ee0396d152c175d6c770 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-26,7
+26,6
@@
# mitigations=auto,nosmt (nosmt is slow)
# X86:
# spectre_v2=on
# mitigations=auto,nosmt (nosmt is slow)
# X86:
# spectre_v2=on
-# pti=on
# spec_store_bypass_disable=on
# l1tf=full,force
# l1d_flush=on (a part of the l1tf option)
# spec_store_bypass_disable=on
# l1tf=full,force
# l1d_flush=on (a part of the l1tf option)
@@
-661,6
+660,8
@@
def add_cmdline_checks(l, arch):
# Calling the CmdlineCheck class constructor:
# CmdlineCheck(reason, decision, name, expected)
# Calling the CmdlineCheck class constructor:
# CmdlineCheck(reason, decision, name, expected)
+ if arch in ('X86_64', 'X86_32'):
+ l += [CmdlineCheck('self_protection', 'kspp', 'pti', 'on')]
# TODO: add other
# TODO: add other
@@
-850,6
+851,9
@@
def main():
config_checklist = []
if args.config:
config_checklist = []
if args.config:
+ if args.print:
+ sys.exit('[!] ERROR: --config and --print can\'t be used together')
+
if mode != 'json':
print('[+] Kconfig file to check: {}'.format(args.config))
if args.cmdline:
if mode != 'json':
print('[+] Kconfig file to check: {}'.format(args.config))
if args.cmdline: