projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add the 'nospectre_v2' check
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index 87fefd15f7b14e6b4d585d04c47f72ce487398cb..1d74ee55d26c68f7427419812e67bf19711e9358 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-698,7
+698,10
@@
def add_cmdline_checks(l, arch):
# very complex and not give a 100% guarantee anyway.
# 'self_protection', 'defconfig'
# very complex and not give a 100% guarantee anyway.
# 'self_protection', 'defconfig'
+ l += [CmdlineCheck('self_protection', 'defconfig', 'nosmep', 'is not set')]
+ l += [CmdlineCheck('self_protection', 'defconfig', 'nosmap', 'is not set')]
l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v1', 'is not set')]
l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v1', 'is not set')]
+ l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v2', 'is not set')]
if arch == 'ARM64':
l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
if arch == 'ARM64':
l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
@@
-745,9
+748,6
@@
def add_cmdline_checks(l, arch):
# 'self_protection', 'clipos'
l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
# 'self_protection', 'clipos'
l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
- # 'self_protection', 'my'
- l += [CmdlineCheck('self_protection', 'my', 'nosmep', 'is not set')]
- l += [CmdlineCheck('self_protection', 'my', 'nosmap', 'is not set')]
# 'cut_attack_surface', 'kspp'
if arch == 'X86_64':
# 'cut_attack_surface', 'kspp'
if arch == 'X86_64':