projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Remember about the nosmt sysfs control file
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index 8130dd4027a89fb27bddd463ac374f329a3bfb3d..28a955bc84e4b287f74fc0122bbbdad02fab4a78 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-10,14
+10,9
@@
# Please don't cry if my Python code looks like C.
#
#
# Please don't cry if my Python code looks like C.
#
#
-# N.B
H
ardening command line parameters:
+# N.B
Missing h
ardening command line parameters:
# iommu=force (does it help against DMA attacks?)
#
# iommu=force (does it help against DMA attacks?)
#
-# Mitigations of CPU vulnerabilities:
-# Аrch-independent:
-# X86:
-# l1d_flush=on (a part of the l1tf option)
-#
# Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
# kasan=on
# kasan.stacktrace=off
# Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
# kasan=on
# kasan.stacktrace=off
@@
-45,6
+40,7
@@
# fs.suid_dumpable=0
# kernel.modules_disabled=1
# kernel.randomize_va_space = 2
# fs.suid_dumpable=0
# kernel.modules_disabled=1
# kernel.randomize_va_space = 2
+# nosmt sysfs control file
# pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring
# pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring