+ l += [OR(KconfigCheck('self_protection', 'kspp', 'EFI_DISABLE_PCI_DMA', 'y'),
+ efi_not_set)]
+ l += [OR(KconfigCheck('self_protection', 'kspp', 'RESET_ATTACK_MITIGATION', 'y'),
+ efi_not_set)] # needs userspace support (systemd)
+ ubsan_bounds_is_set = KconfigCheck('self_protection', 'kspp', 'UBSAN_BOUNDS', 'y')
+ l += [ubsan_bounds_is_set]
+ l += [OR(KconfigCheck('self_protection', 'kspp', 'UBSAN_LOCAL_BOUNDS', 'y'),
+ AND(ubsan_bounds_is_set,
+ cc_is_gcc))]
+ l += [AND(KconfigCheck('self_protection', 'kspp', 'UBSAN_TRAP', 'y'),
+ ubsan_bounds_is_set,
+ KconfigCheck('self_protection', 'kspp', 'UBSAN_SHIFT', 'is not set'),
+ KconfigCheck('self_protection', 'kspp', 'UBSAN_DIV_ZERO', 'is not set'),
+ KconfigCheck('self_protection', 'kspp', 'UBSAN_UNREACHABLE', 'is not set'),
+ KconfigCheck('self_protection', 'kspp', 'UBSAN_BOOL', 'is not set'),
+ KconfigCheck('self_protection', 'kspp', 'UBSAN_ENUM', 'is not set'),
+ KconfigCheck('self_protection', 'kspp', 'UBSAN_ALIGNMENT', 'is not set'))] # only array index bounds checking with traps