projects
/
kconfig-hardened-check.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Maybe SHADOW_CALL_STACK should be alternative to STACKPROTECTOR_STRONG
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index 8f261499d7e2f5529e91c5f0be1d5c5d7f4d5221..b35f10d67f7cf4601df93b262dba5423460408d9 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-19,6
+19,7
@@
# init_on_alloc=1
# init_on_free=1
# loadpin.enforce=1
# init_on_alloc=1
# init_on_free=1
# loadpin.enforce=1
+# debugfs=no-mount (or off if possible)
#
# Mitigations of CPU vulnerabilities:
# Аrch-independent:
#
# Mitigations of CPU vulnerabilities:
# Аrch-independent:
@@
-405,7
+406,7
@@
def construct_checklist(l, arch):
l += [AND(OptCheck('self_protection', 'my', 'AMD_IOMMU_V2', 'y'),
iommu_support_is_set)]
if arch == 'ARM64':
l += [AND(OptCheck('self_protection', 'my', 'AMD_IOMMU_V2', 'y'),
iommu_support_is_set)]
if arch == 'ARM64':
- l += [OptCheck('self_protection', 'my', 'SHADOW_CALL_STACK', 'y')]
+ l += [OptCheck('self_protection', 'my', 'SHADOW_CALL_STACK', 'y')]
# maybe it should be alternative to STACKPROTECTOR_STRONG
# 'security_policy'
if arch in ('X86_64', 'ARM64', 'X86_32'):
# 'security_policy'
if arch in ('X86_64', 'ARM64', 'X86_32'):