Skip normalize_cmdline_options() for the iommu cmdline parameter

[kconfig-hardened-check.git] / README.md

diff --git a/README.md b/README.md
index 0130a7c307c01fe048ac4ef1ec379620c73ef84e..e00cb0ac4e7547f0ac29da100194c12519735df4 100644 (file)
--- a/README.md
+++ b/README.md
@@ -1,9 +1,10 @@
 # kconfig-hardened-check
 
-[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kconfig-hardened-check?label=release)](https://github.com/a13xp0p0v/kconfig-hardened-check/tags)
+[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/a13xp0p0v/kconfig-hardened-check?label=release)](https://github.com/a13xp0p0v/kconfig-hardened-check/tags)<br />
 [![functional test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/functional%20test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/functional_test.yml)
+[![functional test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=functional_test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)<br />
 [![engine unit-test](https://github.com/a13xp0p0v/kconfig-hardened-check/workflows/engine%20unit-test/badge.svg)](https://github.com/a13xp0p0v/kconfig-hardened-check/actions/workflows/engine_unit-test.yml)
-[![Coverage Status](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)
+[![unit-test coverage](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check/graph/badge.svg?flag=engine_unit-test)](https://codecov.io/gh/a13xp0p0v/kconfig-hardened-check)
 
 ## Motivation
 
@@ -13,8 +14,8 @@ make our systems more secure.
 
 But nobody likes checking configs manually. So let the computers do their job!
 
-__kconfig-hardened-check__ helps me to check the Linux kernel options
-against my security hardening preferences, which are based on the
+__kconfig-hardened-check__ is a tool for checking the security hardening options of the Linux kernel.
+The recommendations are based on
 
   - [KSPP recommended settings][1]
   - [CLIP OS kernel configuration][2]
@@ -62,22 +63,20 @@ Some Linux distributions also provide `kconfig-hardened-check` as a package.
 
 ## Usage
 ```
-usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}]
-                              [-c CONFIG]
-                              [-l CMDLINE]
+usage: kconfig-hardened-check [-h] [--version] [-p {X86_64,X86_32,ARM64,ARM}] [-c CONFIG] [-l CMDLINE]
                               [-m {verbose,json,show_ok,show_fail}]
 
 A tool for checking the security hardening options of the Linux kernel
 
-optional arguments:
+options:
   -h, --help            show this help message and exit
   --version             show program's version number and exit
   -p {X86_64,X86_32,ARM64,ARM}, --print {X86_64,X86_32,ARM64,ARM}
-                        print security hardening preferences for the selected architecture
+                        print security hardening options for the selected architecture
   -c CONFIG, --config CONFIG
-                        check the kernel kconfig file against these preferences
+                        check security hardening options in the kernel kconfig file (also supports *.gz files)
   -l CMDLINE, --cmdline CMDLINE
-                        check the kernel cmdline file against these preferences
+                        check security hardening options in the kernel cmdline file
   -m {verbose,json,show_ok,show_fail}, --mode {verbose,json,show_ok,show_fail}
                         choose the report mode
 ```