if debug_mode or arch == 'ARM':
checklist.append(OptCheck('VMSPLIT_3G', 'y', 'defconfig', 'self_protection'))
checklist.append(OptCheck('CPU_SW_DOMAIN_PAN', 'y', 'defconfig', 'self_protection'))
+ checklist.append(OptCheck('STACKPROTECTOR_PER_TASK', 'y', 'defconfig', 'self_protection'))
if debug_mode or arch == 'ARM64' or arch == 'ARM':
checklist.append(OptCheck('REFCOUNT_FULL', 'y', 'defconfig', 'self_protection'))
checklist.append(OptCheck('HARDEN_BRANCH_PREDICTOR', 'y', 'defconfig', 'self_protection'))
iommu_support_is_set))
if debug_mode or arch == 'X86_32':
checklist.append(OptCheck('PAGE_TABLE_ISOLATION', 'y', 'my', 'self_protection'))
- if debug_mode or arch == 'ARM':
- checklist.append(OptCheck('STACKPROTECTOR_PER_TASK', 'y', 'my', 'self_protection'))
if debug_mode or arch == 'X86_64' or arch == 'ARM64' or arch == 'X86_32':
checklist.append(OptCheck('SECURITY', 'y', 'defconfig', 'security_policy')) # and choose your favourite LSM
print()
-def get_option_state(options, name):
- return options.get(name, None)
-
-
def perform_checks(checklist, parsed_options):
for opt in checklist:
if hasattr(opt, 'opts'):
+ # prepare ComplexOptCheck
for o in opt.opts:
- o.state = get_option_state(parsed_options, o.name)
+ o.state = parsed_options.get(o.name, None)
else:
- opt.state = get_option_state(parsed_options, opt.name)
+ # prepare OptCheck
+ opt.state = parsed_options.get(opt.name, None)
opt.check()
projects / kconfig-hardened-check.git / blobdiff