projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
GrapheneOS is the continuation of CopperheadOS
[kconfig-hardened-check.git] / kconfig-hardened-check.py
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 197d82ed33d8c2db2ac0ddd09d09cb2be3970b6c..923402bf6e62cc6714b71bf616445412337d5cd5 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -426,6 +426,8 @@ def construct_checklist(checklist, arch):
     checklist.append(AND(OptCheck('LDISC_AUTOLOAD',           'is not set', 'clipos', 'cut_attack_surface'), \
                          VerCheck((5, 1)))) # LDISC_AUTOLOAD can be disabled since v5.1
 
+    checklist.append(OptCheck('AIO',                  'is not set', 'grapheneos', 'cut_attack_surface'))
+
     checklist.append(OptCheck('MMIOTRACE',            'is not set', 'my', 'cut_attack_surface')) # refers to LOCKDOWN (permissive)
     checklist.append(OptCheck('LIVEPATCH',            'is not set', 'my', 'cut_attack_surface'))
     checklist.append(OptCheck('IP_DCCP',              'is not set', 'my', 'cut_attack_surface'))
kconfig-hardened-check