Add TODO (hardening preferences for ARM) and update README

[kconfig-hardened-check.git] / kconfig-hardened-check.py

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index e509174115c128b2fd7b9c976cad9467a09fcfff..fd7c50c7283659a0513697436e6c7abe30d63434 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -20,6 +20,8 @@
 # N.B. Hardening sysctl's:
 #    net.core.bpf_jit_harden
 #
+#
+# TODO: add hardening preferences for ARM
 
 import sys
 from argparse import ArgumentParser
@@ -108,6 +110,8 @@ def construct_checklist():
     checklist.append(OptCheck('PAGE_TABLE_ISOLATION',        'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('RETPOLINE',                   'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('X86_64',                      'y', 'ubuntu18', 'self_protection'))
+    checklist.append(OptCheck('X86_SMAP',                    'y', 'ubuntu18', 'self_protection'))
+    checklist.append(OptCheck('X86_INTEL_UMIP',              'y', 'ubuntu18', 'self_protection'))
     checklist.append(OR(OptCheck('STRICT_KERNEL_RWX',        'y', 'ubuntu18', 'self_protection'), \
                         OptCheck('DEBUG_RODATA',             'y', 'before_v4.11', 'self_protection')))
     checklist.append(OptCheck('DEBUG_WX',                    'y', 'ubuntu18', 'self_protection'))