Check that --config and --print are not used together

[kconfig-hardened-check.git] / kconfig_hardened_check / __init__.py

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index fa06f8ecf169e388e931301bd47ad3c0fbab9dde..01ffcbdd0a2cdd18ecd1ee0396d152c175d6c770 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -26,7 +26,6 @@
 #           mitigations=auto,nosmt (nosmt is slow)
 #       X86:
 #           spectre_v2=on
-#           pti=on
 #           spec_store_bypass_disable=on
 #           l1tf=full,force
 #           l1d_flush=on (a part of the l1tf option)
@@ -661,6 +660,8 @@ def add_cmdline_checks(l, arch):
     # Calling the CmdlineCheck class constructor:
     #     CmdlineCheck(reason, decision, name, expected)
 
+    if arch in ('X86_64', 'X86_32'):
+        l += [CmdlineCheck('self_protection', 'kspp', 'pti', 'on')]
     # TODO: add other
 
 
@@ -850,6 +851,9 @@ def main():
     config_checklist = []
 
     if args.config:
+        if args.print:
+            sys.exit('[!] ERROR: --config and --print can\'t be used together')
+
         if mode != 'json':
             print('[+] Kconfig file to check: {}'.format(args.config))
             if args.cmdline: