if not ret:
# This FAIL is caused by additional checks,
# and not by the main option that this AND-check is about.
- if opt.result.startswith('FAIL: \"'):
- # Describe the reason of the FAIL.
+ # Describe the reason of the FAIL.
+ if opt.result.startswith('FAIL: \"') or opt.result == 'FAIL: not found':
self.result = 'FAIL: CONFIG_{} not "{}"'.format(opt.name, opt.expected)
+ elif opt.result == 'FAIL: not present':
+ self.result = 'FAIL: CONFIG_{} not present'.format(opt.name)
else:
# This FAIL message is self-explaining.
self.result = opt.result
if arch == 'ARM64':
l += [OptCheck('self_protection', 'defconfig', 'ARM64_PAN', 'y')]
l += [OptCheck('self_protection', 'defconfig', 'UNMAP_KERNEL_AT_EL0', 'y')]
- l += [OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y')]
+ l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'),
+ AND(OptCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y'),
+ VerCheck((5, 9))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
l += [OptCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y')]
l += [OptCheck('self_protection', 'defconfig', 'ARM64_PTR_AUTH', 'y')]
if arch in ('X86_64', 'ARM64'):
l += [OR(OptCheck('self_protection', 'kspp', 'INIT_STACK_ALL', 'y'),
OptCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y'))]
l += [OR(OptCheck('self_protection', 'kspp', 'INIT_ON_FREE_DEFAULT_ON', 'y'),
- OptCheck('self_protection', 'kspp', 'PAGE_POISONING', 'y'))] # before v5.3
+ OptCheck('self_protection', 'kspp', 'PAGE_POISONING_ZERO', 'y'))] # before v5.3
if arch in ('X86_64', 'ARM64', 'X86_32'):
stackleak_is_set = OptCheck('self_protection', 'kspp', 'GCC_PLUGIN_STACKLEAK', 'y')
l += [stackleak_is_set]
projects / kconfig-hardened-check.git / blobdiff