Drop the comment about mitigations of CPU vulnerabilities

[kconfig-hardened-check.git] / kconfig_hardened_check / __init__.py

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index d10cc623f360a5d24a8bf16c15075acf2e9a095a..fbbc3aa8e4bffa69adbfeb15c85cf14f5e2c5c25 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -10,14 +10,9 @@
 # Please don't cry if my Python code looks like C.
 #
 #
-# N.B Hardening command line parameters:
+# N.B Missing hardening command line parameters:
 #    iommu=force (does it help against DMA attacks?)
 #
-#    Mitigations of CPU vulnerabilities:
-#       Аrch-independent:
-#       X86:
-#           l1d_flush=on (a part of the l1tf option)
-#
 #    Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
 #           kasan=on
 #           kasan.stacktrace=off
@@ -721,6 +716,7 @@ def add_cmdline_checks(l, arch):
     l += [CmdlineCheck('self_protection', 'defconfig', 'nopti', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v1', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v2', 'is not set')]
+    l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_bhb', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'nospec_store_bypass_disable', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'arm64.nobti', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'arm64.nopauth', 'is not set')]