Skip normalize_cmdline_options() for the ssbd cmdline parameter

[kconfig-hardened-check.git] / kconfig_hardened_check / checks.py

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index ab25afa41b00d6b179a0174e903fc35560fef780..b83be112f2143e50ae2edfbd24c18614f7022559 100644 (file)
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -48,6 +48,7 @@ This module contains knowledge for checks.
 #    intel_iommu=on
 #    amd_iommu=on
 #    efi=disable_early_pci_dma
+#    cfi=
 
 # pylint: disable=missing-function-docstring,line-too-long,invalid-name
 # pylint: disable=too-many-branches,too-many-statements
@@ -116,6 +117,7 @@ def add_kconfig_checks(l, arch):
     if arch == 'X86_64':
         l += [KconfigCheck('self_protection', 'defconfig', 'PAGE_TABLE_ISOLATION', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_MEMORY', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_KERNEL_IBT', 'y')]
         l += [AND(KconfigCheck('self_protection', 'defconfig', 'INTEL_IOMMU', 'y'),
                   iommu_support_is_set)]
         l += [AND(KconfigCheck('self_protection', 'defconfig', 'AMD_IOMMU', 'y'),
@@ -586,6 +588,7 @@ no_kstrtobool_options = [
     'srbds', # See srbds_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
     'mmio_stale_data', # See mmio_stale_data_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
     'retbleed', # See retbleed_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+    'ssbd', # See parse_spectre_v4_param() in arch/arm64/kernel/proton-pack.c
     'tsx' # See tsx_init() in arch/x86/kernel/cpu/tsx.c
 ]