projects / kconfig-hardened-check.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add a check for CONFIG_UNWIND_PATCH_PAC_INTO_SCS
[kconfig-hardened-check.git] / kernel_hardening_checker / checks.py
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index fa664e04861f31a4e655842d76bf71495cd9c6ae..e0caab63e10f6d31e4122e5884fa05170c70e049 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -241,6 +241,7 @@ def add_kconfig_checks(l, arch):
     if arch == 'ARM64':
         l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')]
+        l += [KconfigCheck('self_protection', 'kspp', 'UNWIND_PATCH_PAC_INTO_SCS', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'KASAN_HW_TAGS', 'y')] # see also: kasan=on, kasan.stacktrace=off, kasan.fault=panic
     if arch == 'X86_32':
         l += [KconfigCheck('self_protection', 'kspp', 'PAGE_TABLE_ISOLATION', 'y')]
kconfig-hardened-check