X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig-hardened-check.py;h=834c40c5b9a440bfe084d35bfdbf669017e96926;hb=57b1cb15f4137c8a35b6030464006a14c7bf7e8a;hp=791a2f8b6c921e9492f1ffaa36ee6b9499dccaec;hpb=a28331e0845bc0e219dac410efa90e1ce7f1e6b6;p=kconfig-hardened-check.git

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 791a2f8..834c40c 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -15,6 +15,7 @@
 #    slab_nomerge
 #    pti=on
 #    kernel.kptr_restrict=1
+#    lockdown=1
 
 import sys
 from argparse import ArgumentParser
@@ -118,6 +119,7 @@ def construct_checklist():
     checklist.append(OptCheck('SLAB_FREELIST_RANDOM',        'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('HARDENED_USERCOPY',           'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('FORTIFY_SOURCE',              'y', 'ubuntu18', 'self_protection'))
+    checklist.append(OptCheck('LOCK_DOWN_KERNEL',            'y', 'ubuntu18', 'self_protection')) # remember about LOCK_DOWN_MANDATORY
     checklist.append(OR(OptCheck('STRICT_MODULE_RWX',        'y', 'ubuntu18', 'self_protection'), \
                         OptCheck('DEBUG_SET_MODULE_RONX',    'y', 'before_v4.11', 'self_protection'), \
                         modules_not_set))