X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig-hardened-check.py;h=923402bf6e62cc6714b71bf616445412337d5cd5;hb=6f70c6169c43a8855be4e744b7e28bef83f3f206;hp=197d82ed33d8c2db2ac0ddd09d09cb2be3970b6c;hpb=b66e0ce2796947670b2dc15ad28f5fdc8164e82e;p=kconfig-hardened-check.git

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 197d82e..923402b 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -426,6 +426,8 @@ def construct_checklist(checklist, arch):
     checklist.append(AND(OptCheck('LDISC_AUTOLOAD',           'is not set', 'clipos', 'cut_attack_surface'), \
                          VerCheck((5, 1)))) # LDISC_AUTOLOAD can be disabled since v5.1
 
+    checklist.append(OptCheck('AIO',                  'is not set', 'grapheneos', 'cut_attack_surface'))
+
     checklist.append(OptCheck('MMIOTRACE',            'is not set', 'my', 'cut_attack_surface')) # refers to LOCKDOWN (permissive)
     checklist.append(OptCheck('LIVEPATCH',            'is not set', 'my', 'cut_attack_surface'))
     checklist.append(OptCheck('IP_DCCP',              'is not set', 'my', 'cut_attack_surface'))