X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=28a955bc84e4b287f74fc0122bbbdad02fab4a78;hb=7da270d01301ee9c34c6d4b9bb5f719ad5a891a6;hp=673cb5224c9f8e02845859ce542f57dd0a835ac2;hpb=145f48a093338f00273e4a21477dddc34284ddd6;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 673cb52..28a955b 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -10,31 +10,9 @@
 # Please don't cry if my Python code looks like C.
 #
 #
-# N.B Hardening command line parameters:
+# N.B Missing hardening command line parameters:
 #    iommu=force (does it help against DMA attacks?)
 #
-# The list of disabled mitigations of CPU vulnerabilities:
-#   mitigations=off
-#   pti=off
-#   spectre_v2=off
-#   spectre_v2_user=off
-#   spec_store_bypass_disable=off
-#   l1tf=off
-#   mds=off
-#   tsx_async_abort=off
-#   srbds=off
-#   mmio_stale_data=off
-#   retbleed=off
-#     nopti
-#     nokaslr
-#     nospectre_v1
-#     nospectre_v2
-#     nospectre_bhb
-#     nospec_store_bypass_disable
-#       kpti=0
-#       ssbd=force-off
-#       nosmt (enabled)
-#
 #    Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
 #           kasan=on
 #           kasan.stacktrace=off
@@ -62,6 +40,7 @@
 #    fs.suid_dumpable=0
 #    kernel.modules_disabled=1
 #    kernel.randomize_va_space = 2
+#    nosmt sysfs control file
 
 
 # pylint: disable=missing-module-docstring,missing-class-docstring,missing-function-docstring