X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=a13f0f84ecc4d48d3d8ba25695812af5478c6f15;hb=0a21c2cc7a6425855cc73f056511a6271b389ab5;hp=8f59b34f3fc17ba0ee287a08235f3f888499575d;hpb=f47bd6f7ed3c79d485e44f3aea2b173655707b1c;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 8f59b34..a13f0f8 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -365,6 +365,9 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_64', 'ARM64'):
         l += [KconfigCheck('self_protection', 'defconfig', 'VMAP_STACK', 'y')]
     if arch in ('X86_64', 'X86_32'):
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_INTEL', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_AMD', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
         l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
@@ -749,7 +752,8 @@ def add_cmdline_checks(l, arch):
     # 'self_protection', 'clipos'
     l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
     if arch in ('X86_64', 'X86_32'):
-        l += [CmdlineCheck('self_protection', 'clipos', 'spectre_v2', 'on')]
+        l += [AND(CmdlineCheck('self_protection', 'clipos', 'spectre_v2', 'on'),
+                  CmdlineCheck('self_protection', 'defconfig', 'nospectre_v2', 'is not set'))]
 
     # 'cut_attack_surface', 'kspp'
     if arch == 'X86_64':