X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=ea5a4c9de40e03d66b56cf414840a840c942bc86;hb=75bed5d6178375a64f93ced4795ee0cf47442df1;hp=f56ee3775f2c44beb4a9d03c33a5bb58c46061be;hpb=bb2cacde34665bab16e7d2ea09972758a2372934;p=kconfig-hardened-check.git diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index f56ee37..ea5a4c9 100755 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -102,7 +102,6 @@ class OptCheck: print('CONFIG_{:<38}|{:^13}|{:^10}|{:^20}'.format(self.name, self.expected, self.decision, self.reason), end='') if with_results: print('| {}'.format(self.result), end='') - print() class VerCheck: @@ -129,7 +128,26 @@ class VerCheck: print('{:<91}'.format(ver_req), end='') if with_results: print('| {}'.format(self.result), end='') - print() + + +class PresenceCheck: + def __init__(self, name): + self.name = name + self.state = None + self.result = None + + def check(self): + if self.state is None: + self.result = 'FAIL: not present' + return False, self.result + else: + self.result = 'OK: is present' + return True, self.result + + def table_print(self, with_results): + print('CONFIG_{:<84}'.format(self.name + ' is present'), end='') + if with_results: + print('| {}'.format(self.result), end='') class ComplexOptCheck: @@ -162,12 +180,14 @@ class ComplexOptCheck: print(' {:87}'.format('<<< ' + self.__class__.__name__ + ' >>>'), end='') if with_results: print('| {}'.format(self.result), end='') - print() for o in self.opts: + print() o.table_print(with_results) else: o = self.opts[0] - o.table_print(with_results) + o.table_print(False) + if with_results: + print('| {}'.format(self.result), end='') class OR(ComplexOptCheck): @@ -439,6 +459,10 @@ def construct_checklist(checklist, arch): checklist.append(OptCheck('DEBUG_FS', 'is not set', 'grsecurity', 'cut_attack_surface')) # refers to LOCKDOWN checklist.append(OptCheck('NOTIFIER_ERROR_INJECTION','is not set', 'grsecurity', 'cut_attack_surface')) + checklist.append(OptCheck('DRM_LEGACY', 'is not set', 'maintainer', 'cut_attack_surface')) + checklist.append(OptCheck('FB', 'is not set', 'maintainer', 'cut_attack_surface')) + checklist.append(OptCheck('VT', 'is not set', 'maintainer', 'cut_attack_surface')) + checklist.append(OptCheck('ACPI_TABLE_UPGRADE', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN checklist.append(OptCheck('X86_IOPL_IOPERM', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN checklist.append(OptCheck('EFI_TEST', 'is not set', 'lockdown', 'cut_attack_surface')) # refers to LOCKDOWN @@ -458,7 +482,7 @@ def construct_checklist(checklist, arch): checklist.append(OptCheck('X86_MSR', 'is not set', 'clipos', 'cut_attack_surface')) # refers to LOCKDOWN checklist.append(OptCheck('X86_CPUID', 'is not set', 'clipos', 'cut_attack_surface')) checklist.append(AND(OptCheck('LDISC_AUTOLOAD', 'is not set', 'clipos', 'cut_attack_surface'), \ - VerCheck((5, 1)))) # LDISC_AUTOLOAD can be disabled since v5.1 + PresenceCheck('LDISC_AUTOLOAD'))) checklist.append(OptCheck('AIO', 'is not set', 'grapheneos', 'cut_attack_surface')) @@ -508,6 +532,7 @@ def print_checklist(checklist, with_results): # table contents for opt in checklist: opt.table_print(with_results) + print() if debug_mode: print('-' * sep_line_len) print()