X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=ef8e0df2187aa8f65b3eace1adcefd76ec15d060;hb=9cdd06a1b862e02869a3d032e07026d6e5ced080;hp=0d6a470e9b4487837d8e15d6c98b74bc6361de3e;hpb=b6930eaede680a77a8ff4c2a8c2b4ae33c9aa12e;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 0d6a470..ef8e0df 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -33,7 +33,6 @@
 #
 #    Should NOT be set:
 #           nokaslr
-#           rodata=off
 #           sysrq_always_enabled
 #           arm64.nobti
 #           arm64.nopauth
@@ -646,6 +645,11 @@ def add_cmdline_checks(l, arch):
     # Don't add CmdlineChecks in add_kconfig_checks() to avoid wrong results
     # when the tool doesn't check the cmdline.
 
+    if arch == 'ARM64':
+        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
+                 AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
+                     CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
+
     l += [OR(CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', '1'),
              AND(KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y'),
                  CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', 'is not set')))]