X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2F__init__.py;h=fbbc3aa8e4bffa69adbfeb15c85cf14f5e2c5c25;hb=9178899d93602e9fe32a504170c11804acdf2148;hp=d10cc623f360a5d24a8bf16c15075acf2e9a095a;hpb=ddb3e3948fd8727b27f413a1e130695b9c05c53c;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index d10cc62..fbbc3aa 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -10,14 +10,9 @@
 # Please don't cry if my Python code looks like C.
 #
 #
-# N.B Hardening command line parameters:
+# N.B Missing hardening command line parameters:
 #    iommu=force (does it help against DMA attacks?)
 #
-#    Mitigations of CPU vulnerabilities:
-#       Аrch-independent:
-#       X86:
-#           l1d_flush=on (a part of the l1tf option)
-#
 #    Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
 #           kasan=on
 #           kasan.stacktrace=off
@@ -721,6 +716,7 @@ def add_cmdline_checks(l, arch):
     l += [CmdlineCheck('self_protection', 'defconfig', 'nopti', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v1', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v2', 'is not set')]
+    l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_bhb', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'nospec_store_bypass_disable', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'arm64.nobti', 'is not set')]
     l += [CmdlineCheck('self_protection', 'defconfig', 'arm64.nopauth', 'is not set')]