X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fchecks.py;h=31a5b12b8425a44fae29a43a33f741734d621cef;hb=0b1c6d98f075dffcc4d1729e00e04b0854f378eb;hp=b83be112f2143e50ae2edfbd24c18614f7022559;hpb=8c565d5f86789588dee14c01339dbead2d234502;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index b83be11..31a5b12 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -1,9 +1,7 @@
 #!/usr/bin/python3
 
 """
-This tool helps me to check Linux kernel options against
-my security hardening preferences for X86_64, ARM64, X86_32, and ARM.
-Let the computers do their job!
+This tool is for checking the security hardening options of the Linux kernel.
 
 Author: Alexander Popov <alex.popov@linux.com>
 
@@ -490,7 +488,7 @@ def add_cmdline_checks(l, arch):
                  AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
                      CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
     else:
-        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', '1'),
+        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'on'),
                  CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set'))]
 
     # 'self_protection', 'kspp'
@@ -588,7 +586,13 @@ no_kstrtobool_options = [
     'srbds', # See srbds_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
     'mmio_stale_data', # See mmio_stale_data_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
     'retbleed', # See retbleed_parse_cmdline() in arch/x86/kernel/cpu/bugs.c
+    'rodata', # See set_debug_rodata() in init/main.c
     'ssbd', # See parse_spectre_v4_param() in arch/arm64/kernel/proton-pack.c
+    'slub_debug', # See setup_slub_debug() in mm/slub.c
+    'iommu', # See iommu_setup() in arch/x86/kernel/pci-dma.c
+    'vsyscall', # See vsyscall_setup() in arch/x86/entry/vsyscall/vsyscall_64.c
+    'vdso32', # See vdso32_setup() in arch/x86/entry/vdso/vdso32-setup.c
+    'vdso', # See vdso32_setup() in arch/x86/entry/vdso/vdso32-setup.c
     'tsx' # See tsx_init() in arch/x86/kernel/cpu/tsx.c
 ]
 
@@ -600,9 +604,9 @@ def normalize_cmdline_options(option, value):
         return value
 
     # Implement a limited part of the kstrtobool() logic
-    if value in ('1', 'on', 'On', 'ON', 'y', 'Y', 'yes', 'Yes', 'YES'):
+    if value.lower() in ('1', 'on', 'y', 'yes', 't', 'true'):
         return '1'
-    if value in ('0', 'off', 'Off', 'OFF', 'n', 'N', 'no', 'No', 'NO'):
+    if value.lower() in ('0', 'off', 'n', 'no', 'f', 'false'):
         return '0'
 
     # Preserve unique values