X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig_hardened_check%2Fchecks.py;h=ff1ce79907724c55d1c2da8cdb80ef5cf203d79a;hb=21170ca63487253f75dbe8c0567d53fe32522a7d;hp=af4c6e2fbf6a5efc2df4d507a709c1c453d162ec;hpb=f0c9f888c46889f5313ee0ad683d56cd38f3b6b9;p=kconfig-hardened-check.git

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index af4c6e2..ff1ce79 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -135,6 +135,7 @@ def add_kconfig_checks(l, arch):
         l += [KconfigCheck('self_protection', 'defconfig', 'CPU_SW_DOMAIN_PAN', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_HISTORY', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'DEBUG_ALIGN_RODATA', 'y')]
 
     # 'self_protection', 'kspp'
     l += [KconfigCheck('self_protection', 'kspp', 'BUG_ON_DATA_CORRUPTION', 'y')]
@@ -389,14 +390,11 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('cut_attack_surface', 'my', 'INPUT_EVBUG', 'is not set')] # Can be used as a keylogger
     l += [KconfigCheck('cut_attack_surface', 'my', 'KGDB', 'is not set')]
     l += [KconfigCheck('cut_attack_surface', 'my', 'AIO', 'is not set')]
+    l += [KconfigCheck('cut_attack_surface', 'my', 'CORESIGHT', 'is not set')]
     l += [OR(KconfigCheck('cut_attack_surface', 'my', 'TRIM_UNUSED_KSYMS', 'y'),
              modules_not_set)]
 
     # 'harden_userspace'
-    if arch in ('X86_64', 'ARM64', 'X86_32'):
-        l += [KconfigCheck('harden_userspace', 'defconfig', 'INTEGRITY', 'y')]
-    if arch == 'ARM':
-        l += [KconfigCheck('harden_userspace', 'my', 'INTEGRITY', 'y')]
     if arch == 'ARM64':
         l += [KconfigCheck('harden_userspace', 'defconfig', 'ARM64_PTR_AUTH', 'y')]
         l += [KconfigCheck('harden_userspace', 'defconfig', 'ARM64_BTI', 'y')]