summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
dfa4ccc)
I like this hack. Now the script recommends to disable modules and
devmem OR harden them at least.
checklist.append(OR(OptCheck('STRICT_DEVMEM', 'y', 'defconfig', 'cut_attack_surface'), \
devmem_not_set)) # refers to LOCK_DOWN_KERNEL
checklist.append(OR(OptCheck('STRICT_DEVMEM', 'y', 'defconfig', 'cut_attack_surface'), \
devmem_not_set)) # refers to LOCK_DOWN_KERNEL
+ checklist.append(modules_not_set)
+ checklist.append(devmem_not_set)
checklist.append(OR(OptCheck('IO_STRICT_DEVMEM', 'y', 'kspp', 'cut_attack_surface'), \
devmem_not_set)) # refers to LOCK_DOWN_KERNEL
if debug_mode or arch == 'ARM':
checklist.append(OR(OptCheck('IO_STRICT_DEVMEM', 'y', 'kspp', 'cut_attack_surface'), \
devmem_not_set)) # refers to LOCK_DOWN_KERNEL
if debug_mode or arch == 'ARM':