projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8022e56)
Add the ARM_SMMU* kconfig checks for ARM
authorAlexander Popov <alex.popov@linux.com>
Sun, 1 Sep 2024 12:52:15 +0000 (15:52 +0300)
committerAlexander Popov <alex.popov@linux.com>
Sun, 1 Sep 2024 21:33:47 +0000 (00:33 +0300)
kernel_hardening_checker/checks.py patch | blob | history

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index eba75c7b916b7cfdd2f67210c9271f4f4f09b245..96da7bf8ddd007d80a17f55df47e7571c354bb68 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -277,6 +277,11 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
                  KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y'))]
                  # DEBUG_WX has been renamed to ARM_DEBUG_WX on ARM
 
+    # 'self_protection', 'a13xp0p0v'
+    if arch == 'ARM':
+        l += [KconfigCheck('self_protection', 'a13xp0p0v', 'ARM_SMMU', 'y')]
+        l += [KconfigCheck('self_protection', 'a13xp0p0v', 'ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT', 'y')]
+
     # 'security_policy'
     if arch in ('X86_64', 'ARM64', 'X86_32'):
         l += [KconfigCheck('security_policy', 'defconfig', 'SECURITY', 'y')]
kconfig-hardened-check