Add ARM SMMU check options

author Shawn C <citypw@hardenedlinux.org>

Tue, 6 Aug 2024 16:05:45 +0000 (16:05 +0000)

committer Shawn C <citypw@hardenedlinux.org>

Sun, 11 Aug 2024 18:49:08 +0000 (19:49 +0100)
author Shawn C <citypw@hardenedlinux.org>
Tue, 6 Aug 2024 16:05:45 +0000 (16:05 +0000)
committer Shawn C <citypw@hardenedlinux.org>
Sun, 11 Aug 2024 18:49:08 +0000 (19:49 +0100)
diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py

index 6b89bd791c6c05a5f8ef32b177d7bf6a612634b4..2f9d6ffebfee479a0cba2ed3d623337bc9129c69 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -121,6 +121,9 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
          l += [KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y')]
          l += [KconfigCheck('self_protection', 'defconfig', 'ARM64_PTR_AUTH_KERNEL', 'y')]
          l += [KconfigCheck('self_protection', 'defconfig', 'ARM64_BTI_KERNEL', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'ARM_SMMU', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'ARM_SMMU_V3', 'y')]
          l += [KconfigCheck('self_protection', 'defconfig', 'MITIGATE_SPECTRE_BRANCH_HISTORY', 'y')]
          l += [KconfigCheck('self_protection', 'defconfig', 'ARM64_MTE', 'y')]
          l += [KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_MODULE_REGION_FULL', 'y')]
author	Shawn C <citypw@hardenedlinux.org>
	Tue, 6 Aug 2024 16:05:45 +0000 (16:05 +0000)
committer	Shawn C <citypw@hardenedlinux.org>
	Sun, 11 Aug 2024 18:49:08 +0000 (19:49 +0100)