Add the command line parameters that should NOT be set

author Alexander Popov <alex.popov@linux.com>

Sat, 14 Aug 2021 06:33:14 +0000 (09:33 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 14 Aug 2021 06:33:14 +0000 (09:33 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 14 Aug 2021 06:33:14 +0000 (09:33 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 14 Aug 2021 06:33:14 +0000 (09:33 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index e1b5a5e82b5ee3bb87914a5337ba1b459d45087e..e0f2e010750026204ad512852ccffcbe848e3792 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -34,6 +34,11 @@
  #           kpti=on
  #           ssbd=force-on
  #
+#    Should NOT be set:
+#           nokaslr
+#           arm64.nobti
+#           arm64.nopauth
+#
  # N.B. Hardening sysctls:
  #    kernel.kptr_restrict=2 (or 1?)
  #    kernel.dmesg_restrict=1 (also see the kconfig option)
author	Alexander Popov <alex.popov@linux.com>
	Sat, 14 Aug 2021 06:33:14 +0000 (09:33 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 14 Aug 2021 06:33:14 +0000 (09:33 +0300)