Add CONFIG_EFI_DISABLE_PCI_DMA recommended by CLIP OS

author Alexander Popov <alex.popov@linux.com>

Wed, 15 Jul 2020 16:14:10 +0000 (19:14 +0300)

committer Alexander Popov <alex.popov@linux.com>

Wed, 15 Jul 2020 16:14:10 +0000 (19:14 +0300)
author Alexander Popov <alex.popov@linux.com>
Wed, 15 Jul 2020 16:14:10 +0000 (19:14 +0300)
committer Alexander Popov <alex.popov@linux.com>
Wed, 15 Jul 2020 16:14:10 +0000 (19:14 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index a4853b9dbfad9e837ecdffa69daa87dd294fb515..74d66d6d3bca68ef819a12d71638504f867a4441 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -355,6 +355,7 @@ def construct_checklist(l, arch):
      l += [OptCheck('self_protection', 'clipos', 'SECURITY_DMESG_RESTRICT', 'y')]
      l += [OptCheck('self_protection', 'clipos', 'DEBUG_VIRTUAL', 'y')]
      l += [OptCheck('self_protection', 'clipos', 'STATIC_USERMODEHELPER', 'y')] # needs userspace support
+    l += [OptCheck('self_protection', 'clipos', 'EFI_DISABLE_PCI_DMA', 'y')]
      l += [OptCheck('self_protection', 'clipos', 'SLAB_MERGE_DEFAULT', 'is not set')] # slab_nomerge
      l += [OptCheck('self_protection', 'clipos', 'RANDOM_TRUST_BOOTLOADER', 'is not set')]
      l += [OptCheck('self_protection', 'clipos', 'RANDOM_TRUST_CPU', 'is not set')]
author	Alexander Popov <alex.popov@linux.com>
	Wed, 15 Jul 2020 16:14:10 +0000 (19:14 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Wed, 15 Jul 2020 16:14:10 +0000 (19:14 +0300)