Add the comments about HARDENED_USERCOPY features

author Alexander Popov <alex.popov@linux.com>

Sat, 27 May 2023 05:50:35 +0000 (08:50 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 27 May 2023 05:51:50 +0000 (08:51 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 27 May 2023 05:50:35 +0000 (08:50 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 27 May 2023 05:51:50 +0000 (08:51 +0300)
diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py

index feba3649e9fcaeb6bb9956461191b71cc6b80cae..cda3df86a50a1bd8ccae98d34c95b95b1d12d410 100644 (file)
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -166,9 +166,9 @@ def add_kconfig_checks(l, arch):
      hardened_usercopy_is_set = KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y')
      l += [hardened_usercopy_is_set]
      l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'),
-              hardened_usercopy_is_set)]
+              hardened_usercopy_is_set)] # usercopy whitelist violations should be prohibited
      l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_PAGESPAN', 'is not set'),
-              hardened_usercopy_is_set)]
+              hardened_usercopy_is_set)] # this debugging for HARDENED_USERCOPY is not needed for security
      l += [AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_LATENT_ENTROPY', 'y'),
                gcc_plugins_support_is_set)]
      l += [OR(KconfigCheck('self_protection', 'kspp', 'MODULE_SIG', 'y'),
author	Alexander Popov <alex.popov@linux.com>
	Sat, 27 May 2023 05:50:35 +0000 (08:50 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 27 May 2023 05:51:50 +0000 (08:51 +0300)