Add CLIP OS recommendation about CONFIG_RANDOM_TRUST_BOOTLOADER

author Alexander Popov <alex.popov@linux.com>

Fri, 6 Mar 2020 21:50:08 +0000 (00:50 +0300)

committer Alexander Popov <alex.popov@linux.com>

Fri, 6 Mar 2020 21:50:08 +0000 (00:50 +0300)
author Alexander Popov <alex.popov@linux.com>
Fri, 6 Mar 2020 21:50:08 +0000 (00:50 +0300)
committer Alexander Popov <alex.popov@linux.com>
Fri, 6 Mar 2020 21:50:08 +0000 (00:50 +0300)
diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py

index f880223af6ab41e3a30038a6a5124f43db7532a0..85a0d2fb8086c40a034c49b0da9d845ddf68b28b 100755 (executable)
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -326,6 +326,7 @@ def construct_checklist(checklist, arch):
      checklist.append(OptCheck('SLAB_MERGE_DEFAULT',                    'is not set', 'clipos', 'self_protection')) # slab_nomerge
      checklist.append(AND(OptCheck('GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set', 'clipos', 'self_protection'), \
                           randstruct_is_set))
+    checklist.append(OptCheck('CONFIG_RANDOM_TRUST_BOOTLOADER',        'is not set', 'clipos', 'self_protection'))
      if debug_mode or arch == 'X86_64' or arch == 'X86_32':
          checklist.append(OptCheck('RANDOM_TRUST_CPU',                      'is not set', 'clipos', 'self_protection'))
          checklist.append(AND(OptCheck('INTEL_IOMMU_SVM',                   'y', 'clipos', 'self_protection'), \
author	Alexander Popov <alex.popov@linux.com>
	Fri, 6 Mar 2020 21:50:08 +0000 (00:50 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Fri, 6 Mar 2020 21:50:08 +0000 (00:50 +0300)