projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 86b67f3)
Add the new name of SPECULATION_MITIGATIONS
authorAlexander Popov <alex.popov@linux.com>
Sun, 2 Jun 2024 12:31:12 +0000 (15:31 +0300)
committerAlexander Popov <alex.popov@linux.com>
Sun, 2 Jun 2024 12:49:32 +0000 (15:49 +0300)
Since Linux v6.9 it's called CONFIG_CPU_MITIGATIONS.

Refers to #127, #117

kernel_hardening_checker/checks.py patch | blob | history

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index e03bd709d2dc9c7259130ac915dcdd8ff20cf624..f9aad35c30f28e2b93eb09e873c6951bc4899f6c 100644 (file)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -65,7 +65,6 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
     if arch in ('X86_64', 'ARM64', 'ARM'):
         l += [vmap_stack_is_set]
     if arch in ('X86_64', 'X86_32'):
-        l += [KconfigCheck('self_protection', 'defconfig', 'SPECULATION_MITIGATIONS', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'DEBUG_WX', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'WERROR', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE', 'y')]
@@ -88,6 +87,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
                  cpu_sup_intel_not_set)]
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_MCE_AMD', 'y'),
                  cpu_sup_amd_not_set)]
+        l += [OR(KconfigCheck('self_protection', 'defconfig', 'CPU_MITIGATIONS', 'y'),
+                 KconfigCheck('self_protection', 'defconfig', 'SPECULATION_MITIGATIONS', 'y'))]
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'MITIGATION_RETPOLINE', 'y'),
                  KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y'))]
     if arch in ('ARM64', 'ARM'):
kconfig-hardened-check