l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU_DEFAULT_ON', 'y'),
iommu_support_is_set)]
if arch in ('ARM64', 'ARM'):
- l += [KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'WERROR', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'DEFAULT_MMAP_MIN_ADDR', '32768')]
l += [KconfigCheck('self_protection', 'kspp', 'SYN_COOKIES', 'y')] # another reason?
l += [OR(KconfigCheck('self_protection', 'kspp', 'AMD_IOMMU_V2', 'y'),
VersionCheck((6, 7, 0)))] # AMD_IOMMU_V2 was dropped in v6.7
if arch == 'ARM64':
+ l += [KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')]
l += [KconfigCheck('self_protection', 'kspp', 'UNWIND_PATCH_PAC_INTO_SCS', 'y')]
KconfigCheck('self_protection', 'kspp', 'PAGE_TABLE_ISOLATION', 'y'))]
l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU', 'y'),
iommu_support_is_set)]
+ if arch == 'ARM':
+ l += [OR(KconfigCheck('self_protection', 'kspp', 'ARM_DEBUG_WX', 'y'),
+ KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y'))]
+ # DEBUG_WX has been renamed to ARM_DEBUG_WX on ARM
# 'security_policy'
if arch in ('X86_64', 'ARM64', 'X86_32'):
projects / kconfig-hardened-check.git / commitdiff