Check the nokaslr cmdline parameter

author Alexander Popov <alex.popov@linux.com>

Tue, 23 Aug 2022 18:05:45 +0000 (21:05 +0300)

committer Alexander Popov <alex.popov@linux.com>

Tue, 23 Aug 2022 18:05:45 +0000 (21:05 +0300)
author Alexander Popov <alex.popov@linux.com>
Tue, 23 Aug 2022 18:05:45 +0000 (21:05 +0300)
committer Alexander Popov <alex.popov@linux.com>
Tue, 23 Aug 2022 18:05:45 +0000 (21:05 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 88d373c236bc32aa92da5d2600f0adb34db42e3e..8ecdbf1a5fcbd08ce7f7477094d4cdb153528077 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -29,7 +29,6 @@
  #           ssbd=force-on
  #
  #    Should NOT be set:
-#           nokaslr
  #           sysrq_always_enabled
  #           arm64.nobti
  #           arm64.nopauth
@@ -701,6 +700,7 @@ def add_cmdline_checks(l, arch):
               AND(KconfigCheck('self_protection', 'kspp', 'IOMMU_DEFAULT_PASSTHROUGH', 'is not set'),
                   CmdlineCheck('self_protection', 'kspp', 'iommu.passthrough', 'is not set')))]
      # The cmdline checks compatible with the kconfig recommendations of the KSPP project...
+    l += [CmdlineCheck('self_protection', 'kspp', 'nokaslr', 'is not set')]
      l += [OR(CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', '1'),
               AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y'),
                   CmdlineCheck('self_protection', 'kspp', 'hardened_usercopy', 'is not set')))]
author	Alexander Popov <alex.popov@linux.com>
	Tue, 23 Aug 2022 18:05:45 +0000 (21:05 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Tue, 23 Aug 2022 18:05:45 +0000 (21:05 +0300)