projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
(from parent 1:
b54dca6
)
Merge pull request #54 from evdenis/master
author
Alexander Popov
<a13xp0p0v@users.noreply.github.com>
Fri, 10 Sep 2021 21:26:54 +0000
(
00:26
+0300)
committer
GitHub
<noreply@github.com>
Fri, 10 Sep 2021 21:26:54 +0000
(
00:26
+0300)
Recommend disabling CONFIG_BLK_DEV_FD ( thanks to @evdenis )
kconfig_hardened_check/__init__.py
patch
|
blob
|
history
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index d9ef361d34a38a2d7eae28ca7c4b0df37415bc59..9c709694c84910809b434865ed6d0a46f9f53477 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-510,6
+510,7
@@
def construct_checklist(l, arch):
l += [OptCheck('cut_attack_surface', 'maintainer', 'DRM_LEGACY', 'is not set')]
l += [OptCheck('cut_attack_surface', 'maintainer', 'FB', 'is not set')]
l += [OptCheck('cut_attack_surface', 'maintainer', 'VT', 'is not set')]
+ l += [OptCheck('cut_attack_surface', 'maintainer', 'BLK_DEV_FD', 'is not set')]
# 'cut_attack_surface', 'grapheneos'
l += [OptCheck('cut_attack_surface', 'grapheneos', 'AIO', 'is not set')]