projects / kconfig-hardened-check.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4dbe25)
Drop the UNWIND_PATCH_PAC_INTO_SCS recommendation for now
authorAlexander Popov <alex.popov@linux.com>
Wed, 4 Sep 2024 12:28:05 +0000 (15:28 +0300)
committerAlexander Popov <alex.popov@linux.com>
Wed, 4 Sep 2024 12:28:05 +0000 (15:28 +0300)
Currently, there is no consensus about this feature:
https://github.com/KSPP/kspp.github.io/issues/2

Refers to #105

kernel_hardening_checker/checks.py patch | blob | history

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index efea049dbdd7c2a7f7ca733d1ca5b87e2220d42b..03d1db24133e5d2c5382653c0a5288dcffd843b1 100755 (executable)
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -263,7 +263,6 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
         l += [KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')]
-        l += [KconfigCheck('self_protection', 'kspp', 'UNWIND_PATCH_PAC_INTO_SCS', 'y')]
         l += [KconfigCheck('self_protection', 'kspp', 'KASAN_HW_TAGS', 'y')] # see also: kasan=on, kasan.stacktrace=off, kasan.fault=panic
     if arch == 'X86_32':
         l += [KconfigCheck('self_protection', 'kspp', 'HIGHMEM64G', 'y')]
kconfig-hardened-check