Add the kpti check

author Alexander Popov <alex.popov@linux.com>

Sat, 10 Dec 2022 08:01:16 +0000 (11:01 +0300)

committer Alexander Popov <alex.popov@linux.com>

Sat, 10 Dec 2022 08:09:02 +0000 (11:09 +0300)
author Alexander Popov <alex.popov@linux.com>
Sat, 10 Dec 2022 08:01:16 +0000 (11:01 +0300)
committer Alexander Popov <alex.popov@linux.com>
Sat, 10 Dec 2022 08:09:02 +0000 (11:09 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index f2e2fe020c906b48abdd32536f6906471cb5b31b..d10cc623f360a5d24a8bf16c15075acf2e9a095a 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -17,8 +17,6 @@
  #       Аrch-independent:
  #       X86:
  #           l1d_flush=on (a part of the l1tf option)
-#       ARM64:
-#           kpti=on
  #
  #    Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
  #           kasan=on
@@ -747,6 +745,8 @@ def add_cmdline_checks(l, arch):
               CmdlineCheck('self_protection', 'defconfig', 'mmio_stale_data', 'is not set'))]
      l += [OR(CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not off'),
               CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not set'))]
+    l += [OR(CmdlineCheck('self_protection', 'defconfig', 'kpti', 'is not off'),
+             CmdlineCheck('self_protection', 'defconfig', 'kpti', 'is not set'))]
      if arch == 'ARM64':
          l += [OR(CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'kernel'),
                   CmdlineCheck('self_protection', 'my', 'ssbd', 'force-on'),
author	Alexander Popov <alex.popov@linux.com>
	Sat, 10 Dec 2022 08:01:16 +0000 (11:01 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Sat, 10 Dec 2022 08:09:02 +0000 (11:09 +0300)