From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 9 Apr 2023 23:48:08 +0000 (+0300)
Subject: Drop the INTEGRITY check
X-Git-Tag: v0.6.6~174
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;ds=sidebyside;h=4c2090a37363c166aef4fd1671680da80c14c7c1;p=kconfig-hardened-check.git

Drop the INTEGRITY check

CONFIG_INTEGRITY is useless without enabling IMA/EVM.
We can't require enabling IMA/EVM because there are other
file system integrity mechanisms like DM_VERITY, FS_VERITY, etc.
So there is no reason to check CONFIG_INTEGRITY.

Refers to #75
---

diff --git a/kconfig_hardened_check/checks.py b/kconfig_hardened_check/checks.py
index c087bbc..60841e2 100644
--- a/kconfig_hardened_check/checks.py
+++ b/kconfig_hardened_check/checks.py
@@ -394,10 +394,6 @@ def add_kconfig_checks(l, arch):
              modules_not_set)]
 
     # 'harden_userspace'
-    if arch in ('X86_64', 'ARM64', 'X86_32'):
-        l += [KconfigCheck('harden_userspace', 'defconfig', 'INTEGRITY', 'y')]
-    if arch == 'ARM':
-        l += [KconfigCheck('harden_userspace', 'my', 'INTEGRITY', 'y')]
     if arch == 'ARM64':
         l += [KconfigCheck('harden_userspace', 'defconfig', 'ARM64_PTR_AUTH', 'y')]
         l += [KconfigCheck('harden_userspace', 'defconfig', 'ARM64_BTI', 'y')]