From: Alexander Popov <alex.popov@linux.com>
Date: Fri, 6 Mar 2020 21:50:08 +0000 (+0300)
Subject: Add CLIP OS recommendation about CONFIG_RANDOM_TRUST_BOOTLOADER
X-Git-Tag: v0.5.5~26
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;ds=sidebyside;h=74fb416e1c52f8f4cd5288a5217644c055be353a;p=kconfig-hardened-check.git

Add CLIP OS recommendation about CONFIG_RANDOM_TRUST_BOOTLOADER
---

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index f880223..85a0d2f 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -326,6 +326,7 @@ def construct_checklist(checklist, arch):
     checklist.append(OptCheck('SLAB_MERGE_DEFAULT',                    'is not set', 'clipos', 'self_protection')) # slab_nomerge
     checklist.append(AND(OptCheck('GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set', 'clipos', 'self_protection'), \
                          randstruct_is_set))
+    checklist.append(OptCheck('CONFIG_RANDOM_TRUST_BOOTLOADER',        'is not set', 'clipos', 'self_protection'))
     if debug_mode or arch == 'X86_64' or arch == 'X86_32':
         checklist.append(OptCheck('RANDOM_TRUST_CPU',                      'is not set', 'clipos', 'self_protection'))
         checklist.append(AND(OptCheck('INTEL_IOMMU_SVM',                   'y', 'clipos', 'self_protection'), \