From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 18 Mar 2020 09:18:31 +0000 (+0300)
Subject: Add CLIP OS recommendation about X86_CPUID
X-Git-Tag: v0.5.5~13
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=05c183ffd16e774fd4a24830749f0aa3c55f0d76;p=kconfig-hardened-check.git

Add CLIP OS recommendation about X86_CPUID
---

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 6e0d8f6..14ff37a 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -420,6 +420,7 @@ def construct_checklist(checklist, arch):
     checklist.append(OptCheck('KEXEC_FILE',               'is not set', 'clipos', 'cut_attack_surface')) # refers to LOCKDOWN (permissive)
     checklist.append(OptCheck('USER_NS',                  'is not set', 'clipos', 'cut_attack_surface')) # user.max_user_namespaces=0
     checklist.append(OptCheck('X86_MSR',                  'is not set', 'clipos', 'cut_attack_surface')) # refers to LOCKDOWN
+    checklist.append(OptCheck('X86_CPUID',                'is not set', 'clipos', 'cut_attack_surface'))
     checklist.append(AND(OptCheck('LDISC_AUTOLOAD',           'is not set', 'clipos', 'cut_attack_surface'), \
                          VerCheck((5, 1)))) # LDISC_AUTOLOAD can be disabled since v5.1