From: Alexander Popov Date: Sun, 9 Oct 2022 12:32:55 +0000 (+0300) Subject: Check X86_MCE, X86_MCE_INTEL, X86_MCE_AMD (recommended by Clip OS) X-Git-Tag: v0.6.1~79 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0a21c2cc7a6425855cc73f056511a6271b389ab5;p=kconfig-hardened-check.git Check X86_MCE, X86_MCE_INTEL, X86_MCE_AMD (recommended by Clip OS) These options are enabled by default. --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 3409758..a13f0f8 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -365,6 +365,9 @@ def add_kconfig_checks(l, arch): if arch in ('X86_64', 'ARM64'): l += [KconfigCheck('self_protection', 'defconfig', 'VMAP_STACK', 'y')] if arch in ('X86_64', 'X86_32'): + l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE', 'y')] + l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_INTEL', 'y')] + l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_AMD', 'y')] l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')] l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),