From: Alexander Popov Date: Thu, 17 Nov 2022 13:42:30 +0000 (+0300) Subject: Add the spectre_v2 check X-Git-Tag: v0.6.1~51 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0c13022442fe31c1ddcef4b525a71898ba84ed93;p=kconfig-hardened-check.git Add the spectre_v2 check --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 75659dc..c484b0d 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -734,6 +734,8 @@ def add_cmdline_checks(l, arch): l += [CmdlineCheck('self_protection', 'defconfig', 'nospectre_v2', 'is not set')] l += [OR(CmdlineCheck('self_protection', 'defconfig', 'mitigations', 'is not off'), CmdlineCheck('self_protection', 'defconfig', 'mitigations', 'is not set'))] + l += [OR(CmdlineCheck('self_protection', 'defconfig', 'spectre_v2', 'is not off'), + CmdlineCheck('self_protection', 'defconfig', 'spectre_v2', 'is not set'))] if arch == 'ARM64': l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'), AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'), @@ -780,9 +782,6 @@ def add_cmdline_checks(l, arch): # 'self_protection', 'clipos' l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')] - if arch in ('X86_64', 'X86_32'): - l += [AND(CmdlineCheck('self_protection', 'clipos', 'spectre_v2', 'on'), - CmdlineCheck('self_protection', 'defconfig', 'nospectre_v2', 'is not set'))] # 'cut_attack_surface', 'kspp' if arch == 'X86_64':