From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 1 Sep 2024 12:52:15 +0000 (+0300)
Subject: Add the ARM_SMMU* kconfig checks for ARM
X-Git-Tag: v0.6.10~11
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=0ffeb2e52b1670164622af9e59b2195a1ad58d8f;p=kconfig-hardened-check.git

Add the ARM_SMMU* kconfig checks for ARM
---

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index eba75c7..96da7bf 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -277,6 +277,11 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
                  KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y'))]
                  # DEBUG_WX has been renamed to ARM_DEBUG_WX on ARM
 
+    # 'self_protection', 'a13xp0p0v'
+    if arch == 'ARM':
+        l += [KconfigCheck('self_protection', 'a13xp0p0v', 'ARM_SMMU', 'y')]
+        l += [KconfigCheck('self_protection', 'a13xp0p0v', 'ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT', 'y')]
+
     # 'security_policy'
     if arch in ('X86_64', 'ARM64', 'X86_32'):
         l += [KconfigCheck('security_policy', 'defconfig', 'SECURITY', 'y')]