From: Alexander Popov Date: Sat, 19 Jun 2021 10:04:30 +0000 (+0300) Subject: HARDEN_BRANCH_PREDICTOR for ARM64 is enabled by default since v5.10 X-Git-Tag: v0.5.10~13 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=12d6535d07859a61acb83cb84aa06b4366c9e458;p=kconfig-hardened-check.git HARDEN_BRANCH_PREDICTOR for ARM64 is enabled by default since v5.10 --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index a5bac1c..b8bfa15 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -322,7 +322,10 @@ def construct_checklist(l, arch): if arch == 'ARM': l += [OptCheck('self_protection', 'defconfig', 'CPU_SW_DOMAIN_PAN', 'y')] l += [OptCheck('self_protection', 'defconfig', 'STACKPROTECTOR_PER_TASK', 'y')] - if arch in ('ARM64', 'ARM'): + if arch == 'ARM64': + l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y'), + VerCheck((5, 10)))] # HARDEN_BRANCH_PREDICTOR is enabled by default since v5.10 + if arch == 'ARM': l += [OptCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y')] # 'self_protection', 'kspp'