From: Alexander Popov Date: Sat, 20 Aug 2022 10:07:31 +0000 (+0300) Subject: Require GCC for the GCC plugins (part II) X-Git-Tag: v0.6.1~103 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=1780bea6897a87876b468d17b92498825fb84953;p=kconfig-hardened-check.git Require GCC for the GCC plugins (part II) The current result on arm64_full_hardened_5.17_clang.config (clang 12): [+] Special report mode: show_fail [+] Kconfig file to check: my/arm64_full_hardened_5.17_clang.config [+] Detected architecture: ARM64 [+] Detected kernel version: 5.17 ========================================================================================================================= option name | type |desired val | decision | reason | check result ========================================================================================================================= CONFIG_GCC_PLUGINS |kconfig| y |defconfig | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKPROTECTOR_PER_TASK |kconfig| y |defconfig | self_protection | FAIL: not found CONFIG_FORTIFY_SOURCE |kconfig| y | kspp | self_protection | FAIL: not found CONFIG_GCC_PLUGIN_LATENT_ENTROPY |kconfig| y | kspp | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_ZERO_CALL_USED_REGS |kconfig| y | kspp | self_protection | FAIL: not found CONFIG_GCC_PLUGIN_RANDSTRUCT |kconfig| y | kspp | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_GCC_PLUGIN_STACKLEAK |kconfig| y | kspp | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE|kconfig| is not set | clipos | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKLEAK_METRICS |kconfig| is not set | clipos | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKLEAK_RUNTIME_DISABLE |kconfig| is not set | clipos | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKPROTECTOR_PER_TASK, CONFIG_FORTIFY_SOURCE and CONFIG_ZERO_CALL_USED_REGS will be supported for clang in future (WIP). --- diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 8922fdb..88d373c 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -462,12 +462,15 @@ def add_kconfig_checks(l, arch): l += [KconfigCheck('self_protection', 'clipos', 'RANDOM_TRUST_BOOTLOADER', 'is not set')] l += [KconfigCheck('self_protection', 'clipos', 'RANDOM_TRUST_CPU', 'is not set')] l += [AND(KconfigCheck('self_protection', 'clipos', 'GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set'), - randstruct_is_set)] + randstruct_is_set, + cc_is_gcc)] if arch in ('X86_64', 'ARM64', 'X86_32'): l += [AND(KconfigCheck('self_protection', 'clipos', 'STACKLEAK_METRICS', 'is not set'), - stackleak_is_set)] + stackleak_is_set, + cc_is_gcc)] l += [AND(KconfigCheck('self_protection', 'clipos', 'STACKLEAK_RUNTIME_DISABLE', 'is not set'), - stackleak_is_set)] + stackleak_is_set, + cc_is_gcc)] if arch in ('X86_64', 'X86_32'): l += [AND(KconfigCheck('self_protection', 'clipos', 'INTEL_IOMMU_DEFAULT_ON', 'y'), iommu_support_is_set)]