From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 15 Jul 2020 16:14:10 +0000 (+0300)
Subject: Add CONFIG_EFI_DISABLE_PCI_DMA recommended by CLIP OS
X-Git-Tag: v0.5.7~4
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=43994ab78d2725d1e0cef6dce04508cc68019e03;hp=3b162ae527a3fb6662cc0db3f204fa56dc09ac38;p=kconfig-hardened-check.git

Add CONFIG_EFI_DISABLE_PCI_DMA recommended by CLIP OS
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index a4853b9..74d66d6 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -355,6 +355,7 @@ def construct_checklist(l, arch):
     l += [OptCheck('self_protection', 'clipos', 'SECURITY_DMESG_RESTRICT', 'y')]
     l += [OptCheck('self_protection', 'clipos', 'DEBUG_VIRTUAL', 'y')]
     l += [OptCheck('self_protection', 'clipos', 'STATIC_USERMODEHELPER', 'y')] # needs userspace support
+    l += [OptCheck('self_protection', 'clipos', 'EFI_DISABLE_PCI_DMA', 'y')]
     l += [OptCheck('self_protection', 'clipos', 'SLAB_MERGE_DEFAULT', 'is not set')] # slab_nomerge
     l += [OptCheck('self_protection', 'clipos', 'RANDOM_TRUST_BOOTLOADER', 'is not set')]
     l += [OptCheck('self_protection', 'clipos', 'RANDOM_TRUST_CPU', 'is not set')]