From: Alexander Popov Date: Sun, 9 Jun 2024 10:40:00 +0000 (+0300) Subject: Merge branch 'scs-pac' X-Git-Tag: v0.6.10~57 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=480c6df60ad7256eb28c49af06a1afeee4207d24;p=kconfig-hardened-check.git Merge branch 'scs-pac' Refers to #131 Thanks @jvoisin --- 480c6df60ad7256eb28c49af06a1afeee4207d24 diff --cc kernel_hardening_checker/checks.py index 7ac45b1,672ea7e..d3d5a83 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@@ -253,12 -242,12 +253,13 @@@ def add_kconfig_checks(l: List[Checklis if arch == 'ARM64': l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')] + l += [KconfigCheck('self_protection', 'kspp', 'UNWIND_PATCH_PAC_INTO_SCS', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'KASAN_HW_TAGS', 'y')] # see also: kasan=on, kasan.stacktrace=off, kasan.fault=panic if arch == 'X86_32': - l += [KconfigCheck('self_protection', 'kspp', 'PAGE_TABLE_ISOLATION', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'HIGHMEM64G', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'X86_PAE', 'y')] + l += [OR(KconfigCheck('self_protection', 'kspp', 'MITIGATION_PAGE_TABLE_ISOLATION', 'y'), + KconfigCheck('self_protection', 'kspp', 'PAGE_TABLE_ISOLATION', 'y'))] l += [AND(KconfigCheck('self_protection', 'kspp', 'INTEL_IOMMU', 'y'), iommu_support_is_set)]