From: Alexander Popov Date: Wed, 19 Jun 2024 18:44:08 +0000 (+0300) Subject: Comment out the RANDSTRUCT_PERFORMANCE check X-Git-Tag: v0.6.10~42 X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=d58989986070e871e1244e29019ae0cfb20a3f5b;p=kconfig-hardened-check.git Comment out the RANDSTRUCT_PERFORMANCE check --- diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index fa2de42..c2440cf 100755 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -171,9 +171,9 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None: randstruct_is_set = OR(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_FULL', 'y'), KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT', 'y')) l += [randstruct_is_set] - l += [AND(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_PERFORMANCE', 'is not set'), - KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set'), - randstruct_is_set)] +# l += [AND(KconfigCheck('self_protection', 'kspp', 'RANDSTRUCT_PERFORMANCE', 'is not set'), +# KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set'), +# randstruct_is_set)] # Comment this out for now: KSPP has revoked this recommendation hardened_usercopy_is_set = KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y') l += [hardened_usercopy_is_set] l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'),