From: Alexander Popov Date: Wed, 4 Sep 2024 12:28:05 +0000 (+0300) Subject: Drop the UNWIND_PATCH_PAC_INTO_SCS recommendation for now X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=d9953fca88da324b5387cb73b018be0b7b8cf92f;p=kconfig-hardened-check.git Drop the UNWIND_PATCH_PAC_INTO_SCS recommendation for now Currently, there is no consensus about this feature: https://github.com/KSPP/kspp.github.io/issues/2 Refers to #105 --- diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py index efea049..03d1db2 100755 --- a/kernel_hardening_checker/checks.py +++ b/kernel_hardening_checker/checks.py @@ -263,7 +263,6 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None: l += [KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'ARM64_SW_TTBR0_PAN', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'SHADOW_CALL_STACK', 'y')] - l += [KconfigCheck('self_protection', 'kspp', 'UNWIND_PATCH_PAC_INTO_SCS', 'y')] l += [KconfigCheck('self_protection', 'kspp', 'KASAN_HW_TAGS', 'y')] # see also: kasan=on, kasan.stacktrace=off, kasan.fault=panic if arch == 'X86_32': l += [KconfigCheck('self_protection', 'kspp', 'HIGHMEM64G', 'y')]