projects
/
kconfig-hardened-check.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
Remember about the nosmt sysfs control file
[kconfig-hardened-check.git]
/
kconfig_hardened_check
/
__init__.py
2022-12-10
Alexander Popov
Remember about the nosmt sysfs control file
blob
|
commitdiff
|
raw
2022-12-10
Alexander Popov
Drop the comment about mitigations of CPU vulnerabilities
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Save the list of disabled mitigations of CPU vulnerabil...
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Add the nospectre_bhb check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Add the kpti check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Compare against '0' in the 'is not off' check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Add the tsx check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Change the 'decision' of X86_INTEL_TSX_MODE_OFF check...
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Add the nomte check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Add the nopauth check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-10
Alexander Popov
Add the nobti check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-09
Alexander Popov
Add the sysrq_always_enabled check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-09
Alexander Popov
Add the ssbd check
blob
|
commitdiff
|
raw
|
diff to current
2022-12-08
Alexander Popov
Reorder some checks, no functional changes
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the srbds check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the retbleed check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the mmio_stale_data check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the tsx_async_abort check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the mds check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the l1tf check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the spectre_v2_user check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Do refactoring in normalize_cmdline_options()
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the spec_store_bypass_disable check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Add the spectre_v2 check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-17
Alexander Popov
Introduce the 'is present' check instead of expected...
blob
|
commitdiff
|
raw
|
diff to current
2022-11-11
Alexander Popov
Add the 'mitigations' check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-09
Alexander Popov
Add the nosmt check
blob
|
commitdiff
|
raw
|
diff to current
2022-11-09
Alexander Popov
Add a special 'desired val' -- 'is not off'
blob
|
commitdiff
|
raw
|
diff to current
2022-11-09
Alexander Popov
Improve the result descriptions
blob
|
commitdiff
|
raw
|
diff to current
2022-11-08
Alexander Popov
Add assertions to check arguments of the Class constructors
blob
|
commitdiff
|
raw
|
diff to current
2022-10-23
Alexander Popov
Add the ARM64_E0PD check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-23
Alexander Popov
Fix the SCHED_CORE check: it's now available for ARM64...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-23
Alexander Popov
Update the self-protection checks adopted by KSPP ...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-22
Alexander Popov
Update the self-protection checks adopted by KSPP ...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-22
Alexander Popov
Update the self-protection checks adopted by KSPP ...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-13
Alexander Popov
Update the self-protection checks adopted by KSPP ...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-13
Alexander Popov
Update the self-protection checks adopted by KSPP ...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-13
Alexander Popov
Update the HW_RANDOM_TPM check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-13
Alexander Popov
Update the UBSAN checks according to the KSPP recommend...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-13
Alexander Popov
Update the security policy checks adopted by KSPP
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Drop some of my security policy recommendations
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Check SECURITY_SELINUX_DEVELOP (recommended by Clip OS)
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Check SECURITY_SELINUX_BOOTPARAM (recommended by Clip OS)
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Improve the HW_RANDOM_TPM check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Check COREDUMP (recommended by Clip OS)
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Check CONFIG_HW_RANDOM_TPM (recommended by Clip OS)
blob
|
commitdiff
|
raw
|
diff to current
2022-10-09
Alexander Popov
Check X86_MCE, X86_MCE_INTEL, X86_MCE_AMD (recommended...
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Also check 'nospectre_v2' with 'spectre_v2'
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Change the reason for the 'nopti' check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Change the reason for the 'nokaslr' check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Add the 'spectre_v2' check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Add the 'nospectre_v2' check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Change the reason for the 'nosmep' and 'nosmap' checks
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Add the 'nospectre_v1' check
blob
|
commitdiff
|
raw
|
diff to current
2022-10-02
Alexander Popov
Add the 'nopti' check
blob
|
commitdiff
|
raw
|
diff to current
2022-09-24
Alexander Popov
Add the comments: CC_IS_GCC and CC_IS_CLANG exist since...
blob
|
commitdiff
|
raw
|
diff to current
2022-09-24
Alexander Popov
Add the UBSAN_LOCAL_BOUNDS check for Clang build
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Detect the compiler used for the kernel compilation
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Don't use CONFIG_CC_IS_GCC in the checks (it was introd...
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Fix the X86_SMAP check: it is enabled by default since...
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Check the nosmap and nosmep cmdline parameters
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Adapt the RANDSTRUCT checks to the changes in Linux...
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Fix the comment: SHADOW_CALL_STACK is now available...
blob
|
commitdiff
|
raw
|
diff to current
2022-09-02
Alexander Popov
Add the SECURITY_LANDLOCK recommendation by KSPP
blob
|
commitdiff
|
raw
|
diff to current
2022-08-23
Alexander Popov
Check the nokaslr cmdline parameter
blob
|
commitdiff
|
raw
|
diff to current
2022-08-20
Alexander Popov
Require GCC for the GCC plugins (part II)
blob
|
commitdiff
|
raw
|
diff to current
2022-08-20
Alexander Popov
Require GCC for the GCC plugins
blob
|
commitdiff
|
raw
|
diff to current
2022-08-20
Alexander Popov
Introduce cc_is_gcc and cc_is_clang
blob
|
commitdiff
|
raw
|
diff to current
2022-08-20
Alexander Popov
No, the 'page_alloc.shuffle' should be set anyway
blob
|
commitdiff
|
raw
|
diff to current
2022-08-20
Alexander Popov
Drop the comment about slub_debug=FZ
blob
|
commitdiff
|
raw
|
diff to current
2022-08-17
Alexander Popov
Add the debugfs check
blob
|
commitdiff
|
raw
|
diff to current
2022-08-17
Alexander Popov
Improve the comments
blob
|
commitdiff
|
raw
|
diff to current
2022-08-17
Alexander Popov
Add the 'page_alloc.shuffle' check
blob
|
commitdiff
|
raw
|
diff to current
2022-08-14
Alexander Popov
Add more values for the normalization
blob
|
commitdiff
|
raw
|
diff to current
2022-08-14
Alexander Popov
Implement the normalization of cmdline options
blob
|
commitdiff
|
raw
|
diff to current
2022-08-14
Alexander Popov
Describe the meaning of the checks
blob
|
commitdiff
|
raw
|
diff to current
2022-08-13
Alexander Popov
Check the 'rodata' cmdline parameter on the arches...
blob
|
commitdiff
|
raw
|
diff to current
2022-08-13
Alexander Popov
Check hardened_usercopy in the cmdline
blob
|
commitdiff
|
raw
|
diff to current
2022-08-13
Alexander Popov
Add the comment about vm.mmap_min_addr sysctl (for...
blob
|
commitdiff
|
raw
|
diff to current
2022-08-13
Alexander Popov
SECURITY_DMESG_RESTRICT is more about cutting attack...
blob
|
commitdiff
|
raw
|
diff to current
2022-07-21
Alexander Popov
Improve the slab_common.usercopy_fallback check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-21
Alexander Popov
Add the slab_common.usercopy_fallback check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-21
Alexander Popov
Improve the STACKPROTECTOR check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-21
Alexander Popov
Don't mention LKDTM
blob
|
commitdiff
|
raw
|
diff to current
2022-07-17
Alexander Popov
Check ARM64_BTI for userspace hardening
blob
|
commitdiff
|
raw
|
diff to current
2022-07-17
Alexander Popov
Check ARM64_PTR_AUTH for userspace hardening
blob
|
commitdiff
|
raw
|
diff to current
2022-07-17
Alexander Popov
Add rodata check for ARM64
blob
|
commitdiff
|
raw
|
diff to current
2022-07-11
Alexander Popov
Add iommu.passthrough check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-11
Alexander Popov
Add IOMMU_DEFAULT_PASSTHROUGH check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-11
Alexander Popov
Add iommu.strict check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-11
Alexander Popov
Add vsyscall check
blob
|
commitdiff
|
raw
|
diff to current
2022-07-09
Alexander Popov
Don't add CmdlineChecks in add_kconfig_checks() to...
blob
|
commitdiff
|
raw
|
diff to current
2022-07-09
Alexander Popov
Add slub_debug check
blob
|
commitdiff
|
raw
|
diff to current
2022-06-20
Alexander Popov
Add the init_on_free check
blob
|
commitdiff
|
raw
|
diff to current
2022-06-20
Alexander Popov
Add the page_poison check required for PAGE_POISONING_ZERO
blob
|
commitdiff
|
raw
|
diff to current
2022-06-20
Alexander Popov
Rewrite the slab_nomerge check
blob
|
commitdiff
|
raw
|
diff to current
2022-06-20
Alexander Popov
Rewrite the randomize_kstack_offset check
blob
|
commitdiff
|
raw
|
diff to current
2022-06-19
Alexander Popov
Check that a kconfig option value is sane
blob
|
commitdiff
|
raw
|
diff to current
2022-06-19
Alexander Popov
Add a tricky check for init_on_alloc and INIT_ON_ALLOC_...
blob
|
commitdiff
|
raw
|
diff to current
2022-06-19
Alexander Popov
Move the add_cmdline_checks() call earlier
blob
|
commitdiff
|
raw
|
diff to current
next