From 45bb1e8f0e193715e0b0072929f063b765b78287 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Thu, 22 Oct 2020 19:09:35 +0300 Subject: [PATCH] Improve HARDEN_EL2_VECTORS check In fact HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9. Use new nested ComplexOptChecks for this rule. Refers to #48. --- kconfig_hardened_check/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index 8ba238c..3e6e609 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -306,7 +306,8 @@ def construct_checklist(l, arch): l += [OptCheck('self_protection', 'defconfig', 'ARM64_PAN', 'y')] l += [OptCheck('self_protection', 'defconfig', 'UNMAP_KERNEL_AT_EL0', 'y')] l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'), - VerCheck((5,9)))] # HARDEN_EL2_VECTORS was removed in v5.9 + AND(OptCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y'), + VerCheck((5, 9))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9 l += [OptCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y')] l += [OptCheck('self_protection', 'defconfig', 'ARM64_PTR_AUTH', 'y')] if arch in ('X86_64', 'ARM64'): -- 2.31.1