From bd7e735d4b50542cc8137429d52da707c79e669a Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 9 Oct 2022 15:49:13 +0300
Subject: [PATCH] Check CONFIG_HW_RANDOM_TPM (recommended by Clip OS)

---
 kconfig_hardened_check/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index a13f0f8..9ae2474 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -484,6 +484,7 @@ def add_kconfig_checks(l, arch):
     l += [KconfigCheck('self_protection', 'clipos', 'SLAB_MERGE_DEFAULT', 'is not set')]
     l += [KconfigCheck('self_protection', 'clipos', 'RANDOM_TRUST_BOOTLOADER', 'is not set')]
     l += [KconfigCheck('self_protection', 'clipos', 'RANDOM_TRUST_CPU', 'is not set')]
+    l += [KconfigCheck('self_protection', 'clipos', 'CONFIG_HW_RANDOM_TPM', 'y')]
     l += [AND(KconfigCheck('self_protection', 'clipos', 'RANDSTRUCT_PERFORMANCE', 'is not set'),
               KconfigCheck('self_protection', 'clipos', 'GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set'),
               randstruct_is_set)]
-- 
2.31.1