From 05c183ffd16e774fd4a24830749f0aa3c55f0d76 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Wed, 18 Mar 2020 12:18:31 +0300
Subject: [PATCH] Add CLIP OS recommendation about X86_CPUID

---
 kconfig-hardened-check.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 6e0d8f6..14ff37a 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -420,6 +420,7 @@ def construct_checklist(checklist, arch):
     checklist.append(OptCheck('KEXEC_FILE',               'is not set', 'clipos', 'cut_attack_surface')) # refers to LOCKDOWN (permissive)
     checklist.append(OptCheck('USER_NS',                  'is not set', 'clipos', 'cut_attack_surface')) # user.max_user_namespaces=0
     checklist.append(OptCheck('X86_MSR',                  'is not set', 'clipos', 'cut_attack_surface')) # refers to LOCKDOWN
+    checklist.append(OptCheck('X86_CPUID',                'is not set', 'clipos', 'cut_attack_surface'))
     checklist.append(AND(OptCheck('LDISC_AUTOLOAD',           'is not set', 'clipos', 'cut_attack_surface'), \
                          VerCheck((5, 1)))) # LDISC_AUTOLOAD can be disabled since v5.1
 
-- 
2.31.1