From 0ffeb2e52b1670164622af9e59b2195a1ad58d8f Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 1 Sep 2024 15:52:15 +0300
Subject: [PATCH] Add the ARM_SMMU* kconfig checks for ARM

---
 kernel_hardening_checker/checks.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index eba75c7..96da7bf 100755
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -277,6 +277,11 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
                  KconfigCheck('self_protection', 'kspp', 'DEBUG_WX', 'y'))]
                  # DEBUG_WX has been renamed to ARM_DEBUG_WX on ARM
 
+    # 'self_protection', 'a13xp0p0v'
+    if arch == 'ARM':
+        l += [KconfigCheck('self_protection', 'a13xp0p0v', 'ARM_SMMU', 'y')]
+        l += [KconfigCheck('self_protection', 'a13xp0p0v', 'ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT', 'y')]
+
     # 'security_policy'
     if arch in ('X86_64', 'ARM64', 'X86_32'):
         l += [KconfigCheck('security_policy', 'defconfig', 'SECURITY', 'y')]
-- 
2.31.1