From 12d6535d07859a61acb83cb84aa06b4366c9e458 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 19 Jun 2021 13:04:30 +0300
Subject: [PATCH] HARDEN_BRANCH_PREDICTOR for ARM64 is enabled by default since
 v5.10

---
 kconfig_hardened_check/__init__.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index a5bac1c..b8bfa15 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -322,7 +322,10 @@ def construct_checklist(l, arch):
     if arch == 'ARM':
         l += [OptCheck('self_protection', 'defconfig', 'CPU_SW_DOMAIN_PAN', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'STACKPROTECTOR_PER_TASK', 'y')]
-    if arch in ('ARM64', 'ARM'):
+    if arch == 'ARM64':
+        l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y'),
+             VerCheck((5, 10)))] # HARDEN_BRANCH_PREDICTOR is enabled by default since v5.10
+    if arch == 'ARM':
         l += [OptCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y')]
 
     # 'self_protection', 'kspp'
-- 
2.31.1