From 3b162ae527a3fb6662cc0db3f204fa56dc09ac38 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Wed, 15 Jul 2020 18:26:22 +0300 Subject: [PATCH] Fix 'decision' -- CONFIG_INTEGRITY is not enabled by default on ARM --- kconfig_hardened_check/__init__.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py index f3f270f..a4853b9 100644 --- a/kconfig_hardened_check/__init__.py +++ b/kconfig_hardened_check/__init__.py @@ -493,7 +493,10 @@ def construct_checklist(l, arch): l += [OptCheck('cut_attack_surface', 'my', 'INPUT_EVBUG', 'is not set')] # Can be used as a keylogger # 'userspace_hardening' - l += [OptCheck('userspace_hardening', 'defconfig', 'INTEGRITY', 'y')] + if arch in ('X86_64', 'ARM64', 'X86_32'): + l += [OptCheck('userspace_hardening', 'defconfig', 'INTEGRITY', 'y')] + if arch == 'ARM': + l += [OptCheck('userspace_hardening', 'my', 'INTEGRITY', 'y')] if arch in ('ARM', 'X86_32'): l += [OptCheck('userspace_hardening', 'defconfig', 'VMSPLIT_3G', 'y')] if arch in ('X86_64', 'ARM64'): -- 2.31.1