From 57b1cb15f4137c8a35b6030464006a14c7bf7e8a Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Fri, 7 Dec 2018 12:35:21 +0300
Subject: [PATCH] Add CONFIG_LOCK_DOWN_KERNEL

---
 kconfig-hardened-check.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index 791a2f8..834c40c 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -15,6 +15,7 @@
 #    slab_nomerge
 #    pti=on
 #    kernel.kptr_restrict=1
+#    lockdown=1
 
 import sys
 from argparse import ArgumentParser
@@ -118,6 +119,7 @@ def construct_checklist():
     checklist.append(OptCheck('SLAB_FREELIST_RANDOM',        'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('HARDENED_USERCOPY',           'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('FORTIFY_SOURCE',              'y', 'ubuntu18', 'self_protection'))
+    checklist.append(OptCheck('LOCK_DOWN_KERNEL',            'y', 'ubuntu18', 'self_protection')) # remember about LOCK_DOWN_MANDATORY
     checklist.append(OR(OptCheck('STRICT_MODULE_RWX',        'y', 'ubuntu18', 'self_protection'), \
                         OptCheck('DEBUG_SET_MODULE_RONX',    'y', 'before_v4.11', 'self_protection'), \
                         modules_not_set))
-- 
2.31.1