From 0a21c2cc7a6425855cc73f056511a6271b389ab5 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 9 Oct 2022 15:32:55 +0300
Subject: [PATCH] Check X86_MCE, X86_MCE_INTEL, X86_MCE_AMD (recommended by
 Clip OS)

These options are enabled by default.
---
 kconfig_hardened_check/__init__.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 3409758..a13f0f8 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -365,6 +365,9 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_64', 'ARM64'):
         l += [KconfigCheck('self_protection', 'defconfig', 'VMAP_STACK', 'y')]
     if arch in ('X86_64', 'X86_32'):
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_INTEL', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_AMD', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')] # is needed for mitigating CPU bugs
         l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
         l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
-- 
2.31.1