From 9cdd06a1b862e02869a3d032e07026d6e5ced080 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sun, 17 Jul 2022 14:03:33 +0300
Subject: [PATCH] Add rodata check for ARM64

---
 kconfig_hardened_check/__init__.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 0d6a470..ef8e0df 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -33,7 +33,6 @@
 #
 #    Should NOT be set:
 #           nokaslr
-#           rodata=off
 #           sysrq_always_enabled
 #           arm64.nobti
 #           arm64.nopauth
@@ -646,6 +645,11 @@ def add_cmdline_checks(l, arch):
     # Don't add CmdlineChecks in add_kconfig_checks() to avoid wrong results
     # when the tool doesn't check the cmdline.
 
+    if arch == 'ARM64':
+        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
+                 AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
+                     CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
+
     l += [OR(CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', '1'),
              AND(KconfigCheck('self_protection', 'kspp', 'INIT_ON_ALLOC_DEFAULT_ON', 'y'),
                  CmdlineCheck('self_protection', 'kspp', 'init_on_alloc', 'is not set')))]
-- 
2.31.1