projects
/
kconfig-hardened-check.git
/ shortlog
commit
grep
author
committer
pickaxe
?
search:
re
summary
| shortlog |
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
kconfig-hardened-check.git
2022-10-13
Alexander Popov
Update the UBSAN checks according to the KSPP recommend...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-13
Alexander Popov
Update the security policy checks adopted by KSPP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-13
Alexander Popov
Update the KSPP recommendations
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-12
Alexander Popov
Improve the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Drop some of my security policy recommendations
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Check SECURITY_SELINUX_DEVELOP (recommended by Clip OS)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Check SECURITY_SELINUX_BOOTPARAM (recommended by Clip OS)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Improve the HW_RANDOM_TPM check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Check COREDUMP (recommended by Clip OS)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Check CONFIG_HW_RANDOM_TPM (recommended by Clip OS)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Check X86_MCE, X86_MCE_INTEL, X86_MCE_AMD (recommended...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-09
Alexander Popov
Improve the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-07
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Also check 'nospectre_v2' with 'spectre_v2'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Change the reason for the 'nopti' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Change the reason for the 'nokaslr' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Add the 'spectre_v2' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Add the 'nospectre_v2' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Change the reason for the 'nosmep' and 'nosmap' checks
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Add the 'nospectre_v1' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-10-02
Alexander Popov
Add the 'nopti' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-24
Alexander Popov
Add the comments: CC_IS_GCC and CC_IS_CLANG exist since...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-24
Alexander Popov
Add the UBSAN_LOCAL_BOUNDS check for Clang build
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-18
Alexander Popov
Update the links to AOSP and GKI
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Update the README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Detect the compiler used for the kernel compilation
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Don't use CONFIG_CC_IS_GCC in the checks (it was introd...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Move get-nix-kconfig.py to kconfig_hardened_check/confi...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Fix the X86_SMAP check: it is enabled by default since...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Check the nosmap and nosmep cmdline parameters
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Adapt the RANDSTRUCT checks to the changes in Linux...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Fix the comment: SHADOW_CALL_STACK is now available...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-09-02
Alexander Popov
Add the SECURITY_LANDLOCK recommendation by KSPP
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-23
Alexander Popov
Check the nokaslr cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-20
Alexander Popov
Require GCC for the GCC plugins (part II)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-20
Alexander Popov
Require GCC for the GCC plugins
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-20
Alexander Popov
Introduce cc_is_gcc and cc_is_clang
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-20
Alexander Popov
No, the 'page_alloc.shuffle' should be set anyway
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-20
Alexander Popov
Drop the comment about slub_debug=FZ
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-17
Alexander Popov
Add the debugfs check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-17
Alexander Popov
Improve the comments
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-17
Alexander Popov
Add the 'page_alloc.shuffle' check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-14
Alexander Popov
Add more values for the normalization
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-14
Alexander Popov
Implement the normalization of cmdline options
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-14
Alexander Popov
Describe the meaning of the checks
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-13
Alexander Popov
Check the 'rodata' cmdline parameter on the arches...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-13
Alexander Popov
Check hardened_usercopy in the cmdline
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-13
Alexander Popov
Add the comment about vm.mmap_min_addr sysctl (for...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-08-13
Alexander Popov
SECURITY_DMESG_RESTRICT is more about cutting attack...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Improve the slab_common.usercopy_fallback check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Add the slab_common.usercopy_fallback check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Improve the STACKPROTECTOR check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-21
Alexander Popov
Don't mention LKDTM
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Add info about the LKDDb project by @cateee
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Check ARM64_BTI for userspace hardening
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Check ARM64_PTR_AUTH for userspace hardening
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-17
Alexander Popov
Add rodata check for ARM64
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add iommu.passthrough check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add IOMMU_DEFAULT_PASSTHROUGH check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add iommu.strict check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-11
Alexander Popov
Add vsyscall check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-09
Alexander Popov
Don't add CmdlineChecks in add_kconfig_checks() to...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-09
Alexander Popov
Add slub_debug check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-07-08
Alexander Popov
Add the release badge
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Add the init_on_free check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Add the page_poison check required for PAGE_POISONING_ZERO
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Rewrite the slab_nomerge check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-20
Alexander Popov
Rewrite the randomize_kstack_offset check
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-19
Alexander Popov
Check that a kconfig option value is sane
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-19
Alexander Popov
Add a tricky check for init_on_alloc and INIT_ON_ALLOC_...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-19
Alexander Popov
Move the add_cmdline_checks() call earlier
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Don't check __name__ in __init__.py (it can't run separ...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Fix the pylint warning about isinstance
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Drop unneeded properties of ComplexOptCheck
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 4)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 3)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 2)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Turn some error conditions into assertions (part 1)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
Drop useless checks, the ComplexOptCheck constructor...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
github actions: Test error handling (part 2)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-06-08
Alexander Popov
github actions: Test error handling (part 1)
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Collect coverage for error handling...
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: upgrade to codecov-action@v2
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
Check that --config and --print are not used together
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Collect coverage for cmdline checking
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Improve the descriptions
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Improve the test output
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
Drop dash-separated values from setup.cfg
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-30
Alexander Popov
github actions: Add testing with python 3.9
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Merge branch 'cmdline'
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Change the example output in README
cmdline
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Describe the cmdline checking support in README
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add the example config of Fedora 34
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Check the pti cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Check the slab_nomerge cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Check the randomize_kstack_offset cmdline parameter
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add cmdline file parsing
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add the infrastructure for cmdline checks
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
2022-05-28
Alexander Popov
Add '--cmdline' argument for the tool
commit
|
commitdiff
|
tree
| snapshot (
zip
tar.gz
)
next