kconfig-hardened-check.git
2022-08-17 Alexander PopovAdd the 'page_alloc.shuffle' check
2022-08-14 Alexander PopovAdd more values for the normalization
2022-08-14 Alexander PopovImplement the normalization of cmdline options
2022-08-14 Alexander PopovDescribe the meaning of the checks
2022-08-13 Alexander PopovCheck the 'rodata' cmdline parameter on the arches...
2022-08-13 Alexander PopovCheck hardened_usercopy in the cmdline
2022-08-13 Alexander PopovAdd the comment about vm.mmap_min_addr sysctl (for...
2022-08-13 Alexander PopovSECURITY_DMESG_RESTRICT is more about cutting attack...
2022-07-21 Alexander PopovImprove the slab_common.usercopy_fallback check
2022-07-21 Alexander PopovAdd the slab_common.usercopy_fallback check
2022-07-21 Alexander PopovImprove the STACKPROTECTOR check
2022-07-21 Alexander PopovDon't mention LKDTM
2022-07-17 Alexander PopovAdd info about the LKDDb project by @cateee
2022-07-17 Alexander PopovCheck ARM64_BTI for userspace hardening
2022-07-17 Alexander PopovCheck ARM64_PTR_AUTH for userspace hardening
2022-07-17 Alexander PopovAdd rodata check for ARM64
2022-07-11 Alexander PopovAdd iommu.passthrough check
2022-07-11 Alexander PopovAdd IOMMU_DEFAULT_PASSTHROUGH check
2022-07-11 Alexander PopovAdd iommu.strict check
2022-07-11 Alexander PopovAdd vsyscall check
2022-07-09 Alexander PopovDon't add CmdlineChecks in add_kconfig_checks() to...
2022-07-09 Alexander PopovAdd slub_debug check
2022-07-08 Alexander PopovAdd the release badge
2022-06-20 Alexander PopovAdd the init_on_free check
2022-06-20 Alexander PopovAdd the page_poison check required for PAGE_POISONING_ZERO
2022-06-20 Alexander PopovRewrite the slab_nomerge check
2022-06-20 Alexander PopovRewrite the randomize_kstack_offset check
2022-06-19 Alexander PopovCheck that a kconfig option value is sane
2022-06-19 Alexander PopovAdd a tricky check for init_on_alloc and INIT_ON_ALLOC_...
2022-06-19 Alexander PopovMove the add_cmdline_checks() call earlier
2022-06-08 Alexander PopovDon't check __name__ in __init__.py (it can't run separ...
2022-06-08 Alexander PopovFix the pylint warning about isinstance
2022-06-08 Alexander PopovDrop unneeded properties of ComplexOptCheck
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 4)
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 3)
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 2)
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 1)
2022-06-08 Alexander PopovDrop useless checks, the ComplexOptCheck constructor...
2022-06-08 Alexander Popovgithub actions: Test error handling (part 2)
2022-06-08 Alexander Popovgithub actions: Test error handling (part 1)
2022-05-30 Alexander Popovgithub actions: Collect coverage for error handling...
2022-05-30 Alexander Popovgithub actions: upgrade to codecov-action@v2
2022-05-30 Alexander PopovCheck that --config and --print are not used together
2022-05-30 Alexander Popovgithub actions: Collect coverage for cmdline checking
2022-05-30 Alexander Popovgithub actions: Improve the descriptions
2022-05-30 Alexander Popovgithub actions: Improve the test output
2022-05-30 Alexander PopovDrop dash-separated values from setup.cfg
2022-05-30 Alexander Popovgithub actions: Add testing with python 3.9
2022-05-28 Alexander PopovMerge branch 'cmdline'
2022-05-28 Alexander PopovChange the example output in README cmdline
2022-05-28 Alexander PopovDescribe the cmdline checking support in README
2022-05-28 Alexander PopovAdd the example config of Fedora 34
2022-05-28 Alexander PopovCheck the pti cmdline parameter
2022-05-28 Alexander PopovCheck the slab_nomerge cmdline parameter
2022-05-28 Alexander PopovCheck the randomize_kstack_offset cmdline parameter
2022-05-28 Alexander PopovAdd cmdline file parsing
2022-05-28 Alexander PopovAdd the infrastructure for cmdline checks
2022-05-28 Alexander PopovAdd '--cmdline' argument for the tool
2022-05-28 Alexander PopovAdd cmdline checks to '--print'
2022-05-28 Alexander PopovAdd the CmdlineCheck class
2022-05-15 Alexander PopovAdd the comment about sysrq_always_enabled
2022-05-15 Alexander PopovAdd the comment about rodata
2022-05-08 Alexander PopovUpdate direct feedback from Linux kernel maintainers...
2022-05-06 Alexander PopovAdd the comment about arm64.nomte
2022-05-06 Alexander PopovAdd the comment about kernel.randomize_va_space
2022-05-06 Alexander PopovAdd the KGDB check
2022-05-06 Alexander PopovAdd RANDOMIZE_MODULE_REGION_FULL for arm64
2022-04-28 Alexander PopovUpdate the README v0.5.17
2022-04-28 Alexander PopovMerge pull request #62 from evdenis/master
2022-04-28 Alexander PopovAdd the type property for OptCheck to fix a pylint...
2022-04-27 Denis EfremovAdd BLK_DEV_FD_RAWCMD 62/head
2022-04-22 Alexander PopovAdd the STACKPROTECTOR check from KSPP
2022-04-22 Alexander PopovDrop the ARM64_MTE check for userspace hardening
2022-04-22 Alexander PopovSeparate out checking SECURITY_WRITABLE_HOOKS and SECUR...
2022-04-22 Alexander PopovFix the arch condition for the SCHED_CORE check
2022-04-22 Alexander PopovAdd the KSPP recommendation of ZERO_CALL_USED_REGS
2022-04-22 Alexander PopovDisabling X86_MSR is recommended by KSPP
2022-04-20 Alexander PopovFix the bug in the verdict description for ComplexOptCheck
2022-04-20 Alexander PopovAdditional check for TYPES_OF_CHECKS
2022-04-20 Alexander PopovDrop PresenceCheck; OptCheck without 'expected' paramet...
2022-04-20 Alexander PopovUpdate the KSPP recommendations in the config_files
2022-04-20 Alexander PopovAdd the KSPP recommendation of SCHED_CORE
2022-04-20 Alexander PopovAdd the KSPP recommendation of IOMMU_DEFAULT_DMA_STRICT
2022-04-20 Alexander PopovAdd the KSPP recommendation of WERROR
2022-04-20 Alexander PopovAdd the KSPP recommendation of KFENCE
2022-04-08 Alexander PopovNo need in BPF_UNPRIV_DEFAULT_OFF if BPF_SYSCALL is...
2022-04-08 Alexander PopovMerge branch 'from-martin-rowe'
2022-04-07 Alexander PopovAdd defconfigs for Linux v5.17
2022-03-28 Alexander PopovDrop unneeded return values (refactoring)
2022-03-26 Martin RoweUBSAN_SANITIZE_ALL not available on ARM 60/head
2022-03-20 Alexander PopovAdd HARDEN_BRANCH_HISTORY for arm
2022-03-20 Alexander PopovAdd MITIGATE_SPECTRE_BRANCH_HISTORY for arm64
2022-03-18 Alexander PopovTHREAD_INFO_IN_TASK is available for ARM since v5.16
2022-03-18 Alexander PopovMerge branch 'from-martin-rowe'
2022-03-15 Martin RoweEFI mitigations can't be enabled if EFI is not set 59/head
2022-03-13 Alexander PopovFix the BPF_UNPRIV_DEFAULT_OFF check (it is enabled...
2022-03-13 Alexander PopovAdd CONFIG_SLS vs CVE-2021-26341 in Straight-Line-Specu...
2022-03-13 Alexander PopovAdd the comment that l1d_flush is a part of the l1tf...
2022-03-13 Alexander PopovAdd BPF_UNPRIV_DEFAULT_OFF to cut_attack_surface
2022-03-05 Alexander PopovUse the option type instead of calling hasattr()
next