kconfig-hardened-check.git
2022-04-22 Alexander PopovAdd the STACKPROTECTOR check from KSPP
2022-04-22 Alexander PopovDrop the ARM64_MTE check for userspace hardening
2022-04-22 Alexander PopovSeparate out checking SECURITY_WRITABLE_HOOKS and SECUR...
2022-04-22 Alexander PopovFix the arch condition for the SCHED_CORE check
2022-04-22 Alexander PopovAdd the KSPP recommendation of ZERO_CALL_USED_REGS
2022-04-22 Alexander PopovDisabling X86_MSR is recommended by KSPP
2022-04-20 Alexander PopovFix the bug in the verdict description for ComplexOptCheck
2022-04-20 Alexander PopovAdditional check for TYPES_OF_CHECKS
2022-04-20 Alexander PopovDrop PresenceCheck; OptCheck without 'expected' paramet...
2022-04-20 Alexander PopovUpdate the KSPP recommendations in the config_files
2022-04-20 Alexander PopovAdd the KSPP recommendation of SCHED_CORE
2022-04-20 Alexander PopovAdd the KSPP recommendation of IOMMU_DEFAULT_DMA_STRICT
2022-04-20 Alexander PopovAdd the KSPP recommendation of WERROR
2022-04-20 Alexander PopovAdd the KSPP recommendation of KFENCE
2022-04-08 Alexander PopovNo need in BPF_UNPRIV_DEFAULT_OFF if BPF_SYSCALL is...
2022-04-08 Alexander PopovMerge branch 'from-martin-rowe'
2022-04-07 Alexander PopovAdd defconfigs for Linux v5.17
2022-03-28 Alexander PopovDrop unneeded return values (refactoring)
2022-03-26 Martin RoweUBSAN_SANITIZE_ALL not available on ARM 60/head
2022-03-20 Alexander PopovAdd HARDEN_BRANCH_HISTORY for arm
2022-03-20 Alexander PopovAdd MITIGATE_SPECTRE_BRANCH_HISTORY for arm64
2022-03-18 Alexander PopovTHREAD_INFO_IN_TASK is available for ARM since v5.16
2022-03-18 Alexander PopovMerge branch 'from-martin-rowe'
2022-03-15 Martin RoweEFI mitigations can't be enabled if EFI is not set 59/head
2022-03-13 Alexander PopovFix the BPF_UNPRIV_DEFAULT_OFF check (it is enabled...
2022-03-13 Alexander PopovAdd CONFIG_SLS vs CVE-2021-26341 in Straight-Line-Specu...
2022-03-13 Alexander PopovAdd the comment that l1d_flush is a part of the l1tf...
2022-03-13 Alexander PopovAdd BPF_UNPRIV_DEFAULT_OFF to cut_attack_surface
2022-03-05 Alexander PopovUse the option type instead of calling hasattr()
2022-03-05 Alexander PopovMerge branch 'refactoring'
2022-02-14 Alexander PopovIntroduce the json_dump() class method refactoring
2022-02-14 Alexander PopovImprove 'type' for ComplexOptCheck and PresenceCheck...
2022-02-14 Alexander PopovMake populate_with_data() aware of data type
2022-02-14 Alexander PopovAdd 'type' for PresenceCheck and VersionCheck
2022-02-14 Alexander PopovRename VerCheck to VersionCheck
2022-02-14 Alexander PopovAdd more ComplexOptCheck validation
2022-02-14 Alexander PopovImprove print_unknown_options()
2022-02-14 Alexander PopovRemove 'CONFIG_' hardcoding
2022-02-11 Alexander PopovMerge branch 'refactoring'
2022-02-11 Alexander PopovRefactor the OR logic code
2022-02-11 Alexander PopovRename config to kconfig where needed (part II)
2022-01-22 Alexander PopovExtract populate_with_data() from perform_checks()
2022-01-22 Alexander PopovRename config to kconfig where needed
2022-01-22 Alexander PopovPrint the type of a check in the json mode
2022-01-22 Alexander PopovComplexOptCheck type has the type of the first opt...
2022-01-21 Alexander PopovUpdate the example output in the README (yes, now I...
2022-01-21 Alexander PopovDo more output tuning
2022-01-21 Alexander PopovUpdate the example output in the README
2022-01-21 Alexander PopovAdd check type
2022-01-21 Alexander PopovUpdate the example output in the README
2022-01-21 Alexander PopovPrint compactly
2022-01-21 Alexander PopovIntroduce KconfigCheck class
2022-01-21 Alexander PopovFix TRIM_UNUSED_KSYMS check
2021-12-24 Alexander PopovAdd l1d_flush (for future reference)
2021-12-05 Alexander PopovAdd ARM64_PTR_AUTH_KERNEL extracted from ARM64_PTR_AUTH
2021-11-21 Alexander PopovDocument the output modes specified by the `-m` parameter
2021-11-21 Alexander PopovTODO: RISC-V
2021-11-09 Alexander PopovUpdate the README (a lot of new checks appeared)
2021-11-09 Alexander PopovKeep the old X86_PTDUMP check as a backup
2021-11-09 Alexander PopovSimplify the check about PTDUMP_DEBUGFS (I was correct)
2021-11-09 Alexander PopovAdd more checks from grsecurity for cutting attack...
2021-11-09 Alexander PopovFix the 'decision' field of the IO_URING check
2021-11-09 Alexander PopovAdd more checks from grsecurity for cutting attack...
2021-11-09 Alexander PopovFix the 'decision' field of the KPROBES check
2021-11-09 Alexander PopovAdd the comment
2021-09-23 Alexander PopovImprove the README
2021-09-23 Alexander PopovGet a bit more coverage
2021-09-23 Alexander PopovUpdate the README v0.5.14
2021-09-22 Alexander PopovMove 'self_protection' & 'maintainer' higher
2021-09-21 Alexander PopovAdd HARDENED_USERCOPY_PAGESPAN check from KSPP
2021-09-21 Alexander PopovAdd comments about the maintainer recommendations
2021-09-21 Alexander PopovFix UBSAN_BOUNDS recommendations
2021-09-21 Alexander PopovRANDOMIZE_KSTACK_OFFSET_DEFAULT is recommended by KSPP
2021-09-16 Alexander PopovUpdate the KSPP recommendations
2021-09-16 Alexander PopovAdd defconfigs for Linux v5.14
2021-09-10 Alexander PopovMerge pull request #54 from evdenis/master
2021-09-10 Denis EfremovAdd BLK_DEV_FD 54/head
2021-09-10 Alexander PopovAdd RANDOMIZE_KSTACK_OFFSET_DEFAULT
2021-08-29 Alexander PopovAdd CFI_CLANG
2021-08-29 Alexander PopovAdd ARM64_EPAN
2021-08-20 Alexander PopovMerge pull request #51 from Hacks4Snacks/master
2021-08-20 Mark D. GrayAdded Linux/x86_64 kernel config link for CBL-Mariner 51/head
2021-08-19 Mark D. GrayAdded cbl-mariner kernel configuration file.
2021-08-14 Alexander PopovAdd hardware tag-based KASAN with arm64 Memory Tagging...
2021-08-14 Alexander PopovAdd the command line parameters that should NOT be set
2021-08-08 Alexander PopovDocument the changes of vm.unprivileged_userfaultfd...
2021-08-08 Alexander PopovAdd the news about PAGE_POISONING
2021-07-02 Alexander PopovImprove wording
2021-06-19 Alexander PopovUpdate the README. v0.5.10
2021-06-19 Alexander PopovFix pylint warning
2021-06-19 Alexander PopovRemember that SHADOW_CALL_STACK depends on clang
2021-06-19 Alexander PopovSTACKPROTECTOR_PER_TASK is also available for ARM64
2021-06-19 Alexander PopovINTEL_IOMMU_SVM is available only for X86_64
2021-06-19 Alexander PopovReorder arch checks
2021-06-19 Alexander PopovSECURITY_DMESG_RESTRICT is recommended by KSPP now
2021-06-19 Alexander PopovThink about kptr_restrict later (KSPP recommends to...
2021-06-19 Alexander PopovMention that nosmt is slow
2021-06-19 Alexander PopovMore info on init_on_free and init_on_alloc
2021-06-19 Alexander PopovSLUB_DEBUG_ON is very slow, leave it for the kernel...
2021-06-19 Alexander PopovUpdate KSPP recommendations
next