kconfig-hardened-check.git
2022-01-21 Alexander PopovAdd check type
2022-01-21 Alexander PopovUpdate the example output in the README
2022-01-21 Alexander PopovPrint compactly
2022-01-21 Alexander PopovIntroduce KconfigCheck class
2022-01-21 Alexander PopovFix TRIM_UNUSED_KSYMS check
2021-12-24 Alexander PopovAdd l1d_flush (for future reference)
2021-12-05 Alexander PopovAdd ARM64_PTR_AUTH_KERNEL extracted from ARM64_PTR_AUTH
2021-11-21 Alexander PopovDocument the output modes specified by the `-m` parameter
2021-11-21 Alexander PopovTODO: RISC-V
2021-11-09 Alexander PopovUpdate the README (a lot of new checks appeared)
2021-11-09 Alexander PopovKeep the old X86_PTDUMP check as a backup
2021-11-09 Alexander PopovSimplify the check about PTDUMP_DEBUGFS (I was correct)
2021-11-09 Alexander PopovAdd more checks from grsecurity for cutting attack...
2021-11-09 Alexander PopovFix the 'decision' field of the IO_URING check
2021-11-09 Alexander PopovAdd more checks from grsecurity for cutting attack...
2021-11-09 Alexander PopovFix the 'decision' field of the KPROBES check
2021-11-09 Alexander PopovAdd the comment
2021-09-23 Alexander PopovImprove the README
2021-09-23 Alexander PopovGet a bit more coverage
2021-09-23 Alexander PopovUpdate the README v0.5.14
2021-09-22 Alexander PopovMove 'self_protection' & 'maintainer' higher
2021-09-21 Alexander PopovAdd HARDENED_USERCOPY_PAGESPAN check from KSPP
2021-09-21 Alexander PopovAdd comments about the maintainer recommendations
2021-09-21 Alexander PopovFix UBSAN_BOUNDS recommendations
2021-09-21 Alexander PopovRANDOMIZE_KSTACK_OFFSET_DEFAULT is recommended by KSPP
2021-09-16 Alexander PopovUpdate the KSPP recommendations
2021-09-16 Alexander PopovAdd defconfigs for Linux v5.14
2021-09-10 Alexander PopovMerge pull request #54 from evdenis/master
2021-09-10 Denis EfremovAdd BLK_DEV_FD 54/head
2021-09-10 Alexander PopovAdd RANDOMIZE_KSTACK_OFFSET_DEFAULT
2021-08-29 Alexander PopovAdd CFI_CLANG
2021-08-29 Alexander PopovAdd ARM64_EPAN
2021-08-20 Alexander PopovMerge pull request #51 from Hacks4Snacks/master
2021-08-20 Mark D. GrayAdded Linux/x86_64 kernel config link for CBL-Mariner 51/head
2021-08-19 Mark D. GrayAdded cbl-mariner kernel configuration file.
2021-08-14 Alexander PopovAdd hardware tag-based KASAN with arm64 Memory Tagging...
2021-08-14 Alexander PopovAdd the command line parameters that should NOT be set
2021-08-08 Alexander PopovDocument the changes of vm.unprivileged_userfaultfd...
2021-08-08 Alexander PopovAdd the news about PAGE_POISONING
2021-07-02 Alexander PopovImprove wording
2021-06-19 Alexander PopovUpdate the README. v0.5.10
2021-06-19 Alexander PopovFix pylint warning
2021-06-19 Alexander PopovRemember that SHADOW_CALL_STACK depends on clang
2021-06-19 Alexander PopovSTACKPROTECTOR_PER_TASK is also available for ARM64
2021-06-19 Alexander PopovINTEL_IOMMU_SVM is available only for X86_64
2021-06-19 Alexander PopovReorder arch checks
2021-06-19 Alexander PopovSECURITY_DMESG_RESTRICT is recommended by KSPP now
2021-06-19 Alexander PopovThink about kptr_restrict later (KSPP recommends to...
2021-06-19 Alexander PopovMention that nosmt is slow
2021-06-19 Alexander PopovMore info on init_on_free and init_on_alloc
2021-06-19 Alexander PopovSLUB_DEBUG_ON is very slow, leave it for the kernel...
2021-06-19 Alexander PopovUpdate KSPP recommendations
2021-06-19 Alexander PopovAdd defconfigs for v5.10
2021-06-19 Alexander PopovHARDEN_BRANCH_PREDICTOR for ARM64 is enabled by default...
2021-06-18 Alexander PopovAdd ARM64_MTE for userspace
2021-06-18 Alexander PopovMaybe SHADOW_CALL_STACK should be alternative to STACKP...
2021-06-18 Alexander PopovSave 'debugfs=no-mount' for future
2020-10-30 Alexander PopovUpdate the README. v0.5.9
2020-10-30 Alexander PopovFix indentation (thanks to pylint)
2020-10-29 Alexander PopovAdd a Q&A about spectre-meltdown-checker maintained...
2020-10-23 Alexander PopovINIT_STACK_ALL -> INIT_STACK_ALL_ZERO (was renamed)
2020-10-23 Alexander PopovAdd SHADOW_CALL_STACK for ARM64
2020-10-22 Alexander PopovAdd the recommendation about TRIM_UNUSED_KSYMS
2020-10-22 Alexander PopovAdd ARM64_BTI_KERNEL
2020-10-22 Alexander PopovAdd the recommendation about UBSAN_BOUNDS
2020-10-22 Alexander PopovPAGE_POISONING -> PAGE_POISONING_ZERO
2020-10-22 Alexander PopovImprove AND check reports
2020-10-22 Alexander PopovImprove HARDEN_EL2_VECTORS check
2020-10-22 Alexander PopovMerge remote-tracking branch 'pgils/el2_vectors'
2020-10-21 Alexander PopovAdd nested ComplexOptChecks support
2020-10-19 Pelle van GilsDo not check CONFIG_HARDEN_EL2_VECTORS for v5.9+ 48/head
2020-10-16 Alexander PopovAdd TODO about SLUB_DEBUG_ON
2020-10-16 Alexander PopovAdd CLIP OS recommendation about EFI_CUSTOM_SSDT_OVERLAYS
2020-10-16 Alexander PopovDisabling ACPI_TABLE_UPGRADE is now recommended by...
2020-10-16 Alexander PopovWithdraw my recommendation about BPF_JIT
2020-10-14 Alexander PopovUse cross compiler to build defconfigs
2020-10-14 Alexander PopovAdd defconfigs for Linux kernel v5.9
2020-07-15 Alexander PopovUpdate the README v0.5.7
2020-07-15 Alexander PopovFix relevant pylint warnings
2020-07-15 Alexander PopovFix 'decision' priority order ('lockdown' vs 'clipos...
2020-07-15 Alexander PopovAdd CLIP OS recommendations about CONFIG_IO_URING and...
2020-07-15 Alexander PopovAdd CONFIG_EFI_DISABLE_PCI_DMA recommended by CLIP OS
2020-07-15 Alexander PopovFix 'decision' -- CONFIG_INTEGRITY is not enabled by...
2020-07-15 Alexander PopovAdd defconfigs for Linux kernel v5.7
2020-07-15 Alexander PopovTake new AND use case for X86_PTDUMP / PTDUMP_DEBUGFS
2020-07-15 Alexander PopovImprove ComplexOptCheck use cases
2020-07-15 Alexander PopovAdd 'show_ok' and 'show_fail' print modes
2020-07-13 Alexander PopovDeclare variables closer to their usage
2020-07-13 Alexander PopovGet rid of 'kernel_version' global variable
2020-07-13 Alexander PopovBig rework of the report modes
2020-07-13 Alexander PopovAdd another link about user namespaces to Q&A
2020-07-10 Alexander PopovAdd ARM64_PAN
2020-07-09 Alexander PopovUse += instead of append() for checklist
2020-07-09 Alexander PopovReorder some checking rules for better looking code
2020-07-09 Alexander PopovChange the order of arguments in OptCheck constructor
2020-07-09 Alexander PopovDrop unused 'state' property from ComplexOptCheck
2020-07-09 Alexander PopovDon't return self.result in check() method -- it's...
2020-07-06 Alexander PopovARM64_PTR_AUTH is now supported for the kernel (from...
2020-07-03 Alexander PopovAdd the link to huldufolk project by @tych0
2020-05-30 Alexander PopovAdd the link to @BlackIkeEagle article
next