kconfig-hardened-check.git
2022-11-17 Alexander PopovDo refactoring in normalize_cmdline_options()
2022-11-17 Alexander PopovAdd the spec_store_bypass_disable check
2022-11-17 Alexander PopovAdd the spectre_v2 check
2022-11-17 Alexander PopovIntroduce the 'is present' check instead of expected...
2022-11-11 Alexander PopovAdd the 'mitigations' check
2022-11-09 Alexander PopovAdd the nosmt check
2022-11-09 Alexander PopovAdd a special 'desired val' -- 'is not off'
2022-11-09 Alexander PopovImprove the result descriptions
2022-11-08 Alexander PopovAdd assertions to check arguments of the Class constructors
2022-10-23 Alexander PopovUpdate the README
2022-10-23 Alexander PopovAdd the ARM64_E0PD check
2022-10-23 Alexander PopovFix the SCHED_CORE check: it's now available for ARM64...
2022-10-23 Alexander PopovUpdate the self-protection checks adopted by KSPP ...
2022-10-22 Alexander PopovUpdate the self-protection checks adopted by KSPP ...
2022-10-22 Alexander PopovUpdate the self-protection checks adopted by KSPP ...
2022-10-22 Alexander PopovUpdate the KSPP recommendations again
2022-10-13 Alexander PopovUpdate the self-protection checks adopted by KSPP ...
2022-10-13 Alexander PopovUpdate the self-protection checks adopted by KSPP ...
2022-10-13 Alexander PopovUpdate the HW_RANDOM_TPM check
2022-10-13 Alexander PopovUpdate the UBSAN checks according to the KSPP recommend...
2022-10-13 Alexander PopovUpdate the security policy checks adopted by KSPP
2022-10-13 Alexander PopovUpdate the KSPP recommendations
2022-10-12 Alexander PopovImprove the README
2022-10-09 Alexander PopovUpdate the README
2022-10-09 Alexander PopovDrop some of my security policy recommendations
2022-10-09 Alexander PopovCheck SECURITY_SELINUX_DEVELOP (recommended by Clip OS)
2022-10-09 Alexander PopovCheck SECURITY_SELINUX_BOOTPARAM (recommended by Clip OS)
2022-10-09 Alexander PopovImprove the HW_RANDOM_TPM check
2022-10-09 Alexander PopovCheck COREDUMP (recommended by Clip OS)
2022-10-09 Alexander PopovCheck CONFIG_HW_RANDOM_TPM (recommended by Clip OS)
2022-10-09 Alexander PopovCheck X86_MCE, X86_MCE_INTEL, X86_MCE_AMD (recommended...
2022-10-09 Alexander PopovImprove the README
2022-10-07 Alexander PopovUpdate the README
2022-10-02 Alexander PopovAlso check 'nospectre_v2' with 'spectre_v2'
2022-10-02 Alexander PopovChange the reason for the 'nopti' check
2022-10-02 Alexander PopovChange the reason for the 'nokaslr' check
2022-10-02 Alexander PopovAdd the 'spectre_v2' check
2022-10-02 Alexander PopovAdd the 'nospectre_v2' check
2022-10-02 Alexander PopovChange the reason for the 'nosmep' and 'nosmap' checks
2022-10-02 Alexander PopovAdd the 'nospectre_v1' check
2022-10-02 Alexander PopovAdd the 'nopti' check
2022-09-24 Alexander PopovAdd the comments: CC_IS_GCC and CC_IS_CLANG exist since...
2022-09-24 Alexander PopovAdd the UBSAN_LOCAL_BOUNDS check for Clang build
2022-09-18 Alexander PopovUpdate the links to AOSP and GKI
2022-09-02 Alexander PopovUpdate the README
2022-09-02 Alexander PopovDetect the compiler used for the kernel compilation
2022-09-02 Alexander PopovDon't use CONFIG_CC_IS_GCC in the checks (it was introd...
2022-09-02 Alexander PopovMove get-nix-kconfig.py to kconfig_hardened_check/confi...
2022-09-02 Alexander PopovFix the X86_SMAP check: it is enabled by default since...
2022-09-02 Alexander PopovCheck the nosmap and nosmep cmdline parameters
2022-09-02 Alexander PopovAdapt the RANDSTRUCT checks to the changes in Linux...
2022-09-02 Alexander PopovFix the comment: SHADOW_CALL_STACK is now available...
2022-09-02 Alexander PopovAdd the SECURITY_LANDLOCK recommendation by KSPP
2022-08-23 Alexander PopovCheck the nokaslr cmdline parameter
2022-08-20 Alexander PopovRequire GCC for the GCC plugins (part II)
2022-08-20 Alexander PopovRequire GCC for the GCC plugins
2022-08-20 Alexander PopovIntroduce cc_is_gcc and cc_is_clang
2022-08-20 Alexander PopovNo, the 'page_alloc.shuffle' should be set anyway
2022-08-20 Alexander PopovDrop the comment about slub_debug=FZ
2022-08-17 Alexander PopovAdd the debugfs check
2022-08-17 Alexander PopovImprove the comments
2022-08-17 Alexander PopovAdd the 'page_alloc.shuffle' check
2022-08-14 Alexander PopovAdd more values for the normalization
2022-08-14 Alexander PopovImplement the normalization of cmdline options
2022-08-14 Alexander PopovDescribe the meaning of the checks
2022-08-13 Alexander PopovCheck the 'rodata' cmdline parameter on the arches...
2022-08-13 Alexander PopovCheck hardened_usercopy in the cmdline
2022-08-13 Alexander PopovAdd the comment about vm.mmap_min_addr sysctl (for...
2022-08-13 Alexander PopovSECURITY_DMESG_RESTRICT is more about cutting attack...
2022-07-21 Alexander PopovImprove the slab_common.usercopy_fallback check
2022-07-21 Alexander PopovAdd the slab_common.usercopy_fallback check
2022-07-21 Alexander PopovImprove the STACKPROTECTOR check
2022-07-21 Alexander PopovDon't mention LKDTM
2022-07-17 Alexander PopovAdd info about the LKDDb project by @cateee
2022-07-17 Alexander PopovCheck ARM64_BTI for userspace hardening
2022-07-17 Alexander PopovCheck ARM64_PTR_AUTH for userspace hardening
2022-07-17 Alexander PopovAdd rodata check for ARM64
2022-07-11 Alexander PopovAdd iommu.passthrough check
2022-07-11 Alexander PopovAdd IOMMU_DEFAULT_PASSTHROUGH check
2022-07-11 Alexander PopovAdd iommu.strict check
2022-07-11 Alexander PopovAdd vsyscall check
2022-07-09 Alexander PopovDon't add CmdlineChecks in add_kconfig_checks() to...
2022-07-09 Alexander PopovAdd slub_debug check
2022-07-08 Alexander PopovAdd the release badge
2022-06-20 Alexander PopovAdd the init_on_free check
2022-06-20 Alexander PopovAdd the page_poison check required for PAGE_POISONING_ZERO
2022-06-20 Alexander PopovRewrite the slab_nomerge check
2022-06-20 Alexander PopovRewrite the randomize_kstack_offset check
2022-06-19 Alexander PopovCheck that a kconfig option value is sane
2022-06-19 Alexander PopovAdd a tricky check for init_on_alloc and INIT_ON_ALLOC_...
2022-06-19 Alexander PopovMove the add_cmdline_checks() call earlier
2022-06-08 Alexander PopovDon't check __name__ in __init__.py (it can't run separ...
2022-06-08 Alexander PopovFix the pylint warning about isinstance
2022-06-08 Alexander PopovDrop unneeded properties of ComplexOptCheck
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 4)
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 3)
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 2)
2022-06-08 Alexander PopovTurn some error conditions into assertions (part 1)
2022-06-08 Alexander PopovDrop useless checks, the ComplexOptCheck constructor...
2022-06-08 Alexander Popovgithub actions: Test error handling (part 2)
next