KconfigCheck('self_protection', 'defconfig', 'DEBUG_SET_MODULE_RONX', 'y'),
modules_not_set)] # DEBUG_SET_MODULE_RONX was before v4.11
l += [OR(KconfigCheck('self_protection', 'defconfig', 'REFCOUNT_FULL', 'y'),
- VersionCheck((5, 5)))] # REFCOUNT_FULL is enabled by default since v5.5
+ VersionCheck((5, 5, 0)))] # REFCOUNT_FULL is enabled by default since v5.5
l += [OR(KconfigCheck('self_protection', 'defconfig', 'INIT_STACK_ALL_ZERO', 'y'),
KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STRUCTLEAK_BYREF_ALL', 'y'))]
if arch in ('X86_64', 'ARM64', 'X86_32'):
l += [microcode_is_set] # is needed for mitigating CPU bugs
l += [OR(KconfigCheck('self_protection', 'defconfig', 'MICROCODE_INTEL', 'y'),
AND(microcode_is_set,
- VersionCheck((6, 6))))] # MICROCODE_INTEL was included in MICROCODE since v6.6
+ VersionCheck((6, 6, 0))))] # MICROCODE_INTEL was included in MICROCODE since v6.6
l += [OR(KconfigCheck('self_protection', 'defconfig', 'MICROCODE_AMD', 'y'),
AND(microcode_is_set,
- VersionCheck((6, 6))))] # MICROCODE_AMD was included in MICROCODE since v6.6
+ VersionCheck((6, 6, 0))))] # MICROCODE_AMD was included in MICROCODE since v6.6
l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_SMAP', 'y'),
- VersionCheck((5, 19)))] # X86_SMAP is enabled by default since v5.19
+ VersionCheck((5, 19, 0)))] # X86_SMAP is enabled by default since v5.19
l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_UMIP', 'y'),
KconfigCheck('self_protection', 'defconfig', 'X86_INTEL_UMIP', 'y'))]
if arch in ('ARM64', 'ARM'):
l += [KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_MODULE_REGION_FULL', 'y')]
l += [OR(KconfigCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'),
AND(KconfigCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y'),
- VersionCheck((5, 9))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
+ VersionCheck((5, 9, 0))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
l += [OR(KconfigCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y'),
- VersionCheck((5, 10)))] # HARDEN_BRANCH_PREDICTOR is enabled by default since v5.10
+ VersionCheck((5, 10, 0)))] # HARDEN_BRANCH_PREDICTOR is enabled by default since v5.10
if arch == 'ARM':
l += [KconfigCheck('self_protection', 'defconfig', 'CPU_SW_DOMAIN_PAN', 'y')]
l += [KconfigCheck('self_protection', 'defconfig', 'HARDEN_BRANCH_PREDICTOR', 'y')]
# 1. prepare the checklist
config_checklist = []
config_checklist += [OR(KconfigCheck('reason_1', 'decision_1', 'NAME_1', 'expected_1'),
- VersionCheck((41, 101)))]
+ VersionCheck((41, 101, 0)))]
config_checklist += [AND(KconfigCheck('reason_2', 'decision_2', 'NAME_2', 'expected_2'),
- VersionCheck((44, 1)))]
+ VersionCheck((44, 1, 0)))]
config_checklist += [AND(KconfigCheck('reason_3', 'decision_3', 'NAME_3', 'expected_3'),
- VersionCheck((42, 44)))]
+ VersionCheck((42, 44, 0)))]
config_checklist += [OR(KconfigCheck('reason_4', 'decision_4', 'NAME_4', 'expected_4'),
- VersionCheck((42, 43)))]
+ VersionCheck((42, 43, 0)))]
# 2. prepare the parsed kconfig options
parsed_kconfig_options = OrderedDict()
parsed_kconfig_options['CONFIG_NAME_3'] = 'expected_3'
# 3. prepare the kernel version
- kernel_version = (42, 43)
+ kernel_version = (42, 43, 0)
# 4. run the engine
self.run_engine(config_checklist, parsed_kconfig_options, None, None, kernel_version)
projects / kconfig-hardened-check.git / commitdiff