From 6014d0e9443e4de6229b09f1c8586949b9ecd2b7 Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 9 Dec 2023 22:10:32 +0300
Subject: [PATCH] Add the CPU_SRSO check

---
 kernel_hardening_checker/checks.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 748ba22..ff42ca7 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -65,6 +65,7 @@ def add_kconfig_checks(l, arch):
         l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_INTEL', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE_AMD', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y')]
+        l += [KconfigCheck('self_protection', 'defconfig', 'CPU_SRSO', 'y')]
         l += [KconfigCheck('self_protection', 'defconfig', 'SYN_COOKIES', 'y')] # another reason?
         microcode_is_set = KconfigCheck('self_protection', 'defconfig', 'MICROCODE', 'y')
         l += [microcode_is_set] # is needed for mitigating CPU bugs
-- 
2.31.1