X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kernel_hardening_checker%2Fchecks.py;h=6b9db7a85f8a38962d3c791d06e1408632e48e73;hb=b23112f17deaa07ece6c578516deaca678be7f14;hp=99e8810fb324a4bc417b6a875d656b6bfb0af6f2;hpb=3224016c39c28c0797b63957599e01453a832e66;p=kconfig-hardened-check.git

diff --git a/kernel_hardening_checker/checks.py b/kernel_hardening_checker/checks.py
index 99e8810..6b9db7a 100644
--- a/kernel_hardening_checker/checks.py
+++ b/kernel_hardening_checker/checks.py
@@ -26,7 +26,6 @@ def add_kconfig_checks(l, arch):
     efi_not_set = KconfigCheck('-', '-', 'EFI', 'is not set')
     cc_is_gcc = KconfigCheck('-', '-', 'CC_IS_GCC', 'y') # exists since v4.18
     cc_is_clang = KconfigCheck('-', '-', 'CC_IS_CLANG', 'y') # exists since v4.18
-    gcc_plugins_support_is_set = KconfigCheck('-', '-', 'GCC_PLUGINS', 'y')
 
     modules_not_set = KconfigCheck('cut_attack_surface', 'kspp', 'MODULES', 'is not set') # radical, but may be useful in some cases
     devmem_not_set = KconfigCheck('cut_attack_surface', 'kspp', 'DEVMEM', 'is not set') # refers to LOCKDOWN
@@ -159,7 +158,6 @@ def add_kconfig_checks(l, arch):
     l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_PAGESPAN', 'is not set'),
               hardened_usercopy_is_set)] # this debugging for HARDENED_USERCOPY is not needed for security
     l += [AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_LATENT_ENTROPY', 'y'),
-              gcc_plugins_support_is_set,
               cc_is_gcc)]
     l += [OR(KconfigCheck('self_protection', 'kspp', 'MODULE_SIG', 'y'),
              modules_not_set)]
@@ -199,15 +197,12 @@ def add_kconfig_checks(l, arch):
     if arch in ('X86_64', 'ARM64', 'X86_32'):
         stackleak_is_set = KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_STACKLEAK', 'y')
         l += [AND(stackleak_is_set,
-                  gcc_plugins_support_is_set,
                   cc_is_gcc)]
         l += [AND(KconfigCheck('self_protection', 'kspp', 'STACKLEAK_METRICS', 'is not set'),
                   stackleak_is_set,
-                  gcc_plugins_support_is_set,
                   cc_is_gcc)]
         l += [AND(KconfigCheck('self_protection', 'kspp', 'STACKLEAK_RUNTIME_DISABLE', 'is not set'),
                   stackleak_is_set,
-                  gcc_plugins_support_is_set,
                   cc_is_gcc)]
         l += [KconfigCheck('self_protection', 'kspp', 'RANDOMIZE_KSTACK_OFFSET_DEFAULT', 'y')]
     if arch in ('X86_64', 'ARM64'):