projects
/
kconfig-hardened-check.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
5a972ea
)
Add the ssbd check
author
Alexander Popov
<alex.popov@linux.com>
Fri, 9 Dec 2022 17:37:49 +0000
(20:37 +0300)
committer
Alexander Popov
<alex.popov@linux.com>
Fri, 9 Dec 2022 17:37:49 +0000
(20:37 +0300)
kconfig_hardened_check/__init__.py
patch
|
blob
|
history
diff --git
a/kconfig_hardened_check/__init__.py
b/kconfig_hardened_check/__init__.py
index 48476a439a2b599bd5224f020b0147c04c94040e..15bdcae7c74e033c1096833449a6e184468327dd 100644
(file)
--- a/
kconfig_hardened_check/__init__.py
+++ b/
kconfig_hardened_check/__init__.py
@@
-20,7
+20,6
@@
# tsx=off
# ARM64:
# kpti=on
# tsx=off
# ARM64:
# kpti=on
-# ssbd=force-on
#
# Should NOT be set:
# sysrq_always_enabled
#
# Should NOT be set:
# sysrq_always_enabled
@@
-751,6
+750,9
@@
def add_cmdline_checks(l, arch):
l += [OR(CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not off'),
CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not set'))]
if arch == 'ARM64':
l += [OR(CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not off'),
CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not set'))]
if arch == 'ARM64':
+ l += [OR(CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'kernel'),
+ CmdlineCheck('self_protection', 'my', 'ssbd', 'force-on'),
+ CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'is not set'))]
l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]