From: Alexander Popov <alex.popov@linux.com>
Date: Thu, 22 Oct 2020 16:09:35 +0000 (+0300)
Subject: Improve HARDEN_EL2_VECTORS check
X-Git-Tag: v0.5.9~10
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=45bb1e8f0e193715e0b0072929f063b765b78287;p=kconfig-hardened-check.git

Improve HARDEN_EL2_VECTORS check

In fact HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9.
Use new nested ComplexOptChecks for this rule.

Refers to #48.
---

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 8ba238c..3e6e609 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -306,7 +306,8 @@ def construct_checklist(l, arch):
         l += [OptCheck('self_protection', 'defconfig', 'ARM64_PAN', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'UNMAP_KERNEL_AT_EL0', 'y')]
         l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'),
-                 VerCheck((5,9)))] # HARDEN_EL2_VECTORS was removed in v5.9
+                 AND(OptCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y'),
+                     VerCheck((5, 9))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
         l += [OptCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'ARM64_PTR_AUTH', 'y')]
     if arch in ('X86_64', 'ARM64'):