From 2b5bf3548b6a7edbf7cd74278d570b658f9ab34a Mon Sep 17 00:00:00 2001
From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 14 Aug 2021 09:33:14 +0300
Subject: [PATCH] Add the command line parameters that should NOT be set

---
 kconfig_hardened_check/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index e1b5a5e..e0f2e01 100644
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -34,6 +34,11 @@
 #           kpti=on
 #           ssbd=force-on
 #
+#    Should NOT be set:
+#           nokaslr
+#           arm64.nobti
+#           arm64.nopauth
+#
 # N.B. Hardening sysctls:
 #    kernel.kptr_restrict=2 (or 1?)
 #    kernel.dmesg_restrict=1 (also see the kconfig option)
-- 
2.31.1