projects / kconfig-hardened-check.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0cc764f) | patch
Add a new feature --generate
authorAlexander Popov <alex.popov@linux.com>
Mon, 12 Jun 2023 14:40:50 +0000 (17:40 +0300)
committerAlexander Popov <alex.popov@linux.com>
Mon, 12 Jun 2023 14:44:01 +0000 (17:44 +0300)
commitc6db991b4dc47b19d40640df9824fbbba22bc34d
treeddc942395a9e563d318bc1d293f703afcdba9726tree | snapshot (zip tar.gz)
parent0cc764f51ee9eb1546b5a7f4ea2f8677798c05facommit | diff
Add a new feature --generate

With this argument the tool generates a Kconfig fragment with the security
hardening options for the selected microarchitecture.

Refers to #67.

This Kconfig fragment can be merged with the existing Linux kernel config:

$ ./bin/kconfig-hardened-check -g X86_64 > /tmp/fragment
$ cd ~/linux-src/
$ ./scripts/kconfig/merge_config.sh .config /tmp/fragment
Using .config as base
Merging /tmp/fragment
Value of CONFIG_BUG_ON_DATA_CORRUPTION is redefined by fragment /tmp/fragment:
Previous value: # CONFIG_BUG_ON_DATA_CORRUPTION is not set
New value: CONFIG_BUG_ON_DATA_CORRUPTION=y
...
kconfig_hardened_check/__init__.py diff | blob | history
kconfig-hardened-check