Add a special 'desired val' -- 'is not off'

This check gives FAIL if the option value is 'off' or
the option is not found. In other cases this check gives OK.

This feature is needed for checking that the CPU vulnerability mitigations
are not disabled. Let's see how it works and maybe improve it in future.

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index a344e17768f61b08385513f2c07be5996a660fe8..3e3997d867dbccb6f6f115dd791745b01e6e926c 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -94,7 +94,7 @@ class OptCheck:
                    'invalid expected value "{}" for "{}" check (1)'.format(expected, name)
             val_len = len(expected.split())
             if val_len == 3:
-                assert(expected == 'is not set'), \
+                assert(expected == 'is not set' or expected == 'is not off'), \
                    'invalid expected value "{}" for "{}" check (2)'.format(expected, name)
             else:
                 assert(val_len == 1), \
@@ -117,6 +117,16 @@ class OptCheck:
                 self.result = 'OK: is present'
             return
 
+        # handle the 'is not off' option check
+        if self.expected == 'is not off':
+            if self.state == 'off':
+                self.result = 'FAIL: is off'
+            elif self.state is None:
+                self.result = 'FAIL: is off, not found'
+            else:
+                self.result = 'OK: is not off, "' + self.state + '"'
+            return
+
         # handle the option value check
         if self.expected == self.state:
             self.result = 'OK'
@@ -253,6 +263,8 @@ class OR(ComplexOptCheck):
                         self.result = 'OK: {} is not found'.format(opt.name)
                     elif opt.result == 'OK: is present':
                         self.result = 'OK: {} is present'.format(opt.name)
+                    elif opt.result.startswith('OK: is not off'):
+                        self.result = 'OK: {} is not off'.format(opt.name)
                     else:
                         # VersionCheck provides enough info
                         assert(opt.result.startswith('OK: version')), \
@@ -281,6 +293,10 @@ class AND(ComplexOptCheck):
                     self.result = 'FAIL: {} is not "{}"'.format(opt.name, opt.expected)
                 elif opt.result == 'FAIL: is not present':
                     self.result = 'FAIL: {} is not present'.format(opt.name)
+                elif opt.result == 'FAIL: is off':
+                    self.result = 'FAIL: {} is off'.format(opt.name)
+                elif opt.result == 'FAIL: is off, not found':
+                    self.result = 'FAIL: {} is off, not found'.format(opt.name)
                 else:
                     # VersionCheck provides enough info
                     self.result = opt.result