Improve HARDEN_EL2_VECTORS check

In fact HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9.
Use new nested ComplexOptChecks for this rule.

Refers to #48.

diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py
index 8ba238c4a43e66783d45b54518877a869236a9b2..3e6e6096d036ae889f6afc05db8174e1b8a113e7 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -306,7 +306,8 @@ def construct_checklist(l, arch):
         l += [OptCheck('self_protection', 'defconfig', 'ARM64_PAN', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'UNMAP_KERNEL_AT_EL0', 'y')]
         l += [OR(OptCheck('self_protection', 'defconfig', 'HARDEN_EL2_VECTORS', 'y'),
-                 VerCheck((5,9)))] # HARDEN_EL2_VECTORS was removed in v5.9
+                 AND(OptCheck('self_protection', 'defconfig', 'RANDOMIZE_BASE', 'y'),
+                     VerCheck((5, 9))))] # HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9
         l += [OptCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y')]
         l += [OptCheck('self_protection', 'defconfig', 'ARM64_PTR_AUTH', 'y')]
     if arch in ('X86_64', 'ARM64'):