Add the ssbd check

author Alexander Popov <alex.popov@linux.com>

Fri, 9 Dec 2022 17:37:49 +0000 (20:37 +0300)

committer Alexander Popov <alex.popov@linux.com>

Fri, 9 Dec 2022 17:37:49 +0000 (20:37 +0300)
author Alexander Popov <alex.popov@linux.com>
Fri, 9 Dec 2022 17:37:49 +0000 (20:37 +0300)
committer Alexander Popov <alex.popov@linux.com>
Fri, 9 Dec 2022 17:37:49 +0000 (20:37 +0300)
diff --git a/kconfig_hardened_check/__init__.py b/kconfig_hardened_check/__init__.py

index 48476a439a2b599bd5224f020b0147c04c94040e..15bdcae7c74e033c1096833449a6e184468327dd 100644 (file)
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -20,7 +20,6 @@
  #           tsx=off
  #       ARM64:
  #           kpti=on
-#           ssbd=force-on
  #
  #    Should NOT be set:
  #           sysrq_always_enabled
@@ -751,6 +750,9 @@ def add_cmdline_checks(l, arch):
      l += [OR(CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not off'),
               CmdlineCheck('self_protection', 'defconfig', 'retbleed', 'is not set'))]
      if arch == 'ARM64':
+        l += [OR(CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'kernel'),
+                 CmdlineCheck('self_protection', 'my', 'ssbd', 'force-on'),
+                 CmdlineCheck('self_protection', 'defconfig', 'ssbd', 'is not set'))]
          l += [OR(CmdlineCheck('self_protection', 'defconfig', 'rodata', 'full'),
                   AND(KconfigCheck('self_protection', 'defconfig', 'RODATA_FULL_DEFAULT_ENABLED', 'y'),
                       CmdlineCheck('self_protection', 'defconfig', 'rodata', 'is not set')))]
author	Alexander Popov <alex.popov@linux.com>
	Fri, 9 Dec 2022 17:37:49 +0000 (20:37 +0300)
committer	Alexander Popov <alex.popov@linux.com>
	Fri, 9 Dec 2022 17:37:49 +0000 (20:37 +0300)