IOMMU_SUPPORT is needed for all architectures

487ad847 · Alexander Popov · e8eba6a4 · 487ad847
Commit 487ad847 authored Mar 18, 2020 by Alexander Popov
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

kconfig-hardened-check.py kconfig-hardened-check.py +2 -2

No files found.
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -238,14 +238,14 @@ def construct_checklist(checklist, arch):
    checklist.append(OptCheck('GCC_PLUGINS',                 'y', 'defconfig', 'self_protection'))
    checklist.append(OR(OptCheck('REFCOUNT_FULL',               'y', 'defconfig', 'self_protection'), \
                        VerCheck((5, 5)))) # REFCOUNT_FULL is enabled by default since v5.5
+    iommu_support_is_set = OptCheck('IOMMU_SUPPORT',         'y', 'defconfig', 'self_protection') # is needed for mitigating DMA attacks
+    checklist.append(iommu_support_is_set)
    if arch == 'X86_64' or arch == 'X86_32':
        checklist.append(OptCheck('MICROCODE',                   'y', 'defconfig', 'self_protection')) # is needed for mitigating CPU bugs
        checklist.append(OptCheck('RETPOLINE',                   'y', 'defconfig', 'self_protection'))
        checklist.append(OptCheck('X86_SMAP',                    'y', 'defconfig', 'self_protection'))
        checklist.append(OR(OptCheck('X86_UMIP',                 'y', 'defconfig', 'self_protection'), \
                            OptCheck('X86_INTEL_UMIP',           'y', 'defconfig', 'self_protection')))
-        iommu_support_is_set = OptCheck('IOMMU_SUPPORT',         'y', 'defconfig', 'self_protection') # is needed for mitigating DMA attacks
-        checklist.append(iommu_support_is_set)
        checklist.append(OptCheck('SYN_COOKIES',                 'y', 'defconfig', 'self_protection')) # another reason?
    if arch == 'X86_64':
        checklist.append(OptCheck('PAGE_TABLE_ISOLATION',        'y', 'defconfig', 'self_protection'))