Skip to content

K
kernel-hardening-checker
Commit 4e0065c8 by Alexander Popov
Options

Add the check for the iommu cmdline option 

Refers to #76
parent 3b7e9848
Showing with 2 additions and 3 deletions
kconfig_hardened_check/__init__.py
...@@ -10,9 +10,6 @@ ...@@ -10,9 +10,6 @@
# Please don't cry if my Python code looks like C. # Please don't cry if my Python code looks like C.
# #
# #
# N.B Missing hardening command line parameters:
# iommu=force (does it help against DMA attacks?)
#
# Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE): # Hardware tag-based KASAN with arm64 Memory Tagging Extension (MTE):
# kasan=on # kasan=on
# kasan.stacktrace=off # kasan.stacktrace=off
...@@ -796,6 +793,8 @@ def add_cmdline_checks(l, arch): ...@@ -796,6 +793,8 @@ def add_cmdline_checks(l, arch):
# 'self_protection', 'clipos' # 'self_protection', 'clipos'
l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')] l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
if arch in ('X86_64', 'X86_32'):
l += [CmdlineCheck('self_protection', 'clipos', 'iommu', 'force')]
# 'cut_attack_surface', 'defconfig' # 'cut_attack_surface', 'defconfig'
if arch in ('X86_64', 'X86_32'): if arch in ('X86_64', 'X86_32'):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment