Skip to content

K
kernel-hardening-checker
Commit 5d9e4f83 by Alexander Popov
Options

Add the comments about HARDENED_USERCOPY features

parent fb93b0f1
Showing with 2 additions and 2 deletions
kconfig_hardened_check/checks.py
...@@ -166,9 +166,9 @@ def add_kconfig_checks(l, arch): ...@@ -166,9 +166,9 @@ def add_kconfig_checks(l, arch):
hardened_usercopy_is_set = KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y') hardened_usercopy_is_set = KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY', 'y')
l += [hardened_usercopy_is_set] l += [hardened_usercopy_is_set]
l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'), l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_FALLBACK', 'is not set'),
hardened_usercopy_is_set)] hardened_usercopy_is_set)] # usercopy whitelist violations should be prohibited
l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_PAGESPAN', 'is not set'), l += [AND(KconfigCheck('self_protection', 'kspp', 'HARDENED_USERCOPY_PAGESPAN', 'is not set'),
hardened_usercopy_is_set)] hardened_usercopy_is_set)] # this debugging for HARDENED_USERCOPY is not needed for security
l += [AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_LATENT_ENTROPY', 'y'), l += [AND(KconfigCheck('self_protection', 'kspp', 'GCC_PLUGIN_LATENT_ENTROPY', 'y'),
gcc_plugins_support_is_set)] gcc_plugins_support_is_set)]
l += [OR(KconfigCheck('self_protection', 'kspp', 'MODULE_SIG', 'y'), l += [OR(KconfigCheck('self_protection', 'kspp', 'MODULE_SIG', 'y'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment