Skip to content

K
kernel-hardening-checker
Commit 9c57a383 by Alexander Popov
Options

Add the 'spectre_v2' check 

Don't normalize this cmdline option.
parent d2ef2d8d
Showing with 5 additions and 2 deletions
kconfig_hardened_check/__init__.py
...@@ -18,7 +18,6 @@ ...@@ -18,7 +18,6 @@
# Аrch-independent: # Аrch-independent:
# mitigations=auto,nosmt (nosmt is slow) # mitigations=auto,nosmt (nosmt is slow)
# X86: # X86:
# spectre_v2=on
# spec_store_bypass_disable=on # spec_store_bypass_disable=on
# l1tf=full,force # l1tf=full,force
# l1d_flush=on (a part of the l1tf option) # l1d_flush=on (a part of the l1tf option)
...@@ -747,7 +746,8 @@ def add_cmdline_checks(l, arch): ...@@ -747,7 +746,8 @@ def add_cmdline_checks(l, arch):
# 'self_protection', 'clipos' # 'self_protection', 'clipos'
l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')] l += [CmdlineCheck('self_protection', 'clipos', 'page_alloc.shuffle', '1')]
if arch in ('X86_64', 'X86_32'):
l += [CmdlineCheck('self_protection', 'clipos', 'spectre_v2', 'on')]
# 'cut_attack_surface', 'kspp' # 'cut_attack_surface', 'kspp'
if arch == 'X86_64': if arch == 'X86_64':
...@@ -907,6 +907,9 @@ def normalize_cmdline_options(option, value): ...@@ -907,6 +907,9 @@ def normalize_cmdline_options(option, value):
if option == 'pti': if option == 'pti':
# See pti_check_boottime_disable() in linux/arch/x86/mm/pti.c # See pti_check_boottime_disable() in linux/arch/x86/mm/pti.c
return value return value
if option == 'spectre_v2':
# See spectre_v2_parse_cmdline() in linux/arch/x86/kernel/cpu/bugs.c
return value
if option == 'debugfs': if option == 'debugfs':
# See debugfs_kernel() in fs/debugfs/inode.c # See debugfs_kernel() in fs/debugfs/inode.c
return value return value
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment