The GitHub Actions virtual machine has such a sysctl:
  fs.binfmt_misc.llvm-14-runtime/binfmt = enabled

This example shows that sysctl names may contain the / symbol.

Refers to #65

Much better code, no functional changes

Refers to #65

Don't emit ERROR here. Even GitHub Actions machines have repeated options
in /proc/cmdline.

Also see the comment in cmdline parsing for x86:
https://elixir.bootlin.com/linux/v5.16.7/source/arch/x86/boot/cmdline.c#L21
```
In accordance with standard Linux practice, if this option is repeated,
this returns the last instance on the command line.
```

And fix the wording in the error message by the way.

Refers to #65

Refers to #65

The XFS V4 format is deprecated:
https://elixir.bootlin.com/linux/v6.3.11/source/fs/xfs/Kconfig#L25

Quote:
The V4 filesystem format lacks certain features that are supported
by the V5 format, such as metadata checksumming, strengthened
metadata verification, and the ability to store timestamps past the
year 2038. Because of this, the V4 format is deprecated. All users
should upgrade by backing up their files, reformatting, and restoring
from the backup... To close off an attack surface, say N.

The Kconfig fragment should describe the microarchitecture to avoid mistakes.

I tested CONFIG_CMDLINE and CONFIG_BOOT_CONFIG mechanisms.
They allow passing additional boot parameters for the Linux kernel.

I see that all boot parameters are collected in /proc/cmdline.

So /proc/cmdline is the only information source that we should check to
analyze the Linux kernel boot parameters.

Refers to #65

With this argument the tool generates a Kconfig fragment with the security
hardening options for the selected microarchitecture.

Refers to #67.

This Kconfig fragment can be merged with the existing Linux kernel config:

$ ./bin/kconfig-hardened-check -g X86_64 > /tmp/fragment
$ cd ~/linux-src/
$ ./scripts/kconfig/merge_config.sh .config /tmp/fragment
Using .config as base
Merging /tmp/fragment
Value of CONFIG_BUG_ON_DATA_CORRUPTION is redefined by fragment /tmp/fragment:
Previous value: # CONFIG_BUG_ON_DATA_CORRUPTION is not set
New value: CONFIG_BUG_ON_DATA_CORRUPTION=y
...

See vdso32_setup() in arch/x86/entry/vdso/vdso32-setup.c

See vsyscall_setup() in arch/x86/entry/vsyscall/vsyscall_64.c

See iommu_setup() in arch/x86/kernel/pci-dma.c

See setup_slub_debug() in mm/slub.c