Refers to the issue #14 by @jcberthon.

Report them as FAIL.

Thanks to @Bernhard40 for this nice idea.

Refers to issue #13.

If HARDENED_USERCOPY is not set, HARDENED_USERCOPY_FALLBACK is not checked.

Refers to issue #13.

If PAGE_POISONING is not set, PAGE_POISONING_NO_SANITY and
PAGE_POISONING_ZERO are not checked.

Refers to issue #13.

Use case: AND(<suboption>, <main_option>).
Suboption is not checked if checking of the main_option is failed.

It's needed to solve issue #13.

I like this hack. Now the script recommends to disable modules and
devmem OR harden them at least.

Let's check the RESET_ATTACK_MITIGATION option.

The description of this security feature:
https://lwn.net/Articles/730006/

It needs support from the userspace side:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a5c03c31af2291f13689d11760c0b59fb70c9a5a

Improve the comments about the userspace support by the way.

CONFIG_MODULE_SIG_FORCE shouldn't be checked if CONFIG_MODULES is not set.

Fixes issue #12.
Thanks to @hannob.

And improve the style by the way.

Add the ability to parse the processor architecture from the config file.

Change '-p' command-line argument behaviour. Now it comes with the
name of architecture you want to print recommendations for.

Currently only X86_64 is supported. More architectures to come soon.

This is based heavily on work by @tyhicks.

Create arch-dependent KSPP recommendations.
Thanks to @tyhicks.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

The arm section of the KSPP Recommended_Settings wiki page contains the
following lines:

 # If building an old out-of-tree Qualcomm kernel, this is similar to
 # CONFIG_STRICT_KERNEL_RWX.
 CONFIG_STRICT_MEMORY_RWX=y

Since this option only applies to an old out-of-tree Qualcomm kernel,
it is not included in the config file.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>