- 09 Dec, 2022 1 commit
-
-
Alexander Popov authored
-
- 08 Dec, 2022 3 commits
-
-
3.10 is parsed as a number and it is trimmed to 3.1. That is expected behavior for numbers, but it's crazy for versions.
Alexander Popov authored -
Current `ubuntu-latest` (Ubuntu 22.04 for x86_64) provides the following versions of Python: - 3.10.8 - 3.11.0 - 3.7.15 - 3.8.15 - 3.9.15
Alexander Popov authored -
Alexander Popov authored
-
- 17 Nov, 2022 11 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
- 11 Nov, 2022 1 commit
-
-
The default value for the 'mitigations' option is 'auto'. So this option should be enabled ('is not off') or not set at all.Alexander Popov authored
-
- 09 Nov, 2022 3 commits
-
-
Alexander Popov authored
-
This check gives FAIL if the option value is 'off' or the option is not found. In other cases this check gives OK. This feature is needed for checking that the CPU vulnerability mitigations are not disabled. Let's see how it works and maybe improve it in future.
Alexander Popov authored -
Alexander Popov authored
-
- 08 Nov, 2022 1 commit
-
-
Alexander Popov authored
-
- 23 Oct, 2022 4 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
Alexander Popov authored
-
Thanks to @kees
Alexander Popov authored
-
- 22 Oct, 2022 3 commits
-
-
Thanks to @kees
Alexander Popov authored -
Thanks to @kees
Alexander Popov authored -
Alexander Popov authored
-
- 13 Oct, 2022 6 commits
-
-
Thanks to @kees
Alexander Popov authored -
Thanks to @kees
Alexander Popov authored -
Clip OS says that RANDOM_TRUST_BOOTLOADER and RANDOM_TRUST_CPU should be disabled if HW_RANDOM_TPM is enabled. The Clip OS description: Do not credit entropy included in Linux’s entropy pool when generated by the CPU manufacturer’s HWRNG, the bootloader or the UEFI firmware. Fast and robust initialization of Linux’s CSPRNG is instead achieved thanks to the TPM’s HWRNG. At the same time KSPP recommends to enable RANDOM_TRUST_BOOTLOADER and RANDOM_TRUST_CPU anyway: Get as much entropy as possible from external sources. The Chacha mixer isn't vulnerable to injected entropy, so even malicious sources should not cause problems. In this situation, I think kconfig-hardened-check should check only HW_RANDOM_TPM (there is no contradiction about it) and leave the decision about RANDOM_TRUST_BOOTLOADER and RANDOM_TRUST_CPU to the owner of the system.
Alexander Popov authored -
Thanks to @kees
Alexander Popov authored -
Thanks to @kees
Alexander Popov authored -
Alexander Popov authored
-
- 12 Oct, 2022 1 commit
-
-
Alexander Popov authored
-
- 09 Oct, 2022 6 commits
-
-
Alexander Popov authored
-
Alexander Popov authored
-
Clip OS description: it "will eventually be n".
Alexander Popov authored -
Alexander Popov authored
-
RANDOM_TRUST_BOOTLOADER and RANDOM_TRUST_CPU should be disabled if HW_RANDOM_TPM is enabled. The Clip OS description: Do not credit entropy included in Linux’s entropy pool when generated by the CPU manufacturer’s HWRNG, the bootloader or the UEFI firmware. Fast and robust initialization of Linux’s CSPRNG is instead achieved thanks to the TPM’s HWRNG.
Alexander Popov authored -
Disabling COREDUMP is needed for cutting userspace attack surface.
Alexander Popov authored
-
