Skip to content

Commit

Permalink
Add the new name of SPECULATION_MITIGATIONS
Browse files Browse the repository at this point in the history
Since Linux v6.9 it's called CONFIG_CPU_MITIGATIONS.

Refers to #127, #117
  • Loading branch information
a13xp0p0v committed Jun 2, 2024
1 parent d690e6b commit ea24300
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion kernel_hardening_checker/checks.py
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
if arch in ('X86_64', 'ARM64', 'ARM'):
l += [vmap_stack_is_set]
if arch in ('X86_64', 'X86_32'):
l += [KconfigCheck('self_protection', 'defconfig', 'SPECULATION_MITIGATIONS', 'y')]
l += [KconfigCheck('self_protection', 'defconfig', 'DEBUG_WX', 'y')]
l += [KconfigCheck('self_protection', 'defconfig', 'WERROR', 'y')]
l += [KconfigCheck('self_protection', 'defconfig', 'X86_MCE', 'y')]
Expand All @@ -88,6 +87,8 @@ def add_kconfig_checks(l: List[ChecklistObjType], arch: str) -> None:
cpu_sup_intel_not_set)]
l += [OR(KconfigCheck('self_protection', 'defconfig', 'X86_MCE_AMD', 'y'),
cpu_sup_amd_not_set)]
l += [OR(KconfigCheck('self_protection', 'defconfig', 'CPU_MITIGATIONS', 'y'),
KconfigCheck('self_protection', 'defconfig', 'SPECULATION_MITIGATIONS', 'y'))]
l += [OR(KconfigCheck('self_protection', 'defconfig', 'MITIGATION_RETPOLINE', 'y'),
KconfigCheck('self_protection', 'defconfig', 'RETPOLINE', 'y'))]
if arch in ('ARM64', 'ARM'):
Expand Down

0 comments on commit ea24300

Please sign in to comment.