206e4b7fbc
add detection of retpoline-aware compiler
2018-01-08 16:28:00 +01:00
1a14483c98
Use 'readelf' instead of 'file' to detect kernel
2018-01-08 15:56:19 +01:00
26564206db
Do not execute checks if we already found that PTI is enabled
2018-01-08 15:56:19 +01:00
207168e097
detect if the used compiler supports retpoline (WIP)
2018-01-08 15:45:09 +01:00
f8ca11e56a
Merge pull request #12 from sebastianw/fix-double-print
...
Remove superfluous 'YES' output when checking cpuinfo
2018-01-08 15:05:15 +01:00
c88acdd31d
Remove superfluous 'YES' output when checking cpuinfo
2018-01-08 14:50:59 +01:00
88df48f4a7
Merge pull request #11 from sebastianw/kaiser-cpu-flag
...
Recognize 'kaiser' flag in /proc/cpuinfo
2018-01-08 14:45:40 +01:00
124ce8e27a
Recognize 'kaiser' flag in /proc/cpuinfo
2018-01-08 14:38:43 +01:00
7bbcfe0df7
Merge pull request #7 from Feandil/redhat
...
Redhat support
2018-01-08 14:17:33 +01:00
a792348928
RedHat uses a different configuration name
2018-01-08 12:59:12 +01:00
66f7708095
Refactor RedHat support:
...
- Isolate file check to different elif (allowing to add more)
- Do the PTI debugfs check first (faster and supposed to be dynamic)
- If pti_enable is 0, don't trust dmesg (supposed to be dynamic)
2018-01-08 12:59:03 +01:00
34ef5ef21b
Delay umount (for RedHat access to pti_enable)
2018-01-08 12:58:22 +01:00
edbdf0da1f
push the lfence opcodes threshold to 70
2018-01-08 12:49:23 +01:00
68adbfdf14
Merge pull request #10 from Alkorin/permissionDenied
...
Avoid 'cat: /sys/kernel/debug/x86/pti_enabled: Permission denied'
2018-01-08 12:44:09 +01:00
47c30babf1
Avoid 'cat: /sys/kernel/debug/x86/pti_enabled: Permission denied'
2018-01-08 12:41:28 +01:00
ef7a5c4cf6
adding uname -v to get potential additional vendor information
2018-01-08 12:22:56 +01:00
4406910bea
Merge pull request #8 from Feandil/debugfs
...
Fix debugfs mount check
2018-01-08 12:19:23 +01:00
b7197d6f54
Fix debugfs mount check
2018-01-08 12:15:51 +01:00
c792fa35bf
add kernel version information to the output
2018-01-08 12:14:12 +01:00
d1498fe03f
Merge pull request #5 from fccagou/centos
...
fix(centos): check according to redhat patch.
2018-01-08 12:10:07 +01:00
12bdd0e412
root check is now more visible
2018-01-08 11:31:19 +01:00
89f9bef577
Merge pull request #4 from dguglielmi/add-genkernel-support
...
Add support for Gentoo genkernel image path
2018-01-08 11:24:07 +01:00
0f50e04dab
fix(centos): check according to redhat patch. https://access.redhat.com/articles/3311301
2018-01-08 11:14:22 +01:00
bf056ae73d
Add support for Gentoo genkernel image path
2018-01-08 11:08:53 +01:00
623e180ae1
Merge pull request #3 from TheHendla/arch_boot_img
...
add arch linux bootimage path
2018-01-08 10:51:59 +01:00
40a9d43c44
add arch linux bootimage path
2018-01-08 10:36:29 +01:00
c1004d5171
fix extract-vmlinux for non-gzip
2018-01-08 09:56:29 +01:00
fa0850466e
add some comments, enhance pti detection
2018-01-08 09:37:54 +01:00
5c14384e15
Merge pull request #1 from t-nelis/root-check
...
Improve "running as root" check
2018-01-08 08:58:21 +01:00
1aaca63dcf
Improve "running as root" check
...
Small issue with the USER environment variable:
$ echo $USER
thib
$ sudo sh -c 'echo $USER'
thib
$ sudo -i sh -c 'echo $USER'
root
Rather than recommending users to use sudo --login / -i, use the (very
widespread/portable) id program to retrieve the effective user ID
instead and don't change the recommendation.
$ id -u
1000
$ sudo id -u
0
$ sudo -i id -u
0
2018-01-08 01:22:14 +01:00
96dfa03c00
fix for uncompressed vmlinux case
2018-01-08 00:45:12 +01:00
05c79425ab
detect kpti directly in vmlinux if option is not there
2018-01-07 22:47:41 +01:00
9def0c949a
update readme
2018-01-07 20:13:10 +01:00
64eb1d005c
add couple missing elses
2018-01-07 18:49:15 +01:00
bffda8b3e7
remove dependency on rdmsr
2018-01-07 18:36:56 +01:00
13f2133a97
cosmetic fix
2018-01-07 18:14:08 +01:00
8c2fd0f0bb
fix MSR reading, need rdmsr for now
2018-01-07 18:13:25 +01:00
761c2b80e4
cosmetic fix
2018-01-07 17:19:37 +01:00
d6977928e5
msg fix
2018-01-07 17:15:08 +01:00
bd4c74331e
add retpolines check
2018-01-07 16:57:14 +01:00
82972f8790
fix status unknown for variant 1
2018-01-07 16:32:34 +01:00
30de4f6336
remove hardcoded kernel image path
2018-01-07 16:25:50 +01:00
9ed1fcd98a
cosmetic + v0.02
2018-01-07 16:22:30 +01:00
ef7c0d7ec5
add variant 1 check
2018-01-07 16:16:11 +01:00
3b760822ff
fix echo under some shells
2018-01-07 16:00:01 +01:00
0201b02313
typofix
2018-01-07 15:37:50 +01:00
c937e6603b
add System.map way of detecting kpti build
2018-01-07 15:36:05 +01:00
0c4591f8ec
fix readme
2018-01-07 15:02:59 +01:00
4211178b3a
v0.01
2018-01-07 15:00:59 +01:00
3b59139e79
Initial commit
2018-01-07 15:00:15 +01:00
Stéphane Lesimple
Alkorin
Sebastian Wiesinger
Vincent Brillault
fccagou
David Guglielmi
Frederik Schreiber
Thibault Nélis