Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync #58

Closed
Churam opened this issue Jan 17, 2022 · 2 comments
Closed

CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync #58

Churam opened this issue Jan 17, 2022 · 2 comments

Comments

@Churam
Copy link

Churam commented Jan 17, 2022

It seems there is a problem with the current stable kernel (5.15.14 at the date of this issue).

The kernel option TRIM_UNUSED_KSYMS is defined in my config as:

Symbol: TRIM_UNUSED_KSYMS [=n]
Type  : bool
Defined at init/Kconfig:2301
Prompt: Trim unused exported kernel symbols
Depends on: MODULES [=n] && !COMPILE_TEST [=n]
Visible if: MODULES [=n] && !COMPILE_TEST [=n] && EXPERT [=y]
Location: 
(1) -> Enable loadable module support (MODULES [=n])

Or the script (with the setup above) outputs me:
CONFIG_TRIM_UNUSED_KSYMS | y | my | cut_attack_surface | FAIL: not found

But as the hardening requires to have MODULES = n (is not set) it is impossible to set TRIM_UNUSED_KSYMS through menuconfig.
@Churam Churam changed the title CONFIG_TRIM_UNUSED_KSYMS CONFIG_TRIM_UNUSED_KSYMS and CONFIG_MODULES not in sync Jan 17, 2022
a13xp0p0v added a commit that referenced this issue Jan 21, 2022
@a13xp0p0v
Fix TRIM_UNUSED_KSYMS check
7ed482b 
TRIM_UNUSED_KSYMS can't be enabled if MODULES are disabled.

Thanks to @Churam for reporting.
Refers to #58.
@a13xp0p0v
Copy link
Owner

@Churam thanks for your report!

Fixed.

The output for your case now:

CONFIG_TRIM_UNUSED_KSYMS   |   y   |   my   | cut_attack_surface |  OK: CONFIG_MODULES "is not set"

@Churam
Copy link
Author

Churam commented Jan 24, 2022

Fix OK
Output is now as expected, closing issue

@Churam Churam closed this as completed Jan 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@a13xp0p0v @Churam