zephyr/scripts/kconfig/hardenconfig.py

80 lines
2.1 KiB
Python
Executable File

#!/usr/bin/env python3
# Copyright (c) 2019 Intel Corporation
# SPDX-License-Identifier: Apache-2.0
import csv
import os
from kconfiglib import standard_kconfig
def hardenconfig(kconf):
kconf.load_config()
hardened_kconf_filename = os.path.join(os.environ['ZEPHYR_BASE'],
'scripts', 'kconfig', 'hardened.csv')
options = compare_with_hardened_conf(kconf, hardened_kconf_filename)
display_results(options)
class Option:
def __init__(self, name, recommended, current=None, symbol=None):
self.name = name
self.recommended = recommended
self.current = current
self.symbol = symbol
if current is None:
self.result = 'NA'
elif recommended == current:
self.result = 'PASS'
else:
self.result = 'FAIL'
def compare_with_hardened_conf(kconf, hardened_kconf_filename):
options = []
with open(hardened_kconf_filename) as csvfile:
csvreader = csv.reader(csvfile)
for row in csvreader:
name = row[0]
recommended = row[1]
try:
symbol = kconf.syms[name]
current = symbol.str_value
except KeyError:
symbol = None
current = None
options.append(Option(name=name, current=current,
recommended=recommended, symbol=symbol))
return options
def display_results(options):
# header
print('{:^50}|{:^13}|{:^20}'.format('name', 'current', 'recommended'), end='')
print('||{:^28}\n'.format('check result'), end='')
print('=' * 116)
# results, only printing options that have failed for now. It simplify the readability.
# TODO: add command line option to show all results
for opt in options:
if opt.result == 'FAIL' and opt.symbol.visibility != 0:
print('CONFIG_{:<43}|{:^13}|{:^20}'.format(
opt.name, opt.current, opt.recommended), end='')
print('||{:^28}\n'.format(opt.result), end='')
print()
def main():
hardenconfig(standard_kconfig())
if __name__ == '__main__':
main()