summaryrefslogtreecommitdiffstats
path: root/src/analyze
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/analyze/analyze-pcrs.c2
-rw-r--r--src/analyze/analyze-security.c4
2 files changed, 3 insertions, 3 deletions
diff --git a/src/analyze/analyze-pcrs.c b/src/analyze/analyze-pcrs.c
index 43e415f..1c3da3f 100644
--- a/src/analyze/analyze-pcrs.c
+++ b/src/analyze/analyze-pcrs.c
@@ -11,7 +11,7 @@
static int get_pcr_alg(const char **ret) {
assert(ret);
- FOREACH_STRING(alg, "sha256", "sha1") {
+ FOREACH_STRING(alg, "sha256", "sha384", "sha1") {
_cleanup_free_ char *p = NULL;
if (asprintf(&p, "/sys/class/tpm/tpm0/pcr-%s/0", alg) < 0)
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 75508f4..3d7b647 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -1244,8 +1244,8 @@ static const struct security_assessor security_assessor_table[] = {
{
.id = "CapabilityBoundingSet=~CAP_BPF",
.json_field = "CapabilityBoundingSet_CAP_BPF",
- .description_good = "Service may load BPF programs",
- .description_bad = "Service may not load BPF programs",
+ .description_good = "Service may not load BPF programs",
+ .description_bad = "Service may load BPF programs",
.url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=",
.weight = 25,
.range = 1,
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-02 04:17:36 +0000