Optimize platform expressions in bootloader-grub2 group

The bootloader-grub2 group contains multiple different platform
expressions. However, all of them are related to grub2 and all of them
should be applicable for bootable container, therefore, the platform can
be set on the group level in group.yml to `grub2 and system_with_kernel`.
Setting the platform on the group level allows us to simplify platform
expressions in individual rules. Most of them that only set platform
to `machine` or to `system_with_kernel` can be removed completely.

linux_os/guide/system/bootloader-grub2/group.yml

@@ -15,4 +15,4 @@ description: |-
     with a password and ensure its configuration file's permissions
     are set properly.
 
-platform: grub2
+platform: grub2 and system_with_kernel

linux_os/guide/system/bootloader-grub2/grub2_disable_recovery/rule.yml

@@ -41,5 +41,3 @@ fixtext: |-
     Then, run the following command:
 
     $ sudo {{{ grub_command("update") }}}
-
-platform: grub2

linux_os/guide/system/bootloader-grub2/grub2_enable_iommu_force/rule.yml

@@ -20,7 +20,6 @@ identifiers:
     cce@sle12: CCE-91532-2
     cce@sle15: CCE-91217-0
 
-platform: system_with_kernel
 
 ocil_clause: 'I/OMMU is not activated'
 

linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml

@@ -24,7 +24,6 @@ ocil_clause: 'the kernel is not configured to zero out memory before allocation'
 ocil: |-
     {{{ ocil_grub2_argument("init_on_alloc=1") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml

@@ -46,7 +46,6 @@ ocil: |-
     the kernel, check that the option is configured through boot parameter.
     {{{ ocil_grub2_argument("random.trust_cpu=on") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_l1tf_argument/rule.yml

@@ -36,7 +36,6 @@ ocil_clause: 'l1tf mitigations are not configured appropriately'
 ocil: |-
     {{{ ocil_grub2_argument("l1tf=" + xccdf_value("var_l1tf_options")) | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_mce_argument/rule.yml

@@ -29,7 +29,6 @@ ocil_clause: 'MCE tolerance is not set to zero'
 ocil: |-
     {{{ ocil_grub2_argument("mce=0") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml

@@ -47,7 +47,6 @@ ocil_clause: 'MDS mitigations are not configured appropriately'
 ocil: |-
     {{{ ocil_grub2_argument("mds=" + xccdf_value(var_mds_options)) | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_mitigation_argument/rule.yml

@@ -24,7 +24,6 @@ references:
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010424
 
-platform: system_with_kernel
 
 ocil_clause: 'mitigations is set to off'
 

linux_os/guide/system/bootloader-grub2/grub2_nosmap_argument_absent/rule.yml

@@ -34,7 +34,6 @@ ocil: |-
     <pre>grep -q nosmap /boot/config-`uname -r`</pre>
     If the command returns a line, it means that SMAP is being disabled.
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument_absent

linux_os/guide/system/bootloader-grub2/grub2_nosmep_argument_absent/rule.yml

@@ -34,7 +34,6 @@ ocil: |-
     <pre>grep -q nosmep /boot/config-`uname -r`</pre>
     If the command returns a line, it means that SMEP is being disabled.
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument_absent

linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml

@@ -31,7 +31,6 @@ ocil_clause: 'randomization of the page allocator is not enabled in the kernel'
 ocil: |-
     {{{ ocil_grub2_argument("page_alloc.shuffle=1") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml

@@ -34,7 +34,6 @@ ocil_clause: 'Kernel page-table isolation is not enabled'
 ocil: |-
     {{{ ocil_grub2_argument("pti=on") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_rng_core_default_quality_argument/rule.yml

@@ -37,7 +37,6 @@ ocil_clause: 'trust on hardware random number generator is not configured approp
 ocil: |-
     {{{ ocil_grub2_argument("rng_core.default_quality=" + xccdf_value("var_rng_core_default_quality")) | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_slab_nomerge_argument/rule.yml

@@ -35,7 +35,6 @@ ocil_clause: 'merging of slabs with similar size is enabled'
 ocil: |-
     {{{ ocil_grub2_argument("slab_nomerge=yes") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_spec_store_bypass_disable_argument/rule.yml

@@ -39,7 +39,6 @@ ocil_clause: 'SSB is not configured appropriately'
 ocil: |-
     {{{ ocil_grub2_argument("spec_store_bypass_disable=" + xccdf_value("var_spec_store_bypass_disable_options")) | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_spectre_v2_argument/rule.yml

@@ -32,7 +32,6 @@ ocil_clause: 'spectre_v2 mitigation is not enforced'
 ocil: |-
     {{{ ocil_grub2_argument("spectre_v2=on") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/grub2_systemd_debug-shell_argument_absent/rule.yml

@@ -44,7 +44,6 @@ ocil: |-
 fixtext: |-
     {{{ fixtext_grub2_bootloader_argument_absent("debug-shell") | indent(4) }}}
 
-platform: system_with_kernel
 
 template:
     name: grub2_bootloader_argument_absent

linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml

@@ -33,7 +33,7 @@ ocil_clause: 'vsyscalls are enabled'
 ocil: |-
     {{{ ocil_grub2_argument("vsyscall=none") | indent(4) }}}
 
-platform: system_with_kernel and x86_64_arch
+platform: x86_64_arch
 
 template:
     name: grub2_bootloader_argument

linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml

@@ -50,7 +50,6 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}
 
 srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/grub.cfg", "root") }}}'
 
-platform: system_with_kernel
 
 template:
     name: file_groupowner

linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml

@@ -44,7 +44,6 @@ fixtext: '{{{ fixtext_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }}
 
 srg_requirement: '{{{ srg_requirement_file_group_owner(grub2_boot_path ~ "/user.cfg", "root") }}}'
 
-platform: machine
 
 template:
     name: file_groupowner

linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml

@@ -46,7 +46,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/grub.cfg", own
 ocil: |-
     {{{ ocil_file_owner(file=grub2_boot_path ~ "/grub.cfg", owner="root") }}}
 
-platform: system_with_kernel
 
 template:
     name: file_owner

linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml

@@ -39,7 +39,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_boot_path ~ "/user.cfg", own
 ocil: |-
     {{{ ocil_file_owner(file=grub2_boot_path ~ "/user.cfg", owner="root") }}}
 
-platform: machine
 
 template:
     name: file_owner

linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml

@@ -46,7 +46,6 @@ ocil: |-
     If properly configured, the output should indicate the following
     permissions: <tt>-rw-------</tt>
 
-platform: system_with_kernel
 
 template:
     name: file_permissions

linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml

@@ -35,7 +35,6 @@ ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_boot_path ~ "/user.cfg
 ocil: |-
     {{{ ocil_file_permissions(file=grub2_boot_path ~ "/user.cfg", perms="-rw-------") }}}
 
-platform: machine
 
 template:
     name: file_permissions

linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml

@@ -68,7 +68,6 @@ warnings:
         Also, do NOT manually add the superuser account and password to the
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
 
-platform: machine
 
 fixtext: |-
     Configure {{{ full_name }}} to have a unique username for the grub superuser account.

linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml

@@ -38,4 +38,3 @@ ocil: |-
     media which should not exist in the lines:
     <pre>set root='hd0,msdos1'</pre>
 
-platform: machine

linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml

@@ -92,7 +92,6 @@ warnings:
         Also, do NOT manually add the superuser account and password to the
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
 
-platform: machine
 
 fixtext: |-
     Configure {{{ full_name }}} to require a grub bootloader password for the grub superuser account.

linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password_legacy/rule.yml

@@ -51,4 +51,3 @@ warnings:
         Also, do NOT manually add the superuser account and password to the
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
 
-platform: system_with_kernel

linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml

@@ -38,7 +38,6 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file=grub2_uefi_boot_path ~ "/gru
 ocil: |-
     {{{ ocil_file_group_owner(file=grub2_uefi_boot_path ~ "/grub.cfg", group="root") }}}
 
-platform: machine
 
 template:
     name: file_groupowner

linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml

@@ -38,7 +38,6 @@ ocil_clause: '{{{ ocil_clause_file_group_owner(file=grub2_uefi_boot_path ~ "/use
 ocil: |-
     {{{ ocil_file_group_owner(file=grub2_uefi_boot_path ~ "/user.cfg", group="root") }}}
 
-platform: machine
 
 template:
     name: file_groupowner

linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml

@@ -36,7 +36,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_uefi_boot_path ~ "/grub.cfg"
 ocil: |-
     {{{ ocil_file_owner(file=grub2_uefi_boot_path ~ "/grub.cfg", owner="root") }}}
 
-platform: machine
 
 template:
     name: file_owner

linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_user_cfg/rule.yml

@@ -38,7 +38,6 @@ ocil_clause: '{{{ ocil_clause_file_owner(file=grub2_uefi_boot_path ~ "/user.cfg"
 ocil: |-
     {{{ ocil_file_owner(file=grub2_uefi_boot_path ~ "/user.cfg", owner="root") }}}
 
-platform: machine
 
 template:
     name: file_owner

linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml

@@ -38,7 +38,6 @@ ocil: |-
     If properly configured, the output should indicate the following
     permissions: <tt>-rwx------</tt>
 
-platform: machine
 
 template:
     name: file_permissions

linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml

@@ -35,7 +35,6 @@ ocil_clause: '{{{ ocil_clause_file_permissions(file=grub2_uefi_boot_path ~ "/use
 ocil: |-
     {{{ ocil_file_permissions(file=grub2_uefi_boot_path ~ "/user.cfg", perms="-rw-------") }}}
 
-platform: machine
 
 template:
     name: file_permissions

linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml

@@ -69,7 +69,6 @@ warnings:
         Also, do NOT manually add the superuser account and password to the
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
 
-platform: machine
 
 fixtext: |-
     Configure {{{ full_name }}} to have a unique username for the grub superuser account.

linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml

@@ -93,7 +93,6 @@ warnings:
         Also, do NOT manually add the superuser account and password to the
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
 
-platform: system_with_kernel
 
 fixtext: |-
     Configure {{{ full_name }}} to use a secure UEFI boot loader password.

linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password_legacy/rule.yml

@@ -50,4 +50,3 @@ warnings:
         Also, do NOT manually add the superuser account and password to the
         <tt>grub.cfg</tt> file as the grub2-mkconfig command overwrites this file.
 
-platform: machine

linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml

@@ -38,4 +38,3 @@ ocil: |-
     media which should not exist in the lines:
     <pre>set root='hd0,msdos1'</pre>
 
-platform: machine