Hesham/linux-hwg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,360 Commits 1 Branch 0 Tags 1.7 MiB
main
Commit Graph

487 Commits

Author SHA1 Message Date
Jan Alexander Steffens
b355555335 5.19.11.arch1-1 2022-09-24 19:32:48 +00:00
Jan Alexander Steffens
07add5cd3c Enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING 
As requested by Christian, for systemd.
 2022-09-24 19:32:46 +00:00
Jan Alexander Steffens
f9f29d5a1b 5.19.6.arch1-1 2022-08-31 22:49:58 +00:00
Jan Alexander Steffens
a761030c6f 5.19.4.arch1-1 2022-08-25 18:22:09 +00:00
Jan Alexander Steffens
72311cf099 5.19.2.arch1-1 2022-08-17 14:28:21 +00:00
Jan Alexander Steffens
cab15f6f84 5.19.1.arch1-1 2022-08-11 16:00:06 +00:00
Jan Alexander Steffens
2db71c5777 Enable NO_HZ_FULL 
There is reportedly no (longer) significant overhead to this when it is
not enabled at runtime, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804857#66
 2022-08-06 22:11:33 +00:00
Jan Alexander Steffens
44548c4424 FS#74953: Reenable I8K 2022-08-06 22:11:31 +00:00
Jan Alexander Steffens
2e407d05f4 5.19.arch1-1 2022-08-06 14:08:01 +00:00
Jan Alexander Steffens
1e93cf5d3a 5.18.16.arch1-1 2022-08-03 12:00:00 +00:00
Jan Alexander Steffens
94d0ee92f2 FS#74975: Enable MEMTEST 2022-07-31 14:38:59 +00:00
Jan Alexander Steffens
0d5a58dc37 5.18.14.arch1-1 2022-07-23 12:28:24 +00:00
Jan Alexander Steffens
af075e3dca 5.18.6.arch1-1 2022-06-22 18:43:35 +00:00
Jan Alexander Steffens
5f3729800f FS#75102: Add integrity to LSM 
This only initializes a cache which is used by IMA. So it does nothing
useful. Still, we technically have the integrity LSM and this removes a
footgun should IMA ever get enabled.
 2022-06-19 20:12:32 +00:00
Jan Alexander Steffens
2e8ca45bc9 FS#75102: Enable KEXEC_SIG 2022-06-19 20:12:32 +00:00
Jan Alexander Steffens
1eaae5d53f FS#75102: Revert "Enable KEXEC_SIG and IMA" 
Enabling IMA makes it impossible to load unsigned kernel modules when
secure boot is in use, and without shim in the boot you can't get the
kernel to trust a local key for module signing.

This reverts commit 6a241232a3275ef3e314b5b7167e13fffff71282.
 2022-06-19 20:12:31 +00:00
Jan Alexander Steffens
0724b8895c FS#75102: Enable KEXEC_SIG and IMA 2022-06-19 19:23:48 +00:00
Jan Alexander Steffens
b3c8c8615f 5.18.5.arch1-1 2022-06-16 21:18:19 +00:00
Jan Alexander Steffens
a0899d416d Disable PECI 
As requested by Levente. Only useful for kernels running on baseboard
management controllers.
 2022-06-16 21:18:17 +00:00
Jan Alexander Steffens
218d2a950d 5.18.4.arch1-1 2022-06-15 23:42:51 +00:00
Jan Alexander Steffens
5bd573c89e FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related 2022-06-15 23:42:48 +00:00
Jan Alexander Steffens
e29a800771 5.18.3.arch1-1 2022-06-09 17:20:22 +00:00
Jan Alexander Steffens
3aa8dd1c85 5.18.1.arch1-1 2022-05-30 18:31:45 +00:00
Jan Alexander Steffens
f11429d842 FS#74888: Enable BLOCK_LEGACY_AUTOLOAD 
Disabling this broke legacy mdraid setups.

See: https://lore.kernel.org/linux-block/20220503212848.5853-1-dmoulding@me.com/
 2022-05-30 18:31:42 +00:00
Jan Alexander Steffens
1cc50e39e6 5.18.arch1-1 2022-05-24 22:34:17 +00:00
Jan Alexander Steffens
231862cf72 5.17.6.arch1-1 2022-05-10 23:31:11 +00:00
Jan Alexander Steffens
0c61251a1e 5.17.5.arch1-1 2022-04-27 21:57:26 +00:00
Jan Alexander Steffens
ee2af8ec43 5.17.4.arch1-1 2022-04-20 19:02:04 +00:00
Jan Alexander Steffens
2d3dd3bff0 5.17.2.arch1-1 2022-04-08 18:11:24 +00:00
Jan Alexander Steffens
d60d23d3e0 FS#74291: Reenable FRAMEBUFFER_CONSOLE_ROTATION 2022-04-01 16:10:30 +00:00
Jan Alexander Steffens
8dc941a8b3 FS#68021, FS#74271: Return nvme to a module 2022-03-30 20:34:27 +00:00
Jan Alexander Steffens
03fa74e628 FS#74203: Disable SYSFB_SIMPLEFB 2022-03-28 21:54:43 +00:00
Jan Alexander Steffens
432adf96db 5.17.arch1-1 2022-03-23 00:44:26 +00:00
Jan Alexander Steffens
997a6a8651 5.16.14.arch1-1 2022-03-11 18:29:09 +00:00
Jan Alexander Steffens
ccba33df68 Enable BPF_UNPRIV_DEFAULT_OFF 
This config was enabled by default in v5.15 and we should follow that.
 2022-03-09 16:09:34 +00:00
Jan Alexander Steffens
4f1d39f328 5.16.13.arch1-1 2022-03-08 20:36:10 +00:00
Jan Alexander Steffens
74147130fa 5.16.9.arch1-1 2022-02-11 23:14:13 +00:00
Jan Alexander Steffens
a4414373de FS#73364: Enable DAMON 2022-02-11 23:14:12 +00:00
Jan Alexander Steffens
eb92849ce1 5.16.8.arch1-1 2022-02-08 21:56:54 +00:00
Jan Alexander Steffens
659df960bd FS#72597: Disable ZERO_CALL_USED_REGS 
Too much overhead.
 2022-02-07 18:29:34 +00:00
Jan Alexander Steffens
6376eaf60e 5.16.arch1-1 2022-01-10 21:15:58 +00:00
Jan Alexander Steffens
992dd34d40 5.15.12.arch1-1 2021-12-29 13:06:04 +00:00
Jan Alexander Steffens
38f90fdbe5 5.15.9.arch1-1 2021-12-17 00:17:27 +00:00
Jan Alexander Steffens
f6654f361c FS#69505: Replace MTD_RAM with MTD_MTDRAM 
The latter is what was actually wanted.
 2021-12-16 03:14:31 +00:00
Jan Alexander Steffens
6fdf85f792 5.15.5.arch1-1 2021-11-25 22:53:04 +00:00
Jan Alexander Steffens
90addb77b2 5.15.3.arch1-1 2021-11-18 22:55:52 +00:00
Jan Alexander Steffens
87b96ed160 5.15.2.arch1-1 2021-11-12 20:28:54 +00:00
Jan Alexander Steffens
741b99dce1 FS#72645: Disable SYSFB_SIMPLEFB 2021-11-12 20:28:52 +00:00
Jan Alexander Steffens
e55609718b FS#72658: Reenable built-in FB drivers 2021-11-09 17:09:57 +00:00
Jan Alexander Steffens
911177d3df Disable WERROR 
Also leaks into external module builds.
 2021-11-03 23:30:53 +00:00
Jan Alexander Steffens
78d0321a90 Set SYSFB_SIMPLEFB=y and SIMPLEDRM=y, disable legacy FB drivers 2021-11-03 23:30:52 +00:00
Jan Alexander Steffens
62812fc5b4 5.15.arch1-1 2021-11-03 23:30:51 +00:00
Jan Alexander Steffens
2072b4db95 5.14.12.arch1-1 2021-10-13 17:35:24 +00:00
Jan Alexander Steffens
4325d1b2ad 5.14.10.arch1-1 2021-10-07 20:32:54 +00:00
Jan Alexander Steffens
2ef0ab9184 Disable SND_INTEL_BYT_PREFER_SOF 
As requested by Jelle.
 2021-10-06 22:08:56 +00:00
Jan Alexander Steffens
595a15167b 5.14.8.arch1-1 2021-09-26 20:22:35 +00:00
Jan Alexander Steffens
045bfb719c FS#72195: Disable FB_HYPERV 2021-09-26 20:22:33 +00:00
Jan Alexander Steffens
6f0e13bf09 5.14.4.arch1-1 2021-09-15 22:24:27 +00:00
Jan Alexander Steffens
25de7a333b FS#72045: Disable WATCHDOG_HRTIMER_PRETIMEOUT 2021-09-09 10:30:52 +00:00
Jan Alexander Steffens
ca05999be5 Enable EDAC_IGEN6 
This was overlooked.
 2021-09-03 21:24:30 +00:00
Jan Alexander Steffens
18427d86c6 5.14.1.arch1-1 2021-09-03 21:04:16 +00:00
Jan Alexander Steffens
d73ac85acb 5.13.13.arch1-1 2021-08-26 19:48:22 +00:00
Jan Alexander Steffens
738226335f 5.13.12.arch1-1 2021-08-18 21:30:22 +00:00
Jan Alexander Steffens
c21ba89cc1 Set KFENCE_SAMPLE_INTERVAL back to 100 
As requested by Levente. The power issues should be solved by now.
 2021-08-18 21:30:21 +00:00
Jan Alexander Steffens
fb8eb1c560 Enable RANDOMIZE_KSTACK_OFFSET_DEFAULT 
Additional hardening at a minimal cost, as requested by Levente.
 2021-08-18 21:30:17 +00:00
Jan Alexander Steffens
5e6049790e 5.13.9.arch1-1 2021-08-08 12:14:43 +00:00
David Runge
2589876818 Upgrade to 5.13.4.arch1. 
PKGBUILD:
Add C7E7849466FE2358343588377258734B41C31549 as additional recognized valid PGP
key, as heftig might not be able to prepare releases and package for a while.

config:
Consolidate with defaults for 5.13.4 based on previous config.
Update CONFIG_LSM to order landlock before lockdown and re-add bpf, as the
issue discussed in https://bugs.archlinux.org/task/71270 seems to have been a
user-error (using obsolete kernel parameters).
 2021-07-20 17:34:49 +00:00
Jan Alexander Steffens
fd38ec001c 5.13.1.arch1-1 2021-07-10 00:23:52 +00:00
Jan Alexander Steffens
4aa90295a0 5.12.14.arch1-1 2021-07-01 07:57:45 +00:00
Jan Alexander Steffens
65eddc1dfd FS#71325: Enable SPI_INTEL_SPI again 2021-06-25 23:47:16 +00:00
Jan Alexander Steffens
9bff7b52e3 5.12.13.arch1-1 2021-06-23 17:14:01 +00:00
Jan Alexander Steffens
38bd62e40b FS#71296: Enable DEBUG_LIST 2021-06-20 19:20:20 +00:00
Jan Alexander Steffens
e7d5c4d89c 5.12.11.arch1-1 2021-06-16 22:13:35 +00:00
Jan Alexander Steffens
d7bf404c33 FS#71270: Don't enable "bpf" LSM by default 
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
 2021-06-16 22:13:34 +00:00
Jan Alexander Steffens
b7f14e1a69 5.12.8.arch1-1 2021-05-28 21:05:54 +00:00
Jan Alexander Steffens
99703861e1 FS#69505: Enable MTD_ROM 2021-05-27 19:39:55 +00:00
Jan Alexander Steffens
2a8704f5e1 Set KFENCE_SAMPLE_INTERVAL to 0 
Turns off KFENCE by default, as requested by Levente. There are power
use issues, see
https://lore.kernel.org/linux-mm/20210421105132.3965998-1-elver@google.com/
 2021-05-15 21:38:29 +00:00
Jan Alexander Steffens
1646eced3b Enable DEBUG_INFO_DWARF4 
Required for BTF to work with GCC 11.
 2021-05-15 21:38:27 +00:00
Jan Alexander Steffens
cc87e6b052 5.12.2.arch1-1 2021-05-07 16:08:11 +00:00
Jan Alexander Steffens
db81b3eea9 FS#70742: Enable MTD_NAND_ECC_* 2021-05-07 16:08:09 +00:00
Jan Alexander Steffens
621ea2d08c 5.12.1.arch1-1 2021-05-02 13:41:41 +00:00
Jan Alexander Steffens
7f6df05917 Turn on KFENCE by default 
As requested by Levente.
 2021-05-02 13:41:40 +00:00
Jan Alexander Steffens
b03b4f7e6f 5.12.arch1-1 2021-04-26 21:33:26 +00:00
Jan Alexander Steffens
d71e920034 5.11.16.arch1-1 2021-04-21 20:39:28 +00:00
Jan Alexander Steffens
62782a577d FS#69181: Enable FB_UVESA 2021-04-21 20:39:27 +00:00
Jan Alexander Steffens
0d66f76ec1 FS#68698: Enable HID_SENSOR_CUSTOM_SENSOR 2021-04-21 20:39:26 +00:00
Jan Alexander Steffens
6f3f90e76b FS#69505: Enable MTD_RAM 2021-04-21 20:39:22 +00:00
Jan Alexander Steffens
85750f85be Revert "Enable LOAD_UEFI_KEYS" 
It didn't help secure dkms modules like we thought it would.
 2021-04-17 00:56:34 +00:00
Jan Alexander Steffens
4e15a9f945 5.11.15.arch1-1 2021-04-16 12:28:14 +00:00
Jan Alexander Steffens
9a383dc10f Enable LOAD_UEFI_KEYS 
https://bbs.archlinux.org/viewtopic.php?pid=1861193#p1861193

Requested by Foxboron.
 2021-04-16 12:28:12 +00:00
Jan Alexander Steffens
46d00c9794 5.11.13.arch1-1 2021-04-10 21:25:36 +00:00
Jan Alexander Steffens
44305ad48b FS#70375: Disable BT_HS 2021-04-09 18:49:50 +00:00
Jan Alexander Steffens
3272234053 FS#70384: Return atkbd to a module 2021-04-09 14:49:24 +00:00
Jan Alexander Steffens
eac563f39e 5.11.12.arch1-1 2021-04-07 22:37:33 +00:00
Jan Alexander Steffens
56380b3e43 FS#70299: Enable IDLE_PAGE_TRACKING 2021-04-05 12:50:09 +00:00
Jan Alexander Steffens
e74e4210d3 5.11.11.arch1-1 2021-03-30 14:47:29 +00:00
Jan Alexander Steffens
f99611e296 FS#69441: Revert "Disable USB gadget support" 2021-03-30 14:47:28 +00:00
Jan Alexander Steffens
ca32941726 5.11.9.arch1-1 2021-03-24 19:28:05 +00:00
Jan Alexander Steffens
d014a88b5b FS#70140: Enable EFI_VARS_PSTORE_DEFAULT_DISABLE 2021-03-24 19:28:03 +00:00
Jan Alexander Steffens
364d5e5432 5.11.8.arch1-1 2021-03-21 02:30:21 +00:00