Jan Alexander Steffens
5c532afbaa
5.5.1.arch1-1: Enable INTEL_IOMMU_DEFAULT_ON
...
IOMMU is important for security in systems using PCI bridges (e.g.
Thunderbolt, USB4) or other means of DMA from potentially untrusted
devices (e.g. FireWire). It's also used to safely pass devices into VMs.
Enable it by default. It can still be disabled at boot using
intel_iommu=off. intel_iommu=igfx_off is also available to exclude just
the iGPU.
2020-02-01 17:53:24 +00:00
Jan Alexander Steffens
727d1e1d47
5.5.arch1-1
2020-01-27 22:28:27 +00:00
Jan Alexander Steffens
9b0026f12a
5.4.15.arch1-1
2020-01-26 10:12:29 +00:00
Jan Alexander Steffens
2231922647
5.4.13.arch1-1
2020-01-17 23:41:56 +00:00
Jan Alexander Steffens
91d5b604de
FS#62384: Enable BPF_KPROBE_OVERRIDE
...
https://bugs.archlinux.org/task/62384
2020-01-17 23:41:55 +00:00
Jan Alexander Steffens
5ac0903843
5.4.7.arch1-1
2019-12-31 17:50:17 +00:00
Jan Alexander Steffens
f3603dadd9
Disable SND_HDA_INTEL_DETECT_DMIC
...
It's not ready; the drivers that are supposed to step in when
snd-hda-intel aborts probing aren't working yet. v5.5 will have a better
solution for driver selection, anyway.
2019-12-13 11:34:25 +00:00
Jan Alexander Steffens
3ead601c9d
5.4.1.arch1-1
2019-11-29 14:56:15 +00:00
Jan Alexander Steffens
196a2934c5
Disable RMI4_F54
...
Doesn't crash now, but still pretty useless.
- V4L device still confuses applications.
- Reading a sensor image makes the touchpad unusable as an input
device until it is power-cycled.
2019-11-27 20:28:02 +00:00
Jan Alexander Steffens
97381f5f19
Enable SND_HDA_INTEL_DETECT_DMIC
...
Now that we have SOF, let it handle systems with DMICs.
2019-11-27 20:28:01 +00:00
Jan Alexander Steffens
426a33d8ae
FS#63464: Disable misbehaving SOF drivers
...
Reading the changes made at
https://github.com/thesofproject/linux/pull/1382/files
2019-11-27 20:27:58 +00:00
Jan Alexander Steffens
d27c858681
5.4.arch1-1
2019-11-25 23:56:20 +00:00
Jan Alexander Steffens
c189ce4263
Enable INIT_ON_ALLOC_DEFAULT_ON
...
https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
2019-11-18 21:33:26 +00:00
Jan Alexander Steffens
cad3b7156f
5.3.11.1-1
2019-11-12 23:21:40 +00:00
Jan Alexander Steffens
44420b8b15
Disable full dynticks
2019-11-03 14:24:59 +00:00
Jan Alexander Steffens
aa190d3c60
Disable some stray Freescale audio modules
2019-11-03 14:24:58 +00:00
Jan Alexander Steffens
35f8455e06
FS#64302: Disable Google SMI
...
Crashes on various non-Google Chromebooks and Coreboot-using laptops
like Librem and reflashed ThinkPads.
2019-11-03 10:45:25 +00:00
Jan Alexander Steffens
a53987ae76
FS#63464: Disable Sound Open Firmware
...
We don't ship any firmware files (yet) and the drivers can be loaded
in preference to the SST drivers, which we do have firmware for.
2019-11-02 08:23:45 +00:00
Jan Alexander Steffens
b204fb2896
Disable CONFIG_RMI4_F54
...
The V4L touch device created is buggy, causing userspace applications
(PipeWire) to behave badly and even kernel panics when running
v4l2-compliance -t 0 -s 1
2019-10-31 15:11:37 +00:00
Jan Alexander Steffens
3f306c2e10
FS#55784 enable google modules
2019-10-19 14:01:12 +00:00
Jan Alexander Steffens
964e000a29
5.3.2.arch2-1
2019-10-04 00:16:59 +00:00
Jan Alexander Steffens
be16067dd6
Enable SUNRPC_DISABLE_INSECURE_ENCTYPES
2019-10-03 14:51:04 +00:00
Jan Alexander Steffens
bd82bdc99a
5.3.arch1-1
2019-09-16 04:19:09 +00:00
Jan Alexander Steffens
92f97e2c06
5.2.10.arch1-1
2019-08-25 18:27:22 +00:00
Jan Alexander Steffens
ec7e9200bb
5.2.5.arch1-1
2019-07-31 09:05:53 +00:00
Jan Alexander Steffens
c75fb07643
FS#62432: Disable FW_LOADER_USER_HELPER
2019-07-30 21:04:09 +00:00
Jan Alexander Steffens
439e5a0af4
5.2.2.arch1-1: Disable stackleak; shows up in perf as 6-7% overhead
2019-07-21 19:43:40 +00:00
Jan Alexander Steffens
53d0c2511a
5.2.1.arch1-1
2019-07-14 21:46:06 +00:00
Jan Alexander Steffens
e77150c276
Enable stackleak
2019-07-10 15:18:09 +00:00
Jan Alexander Steffens
0471ab33d5
5.2.arch2-1
2019-07-09 04:10:19 +00:00
Jan Alexander Steffens
c8269e7394
Update config
2019-06-24 07:28:51 +00:00
Jan Alexander Steffens
6621446c2d
5.1.8.arch1-1
2019-06-09 21:32:47 +00:00
Jan Alexander Steffens
10505f2f9b
Disable integrity, enable safesetid, only load yama by default
2019-05-07 20:04:22 +00:00
Jan Alexander Steffens
78a111327b
5.1.arch1-1
2019-05-06 23:33:26 +00:00
Jan Alexander Steffens
f84d330b5f
5.0.10.arch1-1
2019-04-27 22:09:22 +00:00
Jan Alexander Steffens
b16b08b24a
FS#42910: Enable TOMOYO and SMACK
2019-04-09 21:53:11 +00:00
Jan Alexander Steffens
bcf602c7ae
5.0.arch1-1
2019-03-04 15:36:14 +00:00
Jan Alexander Steffens
6d64c139ef
4.20.3.arch1-1
2019-01-17 00:31:30 +00:00
Jan Alexander Steffens
fdbdebf5f1
4.20.1.arch1-1
2019-01-10 04:59:02 +00:00
Jan Alexander Steffens
4810e21851
4.20.arch1-1
2018-12-24 04:08:00 +00:00
Jan Alexander Steffens
03525e64df
FS#60879: Enable CONFIG_IEEE802154_HWSIM
2018-12-09 23:10:36 +00:00
Jan Alexander Steffens
bb9d85deef
4.19.7.arch1-1
2018-12-05 21:55:32 +00:00
Jan Alexander Steffens
21df49f85d
4.19.3.arch1-1
2018-11-22 07:41:48 +00:00
Jan Alexander Steffens
9036d47c87
FS#53288: Add GVRP
2018-11-20 22:04:33 +00:00
Jan Alexander Steffens
d00e2383fc
4.19.2.arch1-1
2018-11-13 22:29:23 +00:00
Jan Alexander Steffens
b1f5dbdf27
4.19.1.arch1-1
2018-11-04 17:56:31 +00:00
Jan Alexander Steffens
b966f6d713
FS#60614: Enable Block-MQ by default
2018-11-04 16:36:58 +00:00
Jan Alexander Steffens
757573dfbc
FS#57408: Reenable 16-bit support
2018-11-03 08:52:15 +00:00
Jan Alexander Steffens
cf354551c2
Disable RANDOM_TRUST_CPU and IOMMU_DEBUGFS
2018-10-29 21:35:18 +00:00
Jan Alexander Steffens
19c2451141
FS#60520 Enable LEDS_SYSCON
2018-10-26 19:04:33 +00:00