Hesham/linux-hwg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
890 Commits 1 Branch 0 Tags 1.7 MiB
5c532afbaa
Commit Graph

275 Commits

Author SHA1 Message Date
Jan Alexander Steffens
5c532afbaa 5.5.1.arch1-1: Enable INTEL_IOMMU_DEFAULT_ON 
IOMMU is important for security in systems using PCI bridges (e.g.
Thunderbolt, USB4) or other means of DMA from potentially untrusted
devices (e.g. FireWire). It's also used to safely pass devices into VMs.

Enable it by default. It can still be disabled at boot using
intel_iommu=off. intel_iommu=igfx_off is also available to exclude just
the iGPU.
 2020-02-01 17:53:24 +00:00
Jan Alexander Steffens
727d1e1d47 5.5.arch1-1 2020-01-27 22:28:27 +00:00
Jan Alexander Steffens
9b0026f12a 5.4.15.arch1-1 2020-01-26 10:12:29 +00:00
Jan Alexander Steffens
2231922647 5.4.13.arch1-1 2020-01-17 23:41:56 +00:00
Jan Alexander Steffens
91d5b604de FS#62384: Enable BPF_KPROBE_OVERRIDE 
https://bugs.archlinux.org/task/62384
 2020-01-17 23:41:55 +00:00
Jan Alexander Steffens
5ac0903843 5.4.7.arch1-1 2019-12-31 17:50:17 +00:00
Jan Alexander Steffens
f3603dadd9 Disable SND_HDA_INTEL_DETECT_DMIC 
It's not ready; the drivers that are supposed to step in when
snd-hda-intel aborts probing aren't working yet. v5.5 will have a better
solution for driver selection, anyway.
 2019-12-13 11:34:25 +00:00
Jan Alexander Steffens
3ead601c9d 5.4.1.arch1-1 2019-11-29 14:56:15 +00:00
Jan Alexander Steffens
196a2934c5 Disable RMI4_F54 
Doesn't crash now, but still pretty useless.
  - V4L device still confuses applications.
  - Reading a sensor image makes the touchpad unusable as an input
    device until it is power-cycled.
 2019-11-27 20:28:02 +00:00
Jan Alexander Steffens
97381f5f19 Enable SND_HDA_INTEL_DETECT_DMIC 
Now that we have SOF, let it handle systems with DMICs.
 2019-11-27 20:28:01 +00:00
Jan Alexander Steffens
426a33d8ae FS#63464: Disable misbehaving SOF drivers 
Reading the changes made at
https://github.com/thesofproject/linux/pull/1382/files
 2019-11-27 20:27:58 +00:00
Jan Alexander Steffens
d27c858681 5.4.arch1-1 2019-11-25 23:56:20 +00:00
Jan Alexander Steffens
c189ce4263 Enable INIT_ON_ALLOC_DEFAULT_ON 
https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
 2019-11-18 21:33:26 +00:00
Jan Alexander Steffens
cad3b7156f 5.3.11.1-1 2019-11-12 23:21:40 +00:00
Jan Alexander Steffens
44420b8b15 Disable full dynticks 2019-11-03 14:24:59 +00:00
Jan Alexander Steffens
aa190d3c60 Disable some stray Freescale audio modules 2019-11-03 14:24:58 +00:00
Jan Alexander Steffens
35f8455e06 FS#64302: Disable Google SMI 
Crashes on various non-Google Chromebooks and Coreboot-using laptops
like Librem and reflashed ThinkPads.
 2019-11-03 10:45:25 +00:00
Jan Alexander Steffens
a53987ae76 FS#63464: Disable Sound Open Firmware 
We don't ship any firmware files (yet) and the drivers can be loaded
in preference to the SST drivers, which we do have firmware for.
 2019-11-02 08:23:45 +00:00
Jan Alexander Steffens
b204fb2896 Disable CONFIG_RMI4_F54 
The V4L touch device created is buggy, causing userspace applications
(PipeWire) to behave badly and even kernel panics when running

    v4l2-compliance -t 0 -s 1
 2019-10-31 15:11:37 +00:00
Jan Alexander Steffens
3f306c2e10 FS#55784 enable google modules 2019-10-19 14:01:12 +00:00
Jan Alexander Steffens
964e000a29 5.3.2.arch2-1 2019-10-04 00:16:59 +00:00
Jan Alexander Steffens
be16067dd6 Enable SUNRPC_DISABLE_INSECURE_ENCTYPES 2019-10-03 14:51:04 +00:00
Jan Alexander Steffens
bd82bdc99a 5.3.arch1-1 2019-09-16 04:19:09 +00:00
Jan Alexander Steffens
92f97e2c06 5.2.10.arch1-1 2019-08-25 18:27:22 +00:00
Jan Alexander Steffens
ec7e9200bb 5.2.5.arch1-1 2019-07-31 09:05:53 +00:00
Jan Alexander Steffens
c75fb07643 FS#62432: Disable FW_LOADER_USER_HELPER 2019-07-30 21:04:09 +00:00
Jan Alexander Steffens
439e5a0af4 5.2.2.arch1-1: Disable stackleak; shows up in perf as 6-7% overhead 2019-07-21 19:43:40 +00:00
Jan Alexander Steffens
53d0c2511a 5.2.1.arch1-1 2019-07-14 21:46:06 +00:00
Jan Alexander Steffens
e77150c276 Enable stackleak 2019-07-10 15:18:09 +00:00
Jan Alexander Steffens
0471ab33d5 5.2.arch2-1 2019-07-09 04:10:19 +00:00
Jan Alexander Steffens
c8269e7394 Update config 2019-06-24 07:28:51 +00:00
Jan Alexander Steffens
6621446c2d 5.1.8.arch1-1 2019-06-09 21:32:47 +00:00
Jan Alexander Steffens
10505f2f9b Disable integrity, enable safesetid, only load yama by default 2019-05-07 20:04:22 +00:00
Jan Alexander Steffens
78a111327b 5.1.arch1-1 2019-05-06 23:33:26 +00:00
Jan Alexander Steffens
f84d330b5f 5.0.10.arch1-1 2019-04-27 22:09:22 +00:00
Jan Alexander Steffens
b16b08b24a FS#42910: Enable TOMOYO and SMACK 2019-04-09 21:53:11 +00:00
Jan Alexander Steffens
bcf602c7ae 5.0.arch1-1 2019-03-04 15:36:14 +00:00
Jan Alexander Steffens
6d64c139ef 4.20.3.arch1-1 2019-01-17 00:31:30 +00:00
Jan Alexander Steffens
fdbdebf5f1 4.20.1.arch1-1 2019-01-10 04:59:02 +00:00
Jan Alexander Steffens
4810e21851 4.20.arch1-1 2018-12-24 04:08:00 +00:00
Jan Alexander Steffens
03525e64df FS#60879: Enable CONFIG_IEEE802154_HWSIM 2018-12-09 23:10:36 +00:00
Jan Alexander Steffens
bb9d85deef 4.19.7.arch1-1 2018-12-05 21:55:32 +00:00
Jan Alexander Steffens
21df49f85d 4.19.3.arch1-1 2018-11-22 07:41:48 +00:00
Jan Alexander Steffens
9036d47c87 FS#53288: Add GVRP 2018-11-20 22:04:33 +00:00
Jan Alexander Steffens
d00e2383fc 4.19.2.arch1-1 2018-11-13 22:29:23 +00:00
Jan Alexander Steffens
b1f5dbdf27 4.19.1.arch1-1 2018-11-04 17:56:31 +00:00
Jan Alexander Steffens
b966f6d713 FS#60614: Enable Block-MQ by default 2018-11-04 16:36:58 +00:00
Jan Alexander Steffens
757573dfbc FS#57408: Reenable 16-bit support 2018-11-03 08:52:15 +00:00
Jan Alexander Steffens
cf354551c2 Disable RANDOM_TRUST_CPU and IOMMU_DEBUGFS 2018-10-29 21:35:18 +00:00
Jan Alexander Steffens
19c2451141 FS#60520 Enable LEDS_SYSCON 2018-10-26 19:04:33 +00:00