Commit Graph

469 Commits

Author SHA1 Message Date
Jan Alexander Steffens
a0899d416d Disable PECI
As requested by Levente. Only useful for kernels running on baseboard
management controllers.
2022-06-16 21:18:17 +00:00
Jan Alexander Steffens
218d2a950d 5.18.4.arch1-1 2022-06-15 23:42:51 +00:00
Jan Alexander Steffens
5bd573c89e FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related 2022-06-15 23:42:48 +00:00
Jan Alexander Steffens
e29a800771 5.18.3.arch1-1 2022-06-09 17:20:22 +00:00
Jan Alexander Steffens
3aa8dd1c85 5.18.1.arch1-1 2022-05-30 18:31:45 +00:00
Jan Alexander Steffens
f11429d842 FS#74888: Enable BLOCK_LEGACY_AUTOLOAD
Disabling this broke legacy mdraid setups.

See: https://lore.kernel.org/linux-block/20220503212848.5853-1-dmoulding@me.com/
2022-05-30 18:31:42 +00:00
Jan Alexander Steffens
1cc50e39e6 5.18.arch1-1 2022-05-24 22:34:17 +00:00
Jan Alexander Steffens
231862cf72 5.17.6.arch1-1 2022-05-10 23:31:11 +00:00
Jan Alexander Steffens
0c61251a1e 5.17.5.arch1-1 2022-04-27 21:57:26 +00:00
Jan Alexander Steffens
ee2af8ec43 5.17.4.arch1-1 2022-04-20 19:02:04 +00:00
Jan Alexander Steffens
2d3dd3bff0 5.17.2.arch1-1 2022-04-08 18:11:24 +00:00
Jan Alexander Steffens
d60d23d3e0 FS#74291: Reenable FRAMEBUFFER_CONSOLE_ROTATION 2022-04-01 16:10:30 +00:00
Jan Alexander Steffens
8dc941a8b3 FS#68021, FS#74271: Return nvme to a module 2022-03-30 20:34:27 +00:00
Jan Alexander Steffens
03fa74e628 FS#74203: Disable SYSFB_SIMPLEFB 2022-03-28 21:54:43 +00:00
Jan Alexander Steffens
432adf96db 5.17.arch1-1 2022-03-23 00:44:26 +00:00
Jan Alexander Steffens
997a6a8651 5.16.14.arch1-1 2022-03-11 18:29:09 +00:00
Jan Alexander Steffens
ccba33df68 Enable BPF_UNPRIV_DEFAULT_OFF
This config was enabled by default in v5.15 and we should follow that.
2022-03-09 16:09:34 +00:00
Jan Alexander Steffens
4f1d39f328 5.16.13.arch1-1 2022-03-08 20:36:10 +00:00
Jan Alexander Steffens
74147130fa 5.16.9.arch1-1 2022-02-11 23:14:13 +00:00
Jan Alexander Steffens
a4414373de FS#73364: Enable DAMON 2022-02-11 23:14:12 +00:00
Jan Alexander Steffens
eb92849ce1 5.16.8.arch1-1 2022-02-08 21:56:54 +00:00
Jan Alexander Steffens
659df960bd FS#72597: Disable ZERO_CALL_USED_REGS
Too much overhead.
2022-02-07 18:29:34 +00:00
Jan Alexander Steffens
6376eaf60e 5.16.arch1-1 2022-01-10 21:15:58 +00:00
Jan Alexander Steffens
992dd34d40 5.15.12.arch1-1 2021-12-29 13:06:04 +00:00
Jan Alexander Steffens
38f90fdbe5 5.15.9.arch1-1 2021-12-17 00:17:27 +00:00
Jan Alexander Steffens
f6654f361c FS#69505: Replace MTD_RAM with MTD_MTDRAM
The latter is what was actually wanted.
2021-12-16 03:14:31 +00:00
Jan Alexander Steffens
6fdf85f792 5.15.5.arch1-1 2021-11-25 22:53:04 +00:00
Jan Alexander Steffens
90addb77b2 5.15.3.arch1-1 2021-11-18 22:55:52 +00:00
Jan Alexander Steffens
87b96ed160 5.15.2.arch1-1 2021-11-12 20:28:54 +00:00
Jan Alexander Steffens
741b99dce1 FS#72645: Disable SYSFB_SIMPLEFB 2021-11-12 20:28:52 +00:00
Jan Alexander Steffens
e55609718b FS#72658: Reenable built-in FB drivers 2021-11-09 17:09:57 +00:00
Jan Alexander Steffens
911177d3df Disable WERROR
Also leaks into external module builds.
2021-11-03 23:30:53 +00:00
Jan Alexander Steffens
78d0321a90 Set SYSFB_SIMPLEFB=y and SIMPLEDRM=y, disable legacy FB drivers 2021-11-03 23:30:52 +00:00
Jan Alexander Steffens
62812fc5b4 5.15.arch1-1 2021-11-03 23:30:51 +00:00
Jan Alexander Steffens
2072b4db95 5.14.12.arch1-1 2021-10-13 17:35:24 +00:00
Jan Alexander Steffens
4325d1b2ad 5.14.10.arch1-1 2021-10-07 20:32:54 +00:00
Jan Alexander Steffens
2ef0ab9184 Disable SND_INTEL_BYT_PREFER_SOF
As requested by Jelle.
2021-10-06 22:08:56 +00:00
Jan Alexander Steffens
595a15167b 5.14.8.arch1-1 2021-09-26 20:22:35 +00:00
Jan Alexander Steffens
045bfb719c FS#72195: Disable FB_HYPERV 2021-09-26 20:22:33 +00:00
Jan Alexander Steffens
6f0e13bf09 5.14.4.arch1-1 2021-09-15 22:24:27 +00:00
Jan Alexander Steffens
25de7a333b FS#72045: Disable WATCHDOG_HRTIMER_PRETIMEOUT 2021-09-09 10:30:52 +00:00
Jan Alexander Steffens
ca05999be5 Enable EDAC_IGEN6
This was overlooked.
2021-09-03 21:24:30 +00:00
Jan Alexander Steffens
18427d86c6 5.14.1.arch1-1 2021-09-03 21:04:16 +00:00
Jan Alexander Steffens
d73ac85acb 5.13.13.arch1-1 2021-08-26 19:48:22 +00:00
Jan Alexander Steffens
738226335f 5.13.12.arch1-1 2021-08-18 21:30:22 +00:00
Jan Alexander Steffens
c21ba89cc1 Set KFENCE_SAMPLE_INTERVAL back to 100
As requested by Levente. The power issues should be solved by now.
2021-08-18 21:30:21 +00:00
Jan Alexander Steffens
fb8eb1c560 Enable RANDOMIZE_KSTACK_OFFSET_DEFAULT
Additional hardening at a minimal cost, as requested by Levente.
2021-08-18 21:30:17 +00:00
Jan Alexander Steffens
5e6049790e 5.13.9.arch1-1 2021-08-08 12:14:43 +00:00
David Runge
2589876818 Upgrade to 5.13.4.arch1.
PKGBUILD:
Add C7E7849466FE2358343588377258734B41C31549 as additional recognized valid PGP
key, as heftig might not be able to prepare releases and package for a while.

config:
Consolidate with defaults for 5.13.4 based on previous config.
Update CONFIG_LSM to order landlock before lockdown and re-add bpf, as the
issue discussed in https://bugs.archlinux.org/task/71270 seems to have been a
user-error (using obsolete kernel parameters).
2021-07-20 17:34:49 +00:00
Jan Alexander Steffens
fd38ec001c 5.13.1.arch1-1 2021-07-10 00:23:52 +00:00
Jan Alexander Steffens
4aa90295a0 5.12.14.arch1-1 2021-07-01 07:57:45 +00:00
Jan Alexander Steffens
65eddc1dfd FS#71325: Enable SPI_INTEL_SPI again 2021-06-25 23:47:16 +00:00
Jan Alexander Steffens
9bff7b52e3 5.12.13.arch1-1 2021-06-23 17:14:01 +00:00
Jan Alexander Steffens
38bd62e40b FS#71296: Enable DEBUG_LIST 2021-06-20 19:20:20 +00:00
Jan Alexander Steffens
e7d5c4d89c 5.12.11.arch1-1 2021-06-16 22:13:35 +00:00
Jan Alexander Steffens
d7bf404c33 FS#71270: Don't enable "bpf" LSM by default
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
2021-06-16 22:13:34 +00:00
Jan Alexander Steffens
b7f14e1a69 5.12.8.arch1-1 2021-05-28 21:05:54 +00:00
Jan Alexander Steffens
99703861e1 FS#69505: Enable MTD_ROM 2021-05-27 19:39:55 +00:00
Jan Alexander Steffens
2a8704f5e1 Set KFENCE_SAMPLE_INTERVAL to 0
Turns off KFENCE by default, as requested by Levente. There are power
use issues, see
https://lore.kernel.org/linux-mm/20210421105132.3965998-1-elver@google.com/
2021-05-15 21:38:29 +00:00
Jan Alexander Steffens
1646eced3b Enable DEBUG_INFO_DWARF4
Required for BTF to work with GCC 11.
2021-05-15 21:38:27 +00:00
Jan Alexander Steffens
cc87e6b052 5.12.2.arch1-1 2021-05-07 16:08:11 +00:00
Jan Alexander Steffens
db81b3eea9 FS#70742: Enable MTD_NAND_ECC_* 2021-05-07 16:08:09 +00:00
Jan Alexander Steffens
621ea2d08c 5.12.1.arch1-1 2021-05-02 13:41:41 +00:00
Jan Alexander Steffens
7f6df05917 Turn on KFENCE by default
As requested by Levente.
2021-05-02 13:41:40 +00:00
Jan Alexander Steffens
b03b4f7e6f 5.12.arch1-1 2021-04-26 21:33:26 +00:00
Jan Alexander Steffens
d71e920034 5.11.16.arch1-1 2021-04-21 20:39:28 +00:00
Jan Alexander Steffens
62782a577d FS#69181: Enable FB_UVESA 2021-04-21 20:39:27 +00:00
Jan Alexander Steffens
0d66f76ec1 FS#68698: Enable HID_SENSOR_CUSTOM_SENSOR 2021-04-21 20:39:26 +00:00
Jan Alexander Steffens
6f3f90e76b FS#69505: Enable MTD_RAM 2021-04-21 20:39:22 +00:00
Jan Alexander Steffens
85750f85be Revert "Enable LOAD_UEFI_KEYS"
It didn't help secure dkms modules like we thought it would.
2021-04-17 00:56:34 +00:00
Jan Alexander Steffens
4e15a9f945 5.11.15.arch1-1 2021-04-16 12:28:14 +00:00
Jan Alexander Steffens
9a383dc10f Enable LOAD_UEFI_KEYS
https://bbs.archlinux.org/viewtopic.php?pid=1861193#p1861193

Requested by Foxboron.
2021-04-16 12:28:12 +00:00
Jan Alexander Steffens
46d00c9794 5.11.13.arch1-1 2021-04-10 21:25:36 +00:00
Jan Alexander Steffens
44305ad48b FS#70375: Disable BT_HS 2021-04-09 18:49:50 +00:00
Jan Alexander Steffens
3272234053 FS#70384: Return atkbd to a module 2021-04-09 14:49:24 +00:00
Jan Alexander Steffens
eac563f39e 5.11.12.arch1-1 2021-04-07 22:37:33 +00:00
Jan Alexander Steffens
56380b3e43 FS#70299: Enable IDLE_PAGE_TRACKING 2021-04-05 12:50:09 +00:00
Jan Alexander Steffens
e74e4210d3 5.11.11.arch1-1 2021-03-30 14:47:29 +00:00
Jan Alexander Steffens
f99611e296 FS#69441: Revert "Disable USB gadget support" 2021-03-30 14:47:28 +00:00
Jan Alexander Steffens
ca32941726 5.11.9.arch1-1 2021-03-24 19:28:05 +00:00
Jan Alexander Steffens
d014a88b5b FS#70140: Enable EFI_VARS_PSTORE_DEFAULT_DISABLE 2021-03-24 19:28:03 +00:00
Jan Alexander Steffens
364d5e5432 5.11.8.arch1-1 2021-03-21 02:30:21 +00:00
Jan Alexander Steffens
1cf3662d97 FS#70064: Set SND_HDA_PREALLOC_SIZE to 0
This is also the default in Fedora.
2021-03-21 02:30:20 +00:00
Jan Alexander Steffens
1c099ca397 5.11.7.arch1-1 2021-03-17 17:35:35 +00:00
Jan Alexander Steffens
b4a2e977d4 FS#69992: Enable SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC 2021-03-15 16:28:21 +00:00
Jan Alexander Steffens
7e6eb07df5 FS#69479: Disable BCM63XX drivers 2021-03-14 14:40:19 +00:00
Jan Alexander Steffens
fc7f97fc30 FS#33958, FS#35753: Fix tomoyo settings 2021-03-14 14:40:17 +00:00
Jan Alexander Steffens
e280f34fb3 5.11.4.arch1-1 2021-03-07 18:34:36 +00:00
Jan Alexander Steffens
62f6c03f2c 5.11.3.arch1-1 2021-03-04 22:24:21 +00:00
Jan Alexander Steffens
cc8cce72b9 5.11.arch1-1 2021-02-15 23:56:35 +00:00
Jan Alexander Steffens
71c2279684 FS#69158: Return psmouse to a module 2021-02-04 19:32:19 +00:00
Jan Alexander Steffens
2630980304 5.10.13.arch1-1 2021-02-04 00:25:58 +00:00
Jan Alexander Steffens
7874717d9d FS#69479: Disable Lantiq and Rockchip drivers 2021-02-04 00:25:57 +00:00
Jan Alexander Steffens
861c5dfd04 Update security config
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
2021-02-04 00:25:55 +00:00
Jan Alexander Steffens
d04972b60c FS#69212: Reenable multimedia test drivers 2021-01-31 01:33:42 +00:00
Jan Alexander Steffens
c19564ecfa 5.10.6.arch1-1 2021-01-09 19:17:04 +00:00
Jan Alexander Steffens
87cfb1a823 Reenable MTD_PHRAM
Can be used with syslinux's memdiskfind to mount a filesystem image.
2021-01-01 06:17:41 +00:00
Jan Alexander Steffens
45857ed86c Enable SECURITY_DMESG_RESTRICT
Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
2020-12-31 01:18:17 +00:00
Jan Alexander Steffens
b54786ee1f 5.10.4.arch1-1 2020-12-31 01:18:16 +00:00
Jan Alexander Steffens
ddeb06b257 Revert two config changes
As requested by Levente.
2020-12-22 01:33:12 +00:00