Jan Alexander Steffens
c137130912
6.2.1.arch1-1
2023-02-26 04:20:02 +00:00
Jan Alexander Steffens
cd7139ed1b
FS#77603: Disable SYSFB_SIMPLEFB
...
Still broken.
2023-02-26 04:20:00 +00:00
Jan Alexander Steffens
25432b7fe8
6.2.arch1-1
2023-02-20 23:06:14 +00:00
Jan Alexander Steffens
1248dbbdee
6.1.12.arch1-1
2023-02-14 23:15:43 +00:00
Jan Alexander Steffens
1de668fc39
6.1.8.arch1-1
2023-01-24 22:08:04 +00:00
Jan Alexander Steffens
ab269fce8c
6.1.6.arch1-1
2023-01-14 13:54:59 +00:00
Jan Alexander Steffens
c15fb537c5
6.1.arch1-1
2022-12-12 00:57:06 +00:00
Jan Alexander Steffens
239feb2636
6.0.11.arch1-1
2022-12-02 17:58:21 +00:00
Jan Alexander Steffens
5f2d83b1ed
6.0.10.arch2-1
2022-11-26 17:36:13 +00:00
Jan Alexander Steffens
78eba71a7a
Build in TCG_TPM, TCG_TIS and TCG_CRB
...
As requested by Christian, for systemd. These should match the built-in
TPM drivers of the Fedora kernel.
See: https://github.com/dracutdevs/dracut/issues/2066#issuecomment-1317957398
2022-11-26 17:36:10 +00:00
Jan Alexander Steffens
2da4cc9c72
6.0.5.arch1-1
2022-10-26 15:58:07 +00:00
Jan Alexander Steffens
239dac8549
6.0.3.arch2-1
2022-10-21 17:35:05 +00:00
Jan Alexander Steffens
790707e7bb
6.0.1.arch2-1
2022-10-13 20:22:47 +00:00
Jan Alexander Steffens
6dfa340b6d
6.0.arch1-1
2022-10-04 21:53:25 +00:00
Jan Alexander Steffens
2cb2c2a9ee
5.19.12.arch1-1
2022-09-28 13:57:43 +00:00
Jan Alexander Steffens
b355555335
5.19.11.arch1-1
2022-09-24 19:32:48 +00:00
Jan Alexander Steffens
07add5cd3c
Enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
...
As requested by Christian, for systemd.
2022-09-24 19:32:46 +00:00
Jan Alexander Steffens
f9f29d5a1b
5.19.6.arch1-1
2022-08-31 22:49:58 +00:00
Jan Alexander Steffens
a761030c6f
5.19.4.arch1-1
2022-08-25 18:22:09 +00:00
Jan Alexander Steffens
72311cf099
5.19.2.arch1-1
2022-08-17 14:28:21 +00:00
Jan Alexander Steffens
cab15f6f84
5.19.1.arch1-1
2022-08-11 16:00:06 +00:00
Jan Alexander Steffens
2db71c5777
Enable NO_HZ_FULL
...
There is reportedly no (longer) significant overhead to this when it is
not enabled at runtime, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804857#66
2022-08-06 22:11:33 +00:00
Jan Alexander Steffens
44548c4424
FS#74953: Reenable I8K
2022-08-06 22:11:31 +00:00
Jan Alexander Steffens
2e407d05f4
5.19.arch1-1
2022-08-06 14:08:01 +00:00
Jan Alexander Steffens
1e93cf5d3a
5.18.16.arch1-1
2022-08-03 12:00:00 +00:00
Jan Alexander Steffens
94d0ee92f2
FS#74975: Enable MEMTEST
2022-07-31 14:38:59 +00:00
Jan Alexander Steffens
0d5a58dc37
5.18.14.arch1-1
2022-07-23 12:28:24 +00:00
Jan Alexander Steffens
af075e3dca
5.18.6.arch1-1
2022-06-22 18:43:35 +00:00
Jan Alexander Steffens
5f3729800f
FS#75102: Add integrity to LSM
...
This only initializes a cache which is used by IMA. So it does nothing
useful. Still, we technically have the integrity LSM and this removes a
footgun should IMA ever get enabled.
2022-06-19 20:12:32 +00:00
Jan Alexander Steffens
2e8ca45bc9
FS#75102: Enable KEXEC_SIG
2022-06-19 20:12:32 +00:00
Jan Alexander Steffens
1eaae5d53f
FS#75102: Revert "Enable KEXEC_SIG and IMA"
...
Enabling IMA makes it impossible to load unsigned kernel modules when
secure boot is in use, and without shim in the boot you can't get the
kernel to trust a local key for module signing.
This reverts commit 6a241232a3275ef3e314b5b7167e13fffff71282.
2022-06-19 20:12:31 +00:00
Jan Alexander Steffens
0724b8895c
FS#75102: Enable KEXEC_SIG and IMA
2022-06-19 19:23:48 +00:00
Jan Alexander Steffens
b3c8c8615f
5.18.5.arch1-1
2022-06-16 21:18:19 +00:00
Jan Alexander Steffens
a0899d416d
Disable PECI
...
As requested by Levente. Only useful for kernels running on baseboard
management controllers.
2022-06-16 21:18:17 +00:00
Jan Alexander Steffens
218d2a950d
5.18.4.arch1-1
2022-06-15 23:42:51 +00:00
Jan Alexander Steffens
5bd573c89e
FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related
2022-06-15 23:42:48 +00:00
Jan Alexander Steffens
e29a800771
5.18.3.arch1-1
2022-06-09 17:20:22 +00:00
Jan Alexander Steffens
3aa8dd1c85
5.18.1.arch1-1
2022-05-30 18:31:45 +00:00
Jan Alexander Steffens
f11429d842
FS#74888: Enable BLOCK_LEGACY_AUTOLOAD
...
Disabling this broke legacy mdraid setups.
See: https://lore.kernel.org/linux-block/20220503212848.5853-1-dmoulding@me.com/
2022-05-30 18:31:42 +00:00
Jan Alexander Steffens
1cc50e39e6
5.18.arch1-1
2022-05-24 22:34:17 +00:00
Jan Alexander Steffens
231862cf72
5.17.6.arch1-1
2022-05-10 23:31:11 +00:00
Jan Alexander Steffens
0c61251a1e
5.17.5.arch1-1
2022-04-27 21:57:26 +00:00
Jan Alexander Steffens
ee2af8ec43
5.17.4.arch1-1
2022-04-20 19:02:04 +00:00
Jan Alexander Steffens
2d3dd3bff0
5.17.2.arch1-1
2022-04-08 18:11:24 +00:00
Jan Alexander Steffens
d60d23d3e0
FS#74291: Reenable FRAMEBUFFER_CONSOLE_ROTATION
2022-04-01 16:10:30 +00:00
Jan Alexander Steffens
8dc941a8b3
FS#68021, FS#74271: Return nvme to a module
2022-03-30 20:34:27 +00:00
Jan Alexander Steffens
03fa74e628
FS#74203: Disable SYSFB_SIMPLEFB
2022-03-28 21:54:43 +00:00
Jan Alexander Steffens
432adf96db
5.17.arch1-1
2022-03-23 00:44:26 +00:00
Jan Alexander Steffens
997a6a8651
5.16.14.arch1-1
2022-03-11 18:29:09 +00:00
Jan Alexander Steffens
ccba33df68
Enable BPF_UNPRIV_DEFAULT_OFF
...
This config was enabled by default in v5.15 and we should follow that.
2022-03-09 16:09:34 +00:00