Commit Graph

452 Commits

Author SHA1 Message Date
Jan Alexander Steffens
c137130912 6.2.1.arch1-1 2023-02-26 04:20:02 +00:00
Jan Alexander Steffens
cd7139ed1b FS#77603: Disable SYSFB_SIMPLEFB
Still broken.
2023-02-26 04:20:00 +00:00
Jan Alexander Steffens
25432b7fe8 6.2.arch1-1 2023-02-20 23:06:14 +00:00
Jan Alexander Steffens
1248dbbdee 6.1.12.arch1-1 2023-02-14 23:15:43 +00:00
Jan Alexander Steffens
1de668fc39 6.1.8.arch1-1 2023-01-24 22:08:04 +00:00
Jan Alexander Steffens
ab269fce8c 6.1.6.arch1-1 2023-01-14 13:54:59 +00:00
Jan Alexander Steffens
c15fb537c5 6.1.arch1-1 2022-12-12 00:57:06 +00:00
Jan Alexander Steffens
239feb2636 6.0.11.arch1-1 2022-12-02 17:58:21 +00:00
Jan Alexander Steffens
5f2d83b1ed 6.0.10.arch2-1 2022-11-26 17:36:13 +00:00
Jan Alexander Steffens
78eba71a7a Build in TCG_TPM, TCG_TIS and TCG_CRB
As requested by Christian, for systemd. These should match the built-in
TPM drivers of the Fedora kernel.

See: https://github.com/dracutdevs/dracut/issues/2066#issuecomment-1317957398
2022-11-26 17:36:10 +00:00
Jan Alexander Steffens
2da4cc9c72 6.0.5.arch1-1 2022-10-26 15:58:07 +00:00
Jan Alexander Steffens
239dac8549 6.0.3.arch2-1 2022-10-21 17:35:05 +00:00
Jan Alexander Steffens
790707e7bb 6.0.1.arch2-1 2022-10-13 20:22:47 +00:00
Jan Alexander Steffens
6dfa340b6d 6.0.arch1-1 2022-10-04 21:53:25 +00:00
Jan Alexander Steffens
2cb2c2a9ee 5.19.12.arch1-1 2022-09-28 13:57:43 +00:00
Jan Alexander Steffens
b355555335 5.19.11.arch1-1 2022-09-24 19:32:48 +00:00
Jan Alexander Steffens
07add5cd3c Enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
As requested by Christian, for systemd.
2022-09-24 19:32:46 +00:00
Jan Alexander Steffens
f9f29d5a1b 5.19.6.arch1-1 2022-08-31 22:49:58 +00:00
Jan Alexander Steffens
a761030c6f 5.19.4.arch1-1 2022-08-25 18:22:09 +00:00
Jan Alexander Steffens
72311cf099 5.19.2.arch1-1 2022-08-17 14:28:21 +00:00
Jan Alexander Steffens
cab15f6f84 5.19.1.arch1-1 2022-08-11 16:00:06 +00:00
Jan Alexander Steffens
2db71c5777 Enable NO_HZ_FULL
There is reportedly no (longer) significant overhead to this when it is
not enabled at runtime, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804857#66
2022-08-06 22:11:33 +00:00
Jan Alexander Steffens
44548c4424 FS#74953: Reenable I8K 2022-08-06 22:11:31 +00:00
Jan Alexander Steffens
2e407d05f4 5.19.arch1-1 2022-08-06 14:08:01 +00:00
Jan Alexander Steffens
1e93cf5d3a 5.18.16.arch1-1 2022-08-03 12:00:00 +00:00
Jan Alexander Steffens
94d0ee92f2 FS#74975: Enable MEMTEST 2022-07-31 14:38:59 +00:00
Jan Alexander Steffens
0d5a58dc37 5.18.14.arch1-1 2022-07-23 12:28:24 +00:00
Jan Alexander Steffens
af075e3dca 5.18.6.arch1-1 2022-06-22 18:43:35 +00:00
Jan Alexander Steffens
5f3729800f FS#75102: Add integrity to LSM
This only initializes a cache which is used by IMA. So it does nothing
useful. Still, we technically have the integrity LSM and this removes a
footgun should IMA ever get enabled.
2022-06-19 20:12:32 +00:00
Jan Alexander Steffens
2e8ca45bc9 FS#75102: Enable KEXEC_SIG 2022-06-19 20:12:32 +00:00
Jan Alexander Steffens
1eaae5d53f FS#75102: Revert "Enable KEXEC_SIG and IMA"
Enabling IMA makes it impossible to load unsigned kernel modules when
secure boot is in use, and without shim in the boot you can't get the
kernel to trust a local key for module signing.

This reverts commit 6a241232a3275ef3e314b5b7167e13fffff71282.
2022-06-19 20:12:31 +00:00
Jan Alexander Steffens
0724b8895c FS#75102: Enable KEXEC_SIG and IMA 2022-06-19 19:23:48 +00:00
Jan Alexander Steffens
b3c8c8615f 5.18.5.arch1-1 2022-06-16 21:18:19 +00:00
Jan Alexander Steffens
a0899d416d Disable PECI
As requested by Levente. Only useful for kernels running on baseboard
management controllers.
2022-06-16 21:18:17 +00:00
Jan Alexander Steffens
218d2a950d 5.18.4.arch1-1 2022-06-15 23:42:51 +00:00
Jan Alexander Steffens
5bd573c89e FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related 2022-06-15 23:42:48 +00:00
Jan Alexander Steffens
e29a800771 5.18.3.arch1-1 2022-06-09 17:20:22 +00:00
Jan Alexander Steffens
3aa8dd1c85 5.18.1.arch1-1 2022-05-30 18:31:45 +00:00
Jan Alexander Steffens
f11429d842 FS#74888: Enable BLOCK_LEGACY_AUTOLOAD
Disabling this broke legacy mdraid setups.

See: https://lore.kernel.org/linux-block/20220503212848.5853-1-dmoulding@me.com/
2022-05-30 18:31:42 +00:00
Jan Alexander Steffens
1cc50e39e6 5.18.arch1-1 2022-05-24 22:34:17 +00:00
Jan Alexander Steffens
231862cf72 5.17.6.arch1-1 2022-05-10 23:31:11 +00:00
Jan Alexander Steffens
0c61251a1e 5.17.5.arch1-1 2022-04-27 21:57:26 +00:00
Jan Alexander Steffens
ee2af8ec43 5.17.4.arch1-1 2022-04-20 19:02:04 +00:00
Jan Alexander Steffens
2d3dd3bff0 5.17.2.arch1-1 2022-04-08 18:11:24 +00:00
Jan Alexander Steffens
d60d23d3e0 FS#74291: Reenable FRAMEBUFFER_CONSOLE_ROTATION 2022-04-01 16:10:30 +00:00
Jan Alexander Steffens
8dc941a8b3 FS#68021, FS#74271: Return nvme to a module 2022-03-30 20:34:27 +00:00
Jan Alexander Steffens
03fa74e628 FS#74203: Disable SYSFB_SIMPLEFB 2022-03-28 21:54:43 +00:00
Jan Alexander Steffens
432adf96db 5.17.arch1-1 2022-03-23 00:44:26 +00:00
Jan Alexander Steffens
997a6a8651 5.16.14.arch1-1 2022-03-11 18:29:09 +00:00
Jan Alexander Steffens
ccba33df68 Enable BPF_UNPRIV_DEFAULT_OFF
This config was enabled by default in v5.15 and we should follow that.
2022-03-09 16:09:34 +00:00