Jan Alexander Steffens
0724b8895c
FS#75102: Enable KEXEC_SIG and IMA
2022-06-19 19:23:48 +00:00
Jan Alexander Steffens
b3c8c8615f
5.18.5.arch1-1
2022-06-16 21:18:19 +00:00
Jan Alexander Steffens
a0899d416d
Disable PECI
...
As requested by Levente. Only useful for kernels running on baseboard
management controllers.
2022-06-16 21:18:17 +00:00
Jan Alexander Steffens
218d2a950d
5.18.4.arch1-1
2022-06-15 23:42:51 +00:00
Jan Alexander Steffens
5bd573c89e
FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related
2022-06-15 23:42:48 +00:00
Jan Alexander Steffens
e29a800771
5.18.3.arch1-1
2022-06-09 17:20:22 +00:00
Jan Alexander Steffens
3aa8dd1c85
5.18.1.arch1-1
2022-05-30 18:31:45 +00:00
Jan Alexander Steffens
f11429d842
FS#74888: Enable BLOCK_LEGACY_AUTOLOAD
...
Disabling this broke legacy mdraid setups.
See: https://lore.kernel.org/linux-block/20220503212848.5853-1-dmoulding@me.com/
2022-05-30 18:31:42 +00:00
Jan Alexander Steffens
1cc50e39e6
5.18.arch1-1
2022-05-24 22:34:17 +00:00
Jan Alexander Steffens
231862cf72
5.17.6.arch1-1
2022-05-10 23:31:11 +00:00
Jan Alexander Steffens
0c61251a1e
5.17.5.arch1-1
2022-04-27 21:57:26 +00:00
Jan Alexander Steffens
ee2af8ec43
5.17.4.arch1-1
2022-04-20 19:02:04 +00:00
Jan Alexander Steffens
2d3dd3bff0
5.17.2.arch1-1
2022-04-08 18:11:24 +00:00
Jan Alexander Steffens
d60d23d3e0
FS#74291: Reenable FRAMEBUFFER_CONSOLE_ROTATION
2022-04-01 16:10:30 +00:00
Jan Alexander Steffens
8dc941a8b3
FS#68021, FS#74271: Return nvme to a module
2022-03-30 20:34:27 +00:00
Jan Alexander Steffens
03fa74e628
FS#74203: Disable SYSFB_SIMPLEFB
2022-03-28 21:54:43 +00:00
Jan Alexander Steffens
432adf96db
5.17.arch1-1
2022-03-23 00:44:26 +00:00
Jan Alexander Steffens
997a6a8651
5.16.14.arch1-1
2022-03-11 18:29:09 +00:00
Jan Alexander Steffens
ccba33df68
Enable BPF_UNPRIV_DEFAULT_OFF
...
This config was enabled by default in v5.15 and we should follow that.
2022-03-09 16:09:34 +00:00
Jan Alexander Steffens
4f1d39f328
5.16.13.arch1-1
2022-03-08 20:36:10 +00:00
Jan Alexander Steffens
74147130fa
5.16.9.arch1-1
2022-02-11 23:14:13 +00:00
Jan Alexander Steffens
a4414373de
FS#73364: Enable DAMON
2022-02-11 23:14:12 +00:00
Jan Alexander Steffens
eb92849ce1
5.16.8.arch1-1
2022-02-08 21:56:54 +00:00
Jan Alexander Steffens
659df960bd
FS#72597: Disable ZERO_CALL_USED_REGS
...
Too much overhead.
2022-02-07 18:29:34 +00:00
Jan Alexander Steffens
6376eaf60e
5.16.arch1-1
2022-01-10 21:15:58 +00:00
Jan Alexander Steffens
992dd34d40
5.15.12.arch1-1
2021-12-29 13:06:04 +00:00
Jan Alexander Steffens
38f90fdbe5
5.15.9.arch1-1
2021-12-17 00:17:27 +00:00
Jan Alexander Steffens
f6654f361c
FS#69505: Replace MTD_RAM with MTD_MTDRAM
...
The latter is what was actually wanted.
2021-12-16 03:14:31 +00:00
Jan Alexander Steffens
6fdf85f792
5.15.5.arch1-1
2021-11-25 22:53:04 +00:00
Jan Alexander Steffens
90addb77b2
5.15.3.arch1-1
2021-11-18 22:55:52 +00:00
Jan Alexander Steffens
87b96ed160
5.15.2.arch1-1
2021-11-12 20:28:54 +00:00
Jan Alexander Steffens
741b99dce1
FS#72645: Disable SYSFB_SIMPLEFB
2021-11-12 20:28:52 +00:00
Jan Alexander Steffens
e55609718b
FS#72658: Reenable built-in FB drivers
2021-11-09 17:09:57 +00:00
Jan Alexander Steffens
911177d3df
Disable WERROR
...
Also leaks into external module builds.
2021-11-03 23:30:53 +00:00
Jan Alexander Steffens
78d0321a90
Set SYSFB_SIMPLEFB=y and SIMPLEDRM=y, disable legacy FB drivers
2021-11-03 23:30:52 +00:00
Jan Alexander Steffens
62812fc5b4
5.15.arch1-1
2021-11-03 23:30:51 +00:00
Jan Alexander Steffens
2072b4db95
5.14.12.arch1-1
2021-10-13 17:35:24 +00:00
Jan Alexander Steffens
4325d1b2ad
5.14.10.arch1-1
2021-10-07 20:32:54 +00:00
Jan Alexander Steffens
2ef0ab9184
Disable SND_INTEL_BYT_PREFER_SOF
...
As requested by Jelle.
2021-10-06 22:08:56 +00:00
Jan Alexander Steffens
595a15167b
5.14.8.arch1-1
2021-09-26 20:22:35 +00:00
Jan Alexander Steffens
045bfb719c
FS#72195: Disable FB_HYPERV
2021-09-26 20:22:33 +00:00
Jan Alexander Steffens
6f0e13bf09
5.14.4.arch1-1
2021-09-15 22:24:27 +00:00
Jan Alexander Steffens
25de7a333b
FS#72045: Disable WATCHDOG_HRTIMER_PRETIMEOUT
2021-09-09 10:30:52 +00:00
Jan Alexander Steffens
ca05999be5
Enable EDAC_IGEN6
...
This was overlooked.
2021-09-03 21:24:30 +00:00
Jan Alexander Steffens
18427d86c6
5.14.1.arch1-1
2021-09-03 21:04:16 +00:00
Jan Alexander Steffens
d73ac85acb
5.13.13.arch1-1
2021-08-26 19:48:22 +00:00
Jan Alexander Steffens
738226335f
5.13.12.arch1-1
2021-08-18 21:30:22 +00:00
Jan Alexander Steffens
c21ba89cc1
Set KFENCE_SAMPLE_INTERVAL back to 100
...
As requested by Levente. The power issues should be solved by now.
2021-08-18 21:30:21 +00:00
Jan Alexander Steffens
fb8eb1c560
Enable RANDOMIZE_KSTACK_OFFSET_DEFAULT
...
Additional hardening at a minimal cost, as requested by Levente.
2021-08-18 21:30:17 +00:00
Jan Alexander Steffens
5e6049790e
5.13.9.arch1-1
2021-08-08 12:14:43 +00:00
David Runge
2589876818
Upgrade to 5.13.4.arch1.
...
PKGBUILD:
Add C7E7849466FE2358343588377258734B41C31549 as additional recognized valid PGP
key, as heftig might not be able to prepare releases and package for a while.
config:
Consolidate with defaults for 5.13.4 based on previous config.
Update CONFIG_LSM to order landlock before lockdown and re-add bpf, as the
issue discussed in https://bugs.archlinux.org/task/71270 seems to have been a
user-error (using obsolete kernel parameters).
2021-07-20 17:34:49 +00:00
Jan Alexander Steffens
fd38ec001c
5.13.1.arch1-1
2021-07-10 00:23:52 +00:00
Jan Alexander Steffens
4aa90295a0
5.12.14.arch1-1
2021-07-01 07:57:45 +00:00
Jan Alexander Steffens
65eddc1dfd
FS#71325: Enable SPI_INTEL_SPI again
2021-06-25 23:47:16 +00:00
Jan Alexander Steffens
9bff7b52e3
5.12.13.arch1-1
2021-06-23 17:14:01 +00:00
Jan Alexander Steffens
38bd62e40b
FS#71296: Enable DEBUG_LIST
2021-06-20 19:20:20 +00:00
Jan Alexander Steffens
e7d5c4d89c
5.12.11.arch1-1
2021-06-16 22:13:35 +00:00
Jan Alexander Steffens
d7bf404c33
FS#71270: Don't enable "bpf" LSM by default
...
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
2021-06-16 22:13:34 +00:00
Jan Alexander Steffens
b7f14e1a69
5.12.8.arch1-1
2021-05-28 21:05:54 +00:00
Jan Alexander Steffens
99703861e1
FS#69505: Enable MTD_ROM
2021-05-27 19:39:55 +00:00
Jan Alexander Steffens
2a8704f5e1
Set KFENCE_SAMPLE_INTERVAL to 0
...
Turns off KFENCE by default, as requested by Levente. There are power
use issues, see
https://lore.kernel.org/linux-mm/20210421105132.3965998-1-elver@google.com/
2021-05-15 21:38:29 +00:00
Jan Alexander Steffens
1646eced3b
Enable DEBUG_INFO_DWARF4
...
Required for BTF to work with GCC 11.
2021-05-15 21:38:27 +00:00
Jan Alexander Steffens
cc87e6b052
5.12.2.arch1-1
2021-05-07 16:08:11 +00:00
Jan Alexander Steffens
db81b3eea9
FS#70742: Enable MTD_NAND_ECC_*
2021-05-07 16:08:09 +00:00
Jan Alexander Steffens
621ea2d08c
5.12.1.arch1-1
2021-05-02 13:41:41 +00:00
Jan Alexander Steffens
7f6df05917
Turn on KFENCE by default
...
As requested by Levente.
2021-05-02 13:41:40 +00:00
Jan Alexander Steffens
b03b4f7e6f
5.12.arch1-1
2021-04-26 21:33:26 +00:00
Jan Alexander Steffens
d71e920034
5.11.16.arch1-1
2021-04-21 20:39:28 +00:00
Jan Alexander Steffens
62782a577d
FS#69181: Enable FB_UVESA
2021-04-21 20:39:27 +00:00
Jan Alexander Steffens
0d66f76ec1
FS#68698: Enable HID_SENSOR_CUSTOM_SENSOR
2021-04-21 20:39:26 +00:00
Jan Alexander Steffens
6f3f90e76b
FS#69505: Enable MTD_RAM
2021-04-21 20:39:22 +00:00
Jan Alexander Steffens
85750f85be
Revert "Enable LOAD_UEFI_KEYS"
...
It didn't help secure dkms modules like we thought it would.
2021-04-17 00:56:34 +00:00
Jan Alexander Steffens
4e15a9f945
5.11.15.arch1-1
2021-04-16 12:28:14 +00:00
Jan Alexander Steffens
9a383dc10f
Enable LOAD_UEFI_KEYS
...
https://bbs.archlinux.org/viewtopic.php?pid=1861193#p1861193
Requested by Foxboron.
2021-04-16 12:28:12 +00:00
Jan Alexander Steffens
46d00c9794
5.11.13.arch1-1
2021-04-10 21:25:36 +00:00
Jan Alexander Steffens
44305ad48b
FS#70375: Disable BT_HS
2021-04-09 18:49:50 +00:00
Jan Alexander Steffens
3272234053
FS#70384: Return atkbd to a module
2021-04-09 14:49:24 +00:00
Jan Alexander Steffens
eac563f39e
5.11.12.arch1-1
2021-04-07 22:37:33 +00:00
Jan Alexander Steffens
56380b3e43
FS#70299: Enable IDLE_PAGE_TRACKING
2021-04-05 12:50:09 +00:00
Jan Alexander Steffens
e74e4210d3
5.11.11.arch1-1
2021-03-30 14:47:29 +00:00
Jan Alexander Steffens
f99611e296
FS#69441: Revert "Disable USB gadget support"
2021-03-30 14:47:28 +00:00
Jan Alexander Steffens
ca32941726
5.11.9.arch1-1
2021-03-24 19:28:05 +00:00
Jan Alexander Steffens
d014a88b5b
FS#70140: Enable EFI_VARS_PSTORE_DEFAULT_DISABLE
2021-03-24 19:28:03 +00:00
Jan Alexander Steffens
364d5e5432
5.11.8.arch1-1
2021-03-21 02:30:21 +00:00
Jan Alexander Steffens
1cf3662d97
FS#70064: Set SND_HDA_PREALLOC_SIZE to 0
...
This is also the default in Fedora.
2021-03-21 02:30:20 +00:00
Jan Alexander Steffens
1c099ca397
5.11.7.arch1-1
2021-03-17 17:35:35 +00:00
Jan Alexander Steffens
b4a2e977d4
FS#69992: Enable SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC
2021-03-15 16:28:21 +00:00
Jan Alexander Steffens
7e6eb07df5
FS#69479: Disable BCM63XX drivers
2021-03-14 14:40:19 +00:00
Jan Alexander Steffens
fc7f97fc30
FS#33958, FS#35753: Fix tomoyo settings
2021-03-14 14:40:17 +00:00
Jan Alexander Steffens
e280f34fb3
5.11.4.arch1-1
2021-03-07 18:34:36 +00:00
Jan Alexander Steffens
62f6c03f2c
5.11.3.arch1-1
2021-03-04 22:24:21 +00:00
Jan Alexander Steffens
cc8cce72b9
5.11.arch1-1
2021-02-15 23:56:35 +00:00
Jan Alexander Steffens
71c2279684
FS#69158: Return psmouse to a module
2021-02-04 19:32:19 +00:00
Jan Alexander Steffens
2630980304
5.10.13.arch1-1
2021-02-04 00:25:58 +00:00
Jan Alexander Steffens
7874717d9d
FS#69479: Disable Lantiq and Rockchip drivers
2021-02-04 00:25:57 +00:00
Jan Alexander Steffens
861c5dfd04
Update security config
...
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
2021-02-04 00:25:55 +00:00
Jan Alexander Steffens
d04972b60c
FS#69212: Reenable multimedia test drivers
2021-01-31 01:33:42 +00:00
Jan Alexander Steffens
c19564ecfa
5.10.6.arch1-1
2021-01-09 19:17:04 +00:00
Jan Alexander Steffens
87cfb1a823
Reenable MTD_PHRAM
...
Can be used with syslinux's memdiskfind to mount a filesystem image.
2021-01-01 06:17:41 +00:00
Jan Alexander Steffens
45857ed86c
Enable SECURITY_DMESG_RESTRICT
...
Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
2020-12-31 01:18:17 +00:00