Commit Graph

332 Commits

Author SHA1 Message Date
Jan Alexander Steffens
e280f34fb3 5.11.4.arch1-1 2021-03-07 18:34:36 +00:00
Jan Alexander Steffens
62f6c03f2c 5.11.3.arch1-1 2021-03-04 22:24:21 +00:00
Jan Alexander Steffens
cc8cce72b9 5.11.arch1-1 2021-02-15 23:56:35 +00:00
Jan Alexander Steffens
71c2279684 FS#69158: Return psmouse to a module 2021-02-04 19:32:19 +00:00
Jan Alexander Steffens
2630980304 5.10.13.arch1-1 2021-02-04 00:25:58 +00:00
Jan Alexander Steffens
7874717d9d FS#69479: Disable Lantiq and Rockchip drivers 2021-02-04 00:25:57 +00:00
Jan Alexander Steffens
861c5dfd04 Update security config
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
2021-02-04 00:25:55 +00:00
Jan Alexander Steffens
d04972b60c FS#69212: Reenable multimedia test drivers 2021-01-31 01:33:42 +00:00
Jan Alexander Steffens
c19564ecfa 5.10.6.arch1-1 2021-01-09 19:17:04 +00:00
Jan Alexander Steffens
87cfb1a823 Reenable MTD_PHRAM
Can be used with syslinux's memdiskfind to mount a filesystem image.
2021-01-01 06:17:41 +00:00
Jan Alexander Steffens
45857ed86c Enable SECURITY_DMESG_RESTRICT
Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
2020-12-31 01:18:17 +00:00
Jan Alexander Steffens
b54786ee1f 5.10.4.arch1-1 2020-12-31 01:18:16 +00:00
Jan Alexander Steffens
ddeb06b257 Revert two config changes
As requested by Levente.
2020-12-22 01:33:12 +00:00
Jan Alexander Steffens
5ee180e682 5.10.2.arch1-1 2020-12-21 20:50:34 +00:00
Jan Alexander Steffens
2f63adc58f Disable most of MTD
Besides some support for directly flashing BIOS chips which is marked as
DANGEROUS, these seem only useful on embedded devices.

Only leave the simulator and the MTD-on-block emulator.
2020-12-18 23:32:10 +00:00
Jan Alexander Steffens
a10b2065c8 Disable SFI
Only used on some exotic Intel smartphone platforms without ACPI.
2020-12-18 23:32:09 +00:00
Jan Alexander Steffens
994cbff510 Disable autosleep and wakelocks
Not useful without appropriate userspace, like Android.
2020-12-18 23:32:08 +00:00
Jan Alexander Steffens
d522f29651 Disable PCI endpoint support
We're only running on host devices.
2020-12-18 23:32:08 +00:00
Jan Alexander Steffens
554f6e5ad8 Disable CAIF
Seems to be for ST-Ericsson embedded modems.
2020-12-18 23:32:07 +00:00
Jan Alexander Steffens
4d3936f486 Disable VME and RapidIO
Seems to be exotic, industrial hardware.
2020-12-18 23:32:06 +00:00
Jan Alexander Steffens
09b5d73900 Disable USB gadget support
We're only running on host devices.
2020-12-18 23:32:05 +00:00
Jan Alexander Steffens
a661403002 Disable CONFIG_EXPERT
I'm not.
2020-12-18 23:32:05 +00:00
Jan Alexander Steffens
bd50d947c3 Disable SDR and test media drivers
Using the device type filter menu.
2020-12-18 23:32:04 +00:00
Jan Alexander Steffens
bf6633be3e Disable Comedi
Big driver set in staging of little use.
2020-12-18 23:32:03 +00:00
Jan Alexander Steffens
0c99750850 Disable I3C, SPMI and HSI
Seems to be restricted to embedded stuff with integrated modems.
2020-12-18 23:32:02 +00:00
Jan Alexander Steffens
5a395d000c Disable OpenFirmware support
This is a big chunk of drivers that doesn't seem to be useful to us.
2020-12-18 23:32:01 +00:00
Jan Alexander Steffens
56811c1973 Pick some configuration options from Fedora's default kernel
Mostly choices about which modules to build in, some more debugfs
entries and boot self-tests.

  - Unset GART_IOMMU: Old IOMMU code, should be unused.
  - Unset MICROCODE_OLD_INTERFACE: Option help emphatically asks not to
    set this.
  - Unset ARCH_MEMORY_PROBE: Manual memory hot-plug should be unused.
  - Unset USB_DYNAMIC_MINORS: We had this set forever, but it doesn't
    actually seem to be needed.
  - Unset NTFS_FS: Please use ntfs-3g.
2020-12-18 23:32:00 +00:00
Jan Alexander Steffens
056e1229cd Disable DCCP (still affected by CVE-2020-16119) 2020-12-18 17:58:35 +00:00
Jan Alexander Steffens
8c2a9a8da9 FS#68978 Enable SoundWire machine driver 2020-12-16 14:37:37 +00:00
Jan Alexander Steffens
e32e0ba50d 5.10.1.arch1-1 2020-12-15 21:22:15 +00:00
Jan Alexander Steffens
d0179d6259 5.9.14.arch1-1 2020-12-12 22:02:25 +00:00
Jan Alexander Steffens
fe6596ab57 5.9.11.arch2-1 2020-11-28 02:51:37 +00:00
Jan Alexander Steffens
87febd662a 5.9.4.arch1-1 2020-11-04 22:42:21 +00:00
Jan Alexander Steffens
2c8951be72 5.9.arch1-1 2020-10-12 21:06:00 +00:00
Jan Alexander Steffens
dc92454675 5.8.14.arch1-1: FS#68092 Restore HDA prealloc 2020-10-07 23:59:36 +00:00
Jan Alexander Steffens
ea62179998 5.8.6.arch1-1 2020-09-03 18:54:38 +00:00
Jan Alexander Steffens
09a3f454bd 5.8.5.arch1-1 2020-08-27 20:01:26 +00:00
Jan Alexander Steffens
04d29ded1f 5.8.arch1-2: Enable MEM_SOFT_DIRTY (FS#67509) and USERFAULTFD (FS#62780) 2020-08-09 01:43:59 +00:00
Jan Alexander Steffens
3b798b5973 5.8.arch1-1 2020-08-03 20:08:49 +00:00
Jan Alexander Steffens
ad5bfbb468 5.7.11.arch1-1 2020-07-29 22:37:08 +00:00
Jan Alexander Steffens
44c212c848 FS#67421 Enable APPLETALK again by request 2020-07-29 22:37:07 +00:00
Jan Alexander Steffens
86fcfba038 5.7.6.arch1-1 2020-06-25 01:09:41 +00:00
Jan Alexander Steffens
2db27e8ef8 5.7.1.arch1-1 2020-06-07 13:06:32 +00:00
Jan Alexander Steffens
56cd81178e 5.7.arch1-1 2020-06-02 00:16:56 +00:00
Jan Alexander Steffens
331cab0a7d 5.6.15.arch1-1 2020-05-28 00:29:18 +00:00
Jan Alexander Steffens
6f75f24bf0 5.6.8.arch1-1 2020-04-29 17:50:10 +00:00
Jan Alexander Steffens
db2f694f61 5.6.5.arch2-1 2020-04-18 23:13:32 +00:00
Jan Alexander Steffens
135210db75 5.6.3.arch1-1 2020-04-08 08:45:18 +00:00
Jan Alexander Steffens
f4bf2c8d61 Put lockdown LSM into default initialization list 2020-04-06 22:36:28 +00:00
Jan Alexander Steffens
d917c0fbc9 5.6.2.arch1-2: FS#66076 disable EFI_DISABLE_PCI_DMA 2020-04-05 05:38:14 +00:00