Commit Graph

293 Commits

Author SHA1 Message Date
Jan Alexander Steffens ad5bfbb468 5.7.11.arch1-1 2020-07-29 22:37:08 +00:00
Jan Alexander Steffens 44c212c848 FS#67421 Enable APPLETALK again by request 2020-07-29 22:37:07 +00:00
Jan Alexander Steffens 86fcfba038 5.7.6.arch1-1 2020-06-25 01:09:41 +00:00
Jan Alexander Steffens 2db27e8ef8 5.7.1.arch1-1 2020-06-07 13:06:32 +00:00
Jan Alexander Steffens 56cd81178e 5.7.arch1-1 2020-06-02 00:16:56 +00:00
Jan Alexander Steffens 331cab0a7d 5.6.15.arch1-1 2020-05-28 00:29:18 +00:00
Jan Alexander Steffens 6f75f24bf0 5.6.8.arch1-1 2020-04-29 17:50:10 +00:00
Jan Alexander Steffens db2f694f61 5.6.5.arch2-1 2020-04-18 23:13:32 +00:00
Jan Alexander Steffens 135210db75 5.6.3.arch1-1 2020-04-08 08:45:18 +00:00
Jan Alexander Steffens f4bf2c8d61 Put lockdown LSM into default initialization list 2020-04-06 22:36:28 +00:00
Jan Alexander Steffens d917c0fbc9 5.6.2.arch1-2: FS#66076 disable EFI_DISABLE_PCI_DMA 2020-04-05 05:38:14 +00:00
Jan Alexander Steffens 7d58778a3e 5.6.arch1-1 2020-03-31 23:22:10 +00:00
Jan Alexander Steffens 1f9adc3a7c 5.5.13.arch2-1 2020-03-30 21:18:44 +00:00
Anatol Pomozov eb56d25042 Compile-in ATA/SATA drivers
ATA/SATA are one of the widely used perepherials. It makes sense to compile it as a part
of the kernel binary.
2020-03-28 00:12:04 +00:00
Jan Alexander Steffens 810a79881a FS#63260: Enable PAGE_POISONING 2020-02-22 21:30:47 +00:00
Jan Alexander Steffens 9a8a8558b5 FS#64861: Enable FONT_TER16x32 2020-02-21 21:34:57 +00:00
Jan Alexander Steffens 56d402493b FS#65518: Enable SND_SOC_INTEL_SKYLAKE 2020-02-17 00:55:11 +00:00
Jan Alexander Steffens 90b69f3da5 Disable INTEL_IOMMU_DEFAULT_ON
Intel IOMMU support is still in a shitty state. What a shame.
2020-02-04 18:04:39 +00:00
Jan Alexander Steffens 5c532afbaa 5.5.1.arch1-1: Enable INTEL_IOMMU_DEFAULT_ON
IOMMU is important for security in systems using PCI bridges (e.g.
Thunderbolt, USB4) or other means of DMA from potentially untrusted
devices (e.g. FireWire). It's also used to safely pass devices into VMs.

Enable it by default. It can still be disabled at boot using
intel_iommu=off. intel_iommu=igfx_off is also available to exclude just
the iGPU.
2020-02-01 17:53:24 +00:00
Jan Alexander Steffens 727d1e1d47 5.5.arch1-1 2020-01-27 22:28:27 +00:00
Jan Alexander Steffens 9b0026f12a 5.4.15.arch1-1 2020-01-26 10:12:29 +00:00
Jan Alexander Steffens 2231922647 5.4.13.arch1-1 2020-01-17 23:41:56 +00:00
Jan Alexander Steffens 91d5b604de FS#62384: Enable BPF_KPROBE_OVERRIDE
https://bugs.archlinux.org/task/62384
2020-01-17 23:41:55 +00:00
Jan Alexander Steffens 5ac0903843 5.4.7.arch1-1 2019-12-31 17:50:17 +00:00
Jan Alexander Steffens f3603dadd9 Disable SND_HDA_INTEL_DETECT_DMIC
It's not ready; the drivers that are supposed to step in when
snd-hda-intel aborts probing aren't working yet. v5.5 will have a better
solution for driver selection, anyway.
2019-12-13 11:34:25 +00:00
Jan Alexander Steffens 3ead601c9d 5.4.1.arch1-1 2019-11-29 14:56:15 +00:00
Jan Alexander Steffens 196a2934c5 Disable RMI4_F54
Doesn't crash now, but still pretty useless.
  - V4L device still confuses applications.
  - Reading a sensor image makes the touchpad unusable as an input
    device until it is power-cycled.
2019-11-27 20:28:02 +00:00
Jan Alexander Steffens 97381f5f19 Enable SND_HDA_INTEL_DETECT_DMIC
Now that we have SOF, let it handle systems with DMICs.
2019-11-27 20:28:01 +00:00
Jan Alexander Steffens 426a33d8ae FS#63464: Disable misbehaving SOF drivers
Reading the changes made at
https://github.com/thesofproject/linux/pull/1382/files
2019-11-27 20:27:58 +00:00
Jan Alexander Steffens d27c858681 5.4.arch1-1 2019-11-25 23:56:20 +00:00
Jan Alexander Steffens c189ce4263 Enable INIT_ON_ALLOC_DEFAULT_ON
https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
2019-11-18 21:33:26 +00:00
Jan Alexander Steffens cad3b7156f 5.3.11.1-1 2019-11-12 23:21:40 +00:00
Jan Alexander Steffens 44420b8b15 Disable full dynticks 2019-11-03 14:24:59 +00:00
Jan Alexander Steffens aa190d3c60 Disable some stray Freescale audio modules 2019-11-03 14:24:58 +00:00
Jan Alexander Steffens 35f8455e06 FS#64302: Disable Google SMI
Crashes on various non-Google Chromebooks and Coreboot-using laptops
like Librem and reflashed ThinkPads.
2019-11-03 10:45:25 +00:00
Jan Alexander Steffens a53987ae76 FS#63464: Disable Sound Open Firmware
We don't ship any firmware files (yet) and the drivers can be loaded
in preference to the SST drivers, which we do have firmware for.
2019-11-02 08:23:45 +00:00
Jan Alexander Steffens b204fb2896 Disable CONFIG_RMI4_F54
The V4L touch device created is buggy, causing userspace applications
(PipeWire) to behave badly and even kernel panics when running

    v4l2-compliance -t 0 -s 1
2019-10-31 15:11:37 +00:00
Jan Alexander Steffens 3f306c2e10 FS#55784 enable google modules 2019-10-19 14:01:12 +00:00
Jan Alexander Steffens 964e000a29 5.3.2.arch2-1 2019-10-04 00:16:59 +00:00
Jan Alexander Steffens be16067dd6 Enable SUNRPC_DISABLE_INSECURE_ENCTYPES 2019-10-03 14:51:04 +00:00
Jan Alexander Steffens bd82bdc99a 5.3.arch1-1 2019-09-16 04:19:09 +00:00
Jan Alexander Steffens 92f97e2c06 5.2.10.arch1-1 2019-08-25 18:27:22 +00:00
Jan Alexander Steffens ec7e9200bb 5.2.5.arch1-1 2019-07-31 09:05:53 +00:00
Jan Alexander Steffens c75fb07643 FS#62432: Disable FW_LOADER_USER_HELPER 2019-07-30 21:04:09 +00:00
Jan Alexander Steffens 439e5a0af4 5.2.2.arch1-1: Disable stackleak; shows up in perf as 6-7% overhead 2019-07-21 19:43:40 +00:00
Jan Alexander Steffens 53d0c2511a 5.2.1.arch1-1 2019-07-14 21:46:06 +00:00
Jan Alexander Steffens e77150c276 Enable stackleak 2019-07-10 15:18:09 +00:00
Jan Alexander Steffens 0471ab33d5 5.2.arch2-1 2019-07-09 04:10:19 +00:00
Jan Alexander Steffens c8269e7394 Update config 2019-06-24 07:28:51 +00:00
Jan Alexander Steffens 6621446c2d 5.1.8.arch1-1 2019-06-09 21:32:47 +00:00