Commit Graph

508 Commits

Author SHA1 Message Date
Jan Alexander Steffens 47bdc05ad0 6.2.13.arch1-1 2023-04-26 21:30:26 +00:00
Jan Alexander Steffens 5b624ef70c 6.2.8.arch1-1 2023-03-22 23:31:54 +00:00
Jan Alexander Steffens 3456a38846 6.2.5.arch1-1 2023-03-11 15:59:13 +00:00
Jan Alexander Steffens 363d3a6f2c 6.2.3.arch1-1 2023-03-10 14:36:27 +00:00
Jan Alexander Steffens 079bdfa1e5 6.2.2.arch2-1 2023-03-08 04:44:31 +00:00
Jan Alexander Steffens 904444ed92 FS#77632: Enable EFI_HANDOVER_PROTOCOL
Required to boot with syslinux.
2023-03-06 03:21:29 +00:00
Jan Alexander Steffens c137130912 6.2.1.arch1-1 2023-02-26 04:20:02 +00:00
Jan Alexander Steffens cd7139ed1b FS#77603: Disable SYSFB_SIMPLEFB
Still broken.
2023-02-26 04:20:00 +00:00
Jan Alexander Steffens 25432b7fe8 6.2.arch1-1 2023-02-20 23:06:14 +00:00
Jan Alexander Steffens 1248dbbdee 6.1.12.arch1-1 2023-02-14 23:15:43 +00:00
Jan Alexander Steffens 1de668fc39 6.1.8.arch1-1 2023-01-24 22:08:04 +00:00
Jan Alexander Steffens ab269fce8c 6.1.6.arch1-1 2023-01-14 13:54:59 +00:00
Jan Alexander Steffens c15fb537c5 6.1.arch1-1 2022-12-12 00:57:06 +00:00
Jan Alexander Steffens 239feb2636 6.0.11.arch1-1 2022-12-02 17:58:21 +00:00
Jan Alexander Steffens 5f2d83b1ed 6.0.10.arch2-1 2022-11-26 17:36:13 +00:00
Jan Alexander Steffens 78eba71a7a Build in TCG_TPM, TCG_TIS and TCG_CRB
As requested by Christian, for systemd. These should match the built-in
TPM drivers of the Fedora kernel.

See: https://github.com/dracutdevs/dracut/issues/2066#issuecomment-1317957398
2022-11-26 17:36:10 +00:00
Jan Alexander Steffens 2da4cc9c72 6.0.5.arch1-1 2022-10-26 15:58:07 +00:00
Jan Alexander Steffens 239dac8549 6.0.3.arch2-1 2022-10-21 17:35:05 +00:00
Jan Alexander Steffens 790707e7bb 6.0.1.arch2-1 2022-10-13 20:22:47 +00:00
Jan Alexander Steffens 6dfa340b6d 6.0.arch1-1 2022-10-04 21:53:25 +00:00
Jan Alexander Steffens 2cb2c2a9ee 5.19.12.arch1-1 2022-09-28 13:57:43 +00:00
Jan Alexander Steffens b355555335 5.19.11.arch1-1 2022-09-24 19:32:48 +00:00
Jan Alexander Steffens 07add5cd3c Enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING
As requested by Christian, for systemd.
2022-09-24 19:32:46 +00:00
Jan Alexander Steffens f9f29d5a1b 5.19.6.arch1-1 2022-08-31 22:49:58 +00:00
Jan Alexander Steffens a761030c6f 5.19.4.arch1-1 2022-08-25 18:22:09 +00:00
Jan Alexander Steffens 72311cf099 5.19.2.arch1-1 2022-08-17 14:28:21 +00:00
Jan Alexander Steffens cab15f6f84 5.19.1.arch1-1 2022-08-11 16:00:06 +00:00
Jan Alexander Steffens 2db71c5777 Enable NO_HZ_FULL
There is reportedly no (longer) significant overhead to this when it is
not enabled at runtime, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804857#66
2022-08-06 22:11:33 +00:00
Jan Alexander Steffens 44548c4424 FS#74953: Reenable I8K 2022-08-06 22:11:31 +00:00
Jan Alexander Steffens 2e407d05f4 5.19.arch1-1 2022-08-06 14:08:01 +00:00
Jan Alexander Steffens 1e93cf5d3a 5.18.16.arch1-1 2022-08-03 12:00:00 +00:00
Jan Alexander Steffens 94d0ee92f2 FS#74975: Enable MEMTEST 2022-07-31 14:38:59 +00:00
Jan Alexander Steffens 0d5a58dc37 5.18.14.arch1-1 2022-07-23 12:28:24 +00:00
Jan Alexander Steffens af075e3dca 5.18.6.arch1-1 2022-06-22 18:43:35 +00:00
Jan Alexander Steffens 5f3729800f FS#75102: Add integrity to LSM
This only initializes a cache which is used by IMA. So it does nothing
useful. Still, we technically have the integrity LSM and this removes a
footgun should IMA ever get enabled.
2022-06-19 20:12:32 +00:00
Jan Alexander Steffens 2e8ca45bc9 FS#75102: Enable KEXEC_SIG 2022-06-19 20:12:32 +00:00
Jan Alexander Steffens 1eaae5d53f FS#75102: Revert "Enable KEXEC_SIG and IMA"
Enabling IMA makes it impossible to load unsigned kernel modules when
secure boot is in use, and without shim in the boot you can't get the
kernel to trust a local key for module signing.

This reverts commit 6a241232a3275ef3e314b5b7167e13fffff71282.
2022-06-19 20:12:31 +00:00
Jan Alexander Steffens 0724b8895c FS#75102: Enable KEXEC_SIG and IMA 2022-06-19 19:23:48 +00:00
Jan Alexander Steffens b3c8c8615f 5.18.5.arch1-1 2022-06-16 21:18:19 +00:00
Jan Alexander Steffens a0899d416d Disable PECI
As requested by Levente. Only useful for kernels running on baseboard
management controllers.
2022-06-16 21:18:17 +00:00
Jan Alexander Steffens 218d2a950d 5.18.4.arch1-1 2022-06-15 23:42:51 +00:00
Jan Alexander Steffens 5bd573c89e FS#75041: Enable INTEGRITY_MACHINE_KEYRING and related 2022-06-15 23:42:48 +00:00
Jan Alexander Steffens e29a800771 5.18.3.arch1-1 2022-06-09 17:20:22 +00:00
Jan Alexander Steffens 3aa8dd1c85 5.18.1.arch1-1 2022-05-30 18:31:45 +00:00
Jan Alexander Steffens f11429d842 FS#74888: Enable BLOCK_LEGACY_AUTOLOAD
Disabling this broke legacy mdraid setups.

See: https://lore.kernel.org/linux-block/20220503212848.5853-1-dmoulding@me.com/
2022-05-30 18:31:42 +00:00
Jan Alexander Steffens 1cc50e39e6 5.18.arch1-1 2022-05-24 22:34:17 +00:00
Jan Alexander Steffens 231862cf72 5.17.6.arch1-1 2022-05-10 23:31:11 +00:00
Jan Alexander Steffens 0c61251a1e 5.17.5.arch1-1 2022-04-27 21:57:26 +00:00
Jan Alexander Steffens ee2af8ec43 5.17.4.arch1-1 2022-04-20 19:02:04 +00:00
Jan Alexander Steffens 2d3dd3bff0 5.17.2.arch1-1 2022-04-08 18:11:24 +00:00
Jan Alexander Steffens d60d23d3e0 FS#74291: Reenable FRAMEBUFFER_CONSOLE_ROTATION 2022-04-01 16:10:30 +00:00
Jan Alexander Steffens 8dc941a8b3 FS#68021, FS#74271: Return nvme to a module 2022-03-30 20:34:27 +00:00
Jan Alexander Steffens 03fa74e628 FS#74203: Disable SYSFB_SIMPLEFB 2022-03-28 21:54:43 +00:00
Jan Alexander Steffens 432adf96db 5.17.arch1-1 2022-03-23 00:44:26 +00:00
Jan Alexander Steffens 997a6a8651 5.16.14.arch1-1 2022-03-11 18:29:09 +00:00
Jan Alexander Steffens ccba33df68 Enable BPF_UNPRIV_DEFAULT_OFF
This config was enabled by default in v5.15 and we should follow that.
2022-03-09 16:09:34 +00:00
Jan Alexander Steffens 4f1d39f328 5.16.13.arch1-1 2022-03-08 20:36:10 +00:00
Jan Alexander Steffens 74147130fa 5.16.9.arch1-1 2022-02-11 23:14:13 +00:00
Jan Alexander Steffens a4414373de FS#73364: Enable DAMON 2022-02-11 23:14:12 +00:00
Jan Alexander Steffens eb92849ce1 5.16.8.arch1-1 2022-02-08 21:56:54 +00:00
Jan Alexander Steffens 659df960bd FS#72597: Disable ZERO_CALL_USED_REGS
Too much overhead.
2022-02-07 18:29:34 +00:00
Jan Alexander Steffens 6376eaf60e 5.16.arch1-1 2022-01-10 21:15:58 +00:00
Jan Alexander Steffens 992dd34d40 5.15.12.arch1-1 2021-12-29 13:06:04 +00:00
Jan Alexander Steffens 38f90fdbe5 5.15.9.arch1-1 2021-12-17 00:17:27 +00:00
Jan Alexander Steffens f6654f361c FS#69505: Replace MTD_RAM with MTD_MTDRAM
The latter is what was actually wanted.
2021-12-16 03:14:31 +00:00
Jan Alexander Steffens 6fdf85f792 5.15.5.arch1-1 2021-11-25 22:53:04 +00:00
Jan Alexander Steffens 90addb77b2 5.15.3.arch1-1 2021-11-18 22:55:52 +00:00
Jan Alexander Steffens 87b96ed160 5.15.2.arch1-1 2021-11-12 20:28:54 +00:00
Jan Alexander Steffens 741b99dce1 FS#72645: Disable SYSFB_SIMPLEFB 2021-11-12 20:28:52 +00:00
Jan Alexander Steffens e55609718b FS#72658: Reenable built-in FB drivers 2021-11-09 17:09:57 +00:00
Jan Alexander Steffens 911177d3df Disable WERROR
Also leaks into external module builds.
2021-11-03 23:30:53 +00:00
Jan Alexander Steffens 78d0321a90 Set SYSFB_SIMPLEFB=y and SIMPLEDRM=y, disable legacy FB drivers 2021-11-03 23:30:52 +00:00
Jan Alexander Steffens 62812fc5b4 5.15.arch1-1 2021-11-03 23:30:51 +00:00
Jan Alexander Steffens 2072b4db95 5.14.12.arch1-1 2021-10-13 17:35:24 +00:00
Jan Alexander Steffens 4325d1b2ad 5.14.10.arch1-1 2021-10-07 20:32:54 +00:00
Jan Alexander Steffens 2ef0ab9184 Disable SND_INTEL_BYT_PREFER_SOF
As requested by Jelle.
2021-10-06 22:08:56 +00:00
Jan Alexander Steffens 595a15167b 5.14.8.arch1-1 2021-09-26 20:22:35 +00:00
Jan Alexander Steffens 045bfb719c FS#72195: Disable FB_HYPERV 2021-09-26 20:22:33 +00:00
Jan Alexander Steffens 6f0e13bf09 5.14.4.arch1-1 2021-09-15 22:24:27 +00:00
Jan Alexander Steffens 25de7a333b FS#72045: Disable WATCHDOG_HRTIMER_PRETIMEOUT 2021-09-09 10:30:52 +00:00
Jan Alexander Steffens ca05999be5 Enable EDAC_IGEN6
This was overlooked.
2021-09-03 21:24:30 +00:00
Jan Alexander Steffens 18427d86c6 5.14.1.arch1-1 2021-09-03 21:04:16 +00:00
Jan Alexander Steffens d73ac85acb 5.13.13.arch1-1 2021-08-26 19:48:22 +00:00
Jan Alexander Steffens 738226335f 5.13.12.arch1-1 2021-08-18 21:30:22 +00:00
Jan Alexander Steffens c21ba89cc1 Set KFENCE_SAMPLE_INTERVAL back to 100
As requested by Levente. The power issues should be solved by now.
2021-08-18 21:30:21 +00:00
Jan Alexander Steffens fb8eb1c560 Enable RANDOMIZE_KSTACK_OFFSET_DEFAULT
Additional hardening at a minimal cost, as requested by Levente.
2021-08-18 21:30:17 +00:00
Jan Alexander Steffens 5e6049790e 5.13.9.arch1-1 2021-08-08 12:14:43 +00:00
David Runge 2589876818 Upgrade to 5.13.4.arch1.
PKGBUILD:
Add C7E7849466FE2358343588377258734B41C31549 as additional recognized valid PGP
key, as heftig might not be able to prepare releases and package for a while.

config:
Consolidate with defaults for 5.13.4 based on previous config.
Update CONFIG_LSM to order landlock before lockdown and re-add bpf, as the
issue discussed in https://bugs.archlinux.org/task/71270 seems to have been a
user-error (using obsolete kernel parameters).
2021-07-20 17:34:49 +00:00
Jan Alexander Steffens fd38ec001c 5.13.1.arch1-1 2021-07-10 00:23:52 +00:00
Jan Alexander Steffens 4aa90295a0 5.12.14.arch1-1 2021-07-01 07:57:45 +00:00
Jan Alexander Steffens 65eddc1dfd FS#71325: Enable SPI_INTEL_SPI again 2021-06-25 23:47:16 +00:00
Jan Alexander Steffens 9bff7b52e3 5.12.13.arch1-1 2021-06-23 17:14:01 +00:00
Jan Alexander Steffens 38bd62e40b FS#71296: Enable DEBUG_LIST 2021-06-20 19:20:20 +00:00
Jan Alexander Steffens e7d5c4d89c 5.12.11.arch1-1 2021-06-16 22:13:35 +00:00
Jan Alexander Steffens d7bf404c33 FS#71270: Don't enable "bpf" LSM by default
It provides all possible hooks, which makes it harder to properly use
major LSMs. Using security= to enable a major LSM puts it at the end of
the list. Some functions (like security_getprocattr) only use the first
matching hook, thus prefer bpf.
2021-06-16 22:13:34 +00:00
Jan Alexander Steffens b7f14e1a69 5.12.8.arch1-1 2021-05-28 21:05:54 +00:00
Jan Alexander Steffens 99703861e1 FS#69505: Enable MTD_ROM 2021-05-27 19:39:55 +00:00
Jan Alexander Steffens 2a8704f5e1 Set KFENCE_SAMPLE_INTERVAL to 0
Turns off KFENCE by default, as requested by Levente. There are power
use issues, see
https://lore.kernel.org/linux-mm/20210421105132.3965998-1-elver@google.com/
2021-05-15 21:38:29 +00:00
Jan Alexander Steffens 1646eced3b Enable DEBUG_INFO_DWARF4
Required for BTF to work with GCC 11.
2021-05-15 21:38:27 +00:00
Jan Alexander Steffens cc87e6b052 5.12.2.arch1-1 2021-05-07 16:08:11 +00:00