Commit Graph

1416 Commits

Author SHA1 Message Date
Jan Alexander Steffens 861c5dfd04 Update security config
- Build in loadpin, but keep it disabled by default
- Enable bpf by default
2021-02-04 00:25:55 +00:00
Jan Alexander Steffens d04972b60c FS#69212: Reenable multimedia test drivers 2021-01-31 01:33:42 +00:00
Jan Alexander Steffens 9d28b37b79 5.10.12.arch1-1 2021-01-31 01:33:39 +00:00
Jan Alexander Steffens cf0be7beee 5.10.11.arch1-1 2021-01-27 15:42:47 +00:00
Jan Alexander Steffens 66b09ae393 5.10.10.arch1-1 2021-01-24 00:56:16 +00:00
Jan Alexander Steffens 460787f437 5.10.9.arch1-1 2021-01-19 23:33:14 +00:00
Jan Alexander Steffens 732488a858 5.10.8.arch1-1 2021-01-17 23:12:23 +00:00
Jan Alexander Steffens 0007db0e69 5.10.7.arch1-1 2021-01-13 13:01:40 +00:00
Jan Alexander Steffens c19564ecfa 5.10.6.arch1-1 2021-01-09 19:17:04 +00:00
Jan Alexander Steffens 29ab84e2ba 5.10.5.arch1-1 2021-01-07 12:05:32 +00:00
Jan Alexander Steffens 8ffb940e20 5.10.4.arch2-1 2021-01-01 06:17:42 +00:00
Jan Alexander Steffens 87cfb1a823 Reenable MTD_PHRAM
Can be used with syslinux's memdiskfind to mount a filesystem image.
2021-01-01 06:17:41 +00:00
Jan Alexander Steffens 45857ed86c Enable SECURITY_DMESG_RESTRICT
Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
2020-12-31 01:18:17 +00:00
Jan Alexander Steffens b54786ee1f 5.10.4.arch1-1 2020-12-31 01:18:16 +00:00
Jan Alexander Steffens 66ead9f4aa 5.10.3.arch1-1 2020-12-27 12:02:15 +00:00
Jan Alexander Steffens ddeb06b257 Revert two config changes
As requested by Levente.
2020-12-22 01:33:12 +00:00
Jan Alexander Steffens 5ee180e682 5.10.2.arch1-1 2020-12-21 20:50:34 +00:00
Jan Alexander Steffens c6467751e8 Update sums 2020-12-18 23:32:11 +00:00
Jan Alexander Steffens 2f63adc58f Disable most of MTD
Besides some support for directly flashing BIOS chips which is marked as
DANGEROUS, these seem only useful on embedded devices.

Only leave the simulator and the MTD-on-block emulator.
2020-12-18 23:32:10 +00:00
Jan Alexander Steffens a10b2065c8 Disable SFI
Only used on some exotic Intel smartphone platforms without ACPI.
2020-12-18 23:32:09 +00:00
Jan Alexander Steffens 994cbff510 Disable autosleep and wakelocks
Not useful without appropriate userspace, like Android.
2020-12-18 23:32:08 +00:00
Jan Alexander Steffens d522f29651 Disable PCI endpoint support
We're only running on host devices.
2020-12-18 23:32:08 +00:00
Jan Alexander Steffens 554f6e5ad8 Disable CAIF
Seems to be for ST-Ericsson embedded modems.
2020-12-18 23:32:07 +00:00
Jan Alexander Steffens 4d3936f486 Disable VME and RapidIO
Seems to be exotic, industrial hardware.
2020-12-18 23:32:06 +00:00
Jan Alexander Steffens 09b5d73900 Disable USB gadget support
We're only running on host devices.
2020-12-18 23:32:05 +00:00
Jan Alexander Steffens a661403002 Disable CONFIG_EXPERT
I'm not.
2020-12-18 23:32:05 +00:00
Jan Alexander Steffens bd50d947c3 Disable SDR and test media drivers
Using the device type filter menu.
2020-12-18 23:32:04 +00:00
Jan Alexander Steffens bf6633be3e Disable Comedi
Big driver set in staging of little use.
2020-12-18 23:32:03 +00:00
Jan Alexander Steffens 0c99750850 Disable I3C, SPMI and HSI
Seems to be restricted to embedded stuff with integrated modems.
2020-12-18 23:32:02 +00:00
Jan Alexander Steffens 5a395d000c Disable OpenFirmware support
This is a big chunk of drivers that doesn't seem to be useful to us.
2020-12-18 23:32:01 +00:00
Jan Alexander Steffens 56811c1973 Pick some configuration options from Fedora's default kernel
Mostly choices about which modules to build in, some more debugfs
entries and boot self-tests.

  - Unset GART_IOMMU: Old IOMMU code, should be unused.
  - Unset MICROCODE_OLD_INTERFACE: Option help emphatically asks not to
    set this.
  - Unset ARCH_MEMORY_PROBE: Manual memory hot-plug should be unused.
  - Unset USB_DYNAMIC_MINORS: We had this set forever, but it doesn't
    actually seem to be needed.
  - Unset NTFS_FS: Please use ntfs-3g.
2020-12-18 23:32:00 +00:00
Jan Alexander Steffens 056e1229cd Disable DCCP (still affected by CVE-2020-16119) 2020-12-18 17:58:35 +00:00
Jan Alexander Steffens 8c2a9a8da9 FS#68978 Enable SoundWire machine driver 2020-12-16 14:37:37 +00:00
Jan Alexander Steffens e32e0ba50d 5.10.1.arch1-1 2020-12-15 21:22:15 +00:00
Jan Alexander Steffens d0179d6259 5.9.14.arch1-1 2020-12-12 22:02:25 +00:00
Jan Alexander Steffens 01bedab48a 5.9.13.arch1-1 2020-12-08 13:13:09 +00:00
Jan Alexander Steffens 7c79d74fff 5.9.12.arch1-1 2020-12-02 17:23:51 +00:00
Jan Alexander Steffens fe6596ab57 5.9.11.arch2-1 2020-11-28 02:51:37 +00:00
Jan Alexander Steffens 0b08d44ef8 5.9.11.arch1-1 2020-11-24 16:27:08 +00:00
Jan Alexander Steffens 85e1041b01 5.9.10.arch1-1 2020-11-22 15:26:46 +00:00
Jan Alexander Steffens 6be6ead80b 5.9.9.arch1-1 2020-11-18 20:51:25 +00:00
Jan Alexander Steffens 706a33e2de 5.9.8.arch1-1 2020-11-10 23:52:19 +00:00
Jan Alexander Steffens 141dd23c01 5.9.7.arch1-1 2020-11-10 15:00:15 +00:00
Jan Alexander Steffens 073b042f87 5.9.6.arch1-1 2020-11-05 21:49:56 +00:00
Jan Alexander Steffens 1bcde0c2d1 5.9.5.arch2-1 2020-11-05 15:05:22 +00:00
Jan Alexander Steffens 87febd662a 5.9.4.arch1-1 2020-11-04 22:42:21 +00:00
Jan Alexander Steffens 34b501df44 5.9.3.arch1-1 2020-11-01 14:53:55 +00:00
Jan Alexander Steffens dea8c573f1 5.9.2.arch1-1 2020-10-29 18:18:58 +00:00
Jan Alexander Steffens a9e6574b98 5.9.1.arch1-1 2020-10-17 14:45:48 +00:00
Jan Alexander Steffens 2c8951be72 5.9.arch1-1 2020-10-12 21:06:00 +00:00