bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00

Author	SHA1	Message	Date
Peter Müller	1fad035a1f	Kernel: Mitigate Straight-Line-Speculation on x86_64 See https://lwn.net/Articles/877845/ for the rationale behind this. The feature is currently only available on the x86_64 platform. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:39:35 +00:00
Peter Müller	883e29630c	Kernel: Disable support for RPC dprintk debugging This is solely needed for debugging of NFS issues. Due to the attack surface it introduces, grsecurity recommends to disable it; as we do not have a strict necessity for this feature, it is best to follow that recommendation for security reasons. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:39:23 +00:00
Peter Müller	9b28e9d02b	Kernel: Enable YAMA support See https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html for the upstream rationale. Enabling YAMA gives us the benefit of additional hardening options available, without any obvious downsides. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-06-13 15:39:08 +00:00
Arne Fitzenreiter	9fa01e4276	kernel: update to 5.15.35 in kernel 5.15.32 the driver for ATH9K wlan cards is unstable. This is one of the most used cards so we need this update before releasing core167 final. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-04-22 12:48:32 +00:00
Peter Müller	250f6efc38	kernel: Do not enforce "integrity" mode of LSM LSM was found to render firmware flashing unusable, and patching out LSM functionality for all features needed (such as /dev/io, direct memory access and probably raw PCI access for older cards), this would effectively render much of LSM's functionality useless as well. For the time being, we do ship LSM, but do not enforce any protection mode. Users hence can run it in "integrity" or even "confidentiality" mode by custom commands; hopefully, we will be able to revert this change at a future point. Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-21 19:30:42 +00:00
Arne Fitzenreiter	1d563665ed	kernel: run make oldconfig Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-04-08 00:27:47 +02:00
Peter Müller	8e1a464d12	Kernel: Enable LSM support and set security level to "integrity" Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-04-06 20:04:04 +00:00
Peter Müller	11925d6f9f	Kernel: Enable SVA support for both Intel and AMD CPUs Since running virtual machines is one of our legitimate use cases, it makes sense to provide Qemu with the ability of taking advantage of IOMMU support for safer virtuall memory allocation, if available. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>	2022-04-04 19:59:46 +00:00
Peter Müller	4f4422cc1c	Kernel: Do not automatically load TTY line disciplines, only if necessary Signed-off-by: Peter Müller <peter.mueller@ipfire.org>	2022-04-04 19:59:39 +00:00
Peter Müller	bf2d8cb8a0	Kernel: Disable support for tracing block I/O actions This is not needed on IPFire systems, and grsecurity recommends to turn this off. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-04-04 19:59:15 +00:00
Peter Müller	26ca63592d	Kernel: Set CONFIG_ARCH_MMAP_RND_BITS to 32 bits This follows a recommendation by ClipOS, making ASLR bypassing attempts harder. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>	2022-04-04 19:59:08 +00:00
Michael Tremer	5c1a1094ed	kernel: Add a basic configuration for riscv64 This kernel configuration is a copy of our kernel configuration for x86_64 on which I ran "make olddefconfig" which will set any unknown values to their defaults. This exists so that we have some kernel (which I did not try to boot) to complete the build process. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2022-02-22 19:41:39 +00:00
Arne Fitzenreiter	f978b433e6	kernel: aarch64: enable armv8 optimized crypto Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-11 17:36:01 +00:00
Arne Fitzenreiter	59ec91c171	kernel: update to 5.15.22 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-09 12:17:53 +00:00
Arne Fitzenreiter	70c57ed33e	kernel: update to 5.15.21 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-02-06 14:09:43 +00:00
Arne Fitzenreiter	d68f875d61	kernel: enable support for compressed firmwares Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-28 14:44:03 +00:00
Arne Fitzenreiter	e385c965fa	kernel: aarch64 enable KVM support Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-28 11:24:44 +00:00
Arne Fitzenreiter	c18dda556b	kernel: update to 5.15.16 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2022-01-21 10:06:22 +00:00
Michael Tremer	6cf219c427	Drop support for i586 This patch removes support for i586 according to the decision being taken over a year ago. It removes the architecture from the build system and removes all required hacks and other quirks that have been necessary before. There is no need to ship any changed files to the remaining architectures as the removed code branches have not been used. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2021-12-04 23:27:26 +01:00
Arne Fitzenreiter	65067248d1	kernel: update to 5.15.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-12-02 11:34:38 +01:00
Arne Fitzenreiter	ef972dcf7a	kernel: update arm config and rootfile (oldconfig) Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-29 09:14:33 +00:00
Arne Fitzenreiter	d4a6dc4270	kernel: update to 5.15.3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-21 10:56:26 +00:00
Arne Fitzenreiter	521e8aa99d	kernel: aarch64 enable ath5k wlan driver Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-20 23:38:06 +00:00
Arne Fitzenreiter	96c83b21b3	kernel: update to 5.15.2 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-13 15:25:39 +00:00
Arne Fitzenreiter	e196a73096	kernel: update aarch64 config Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-11 18:18:23 +00:00
Arne Fitzenreiter	db8199076d	kernel: increase CMA size to 24MB mmc ports need this for DMA transfers. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-10 21:58:44 +00:00
Arne Fitzenreiter	9f3286a9c1	kernel: updated armv6 config Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-10 07:02:58 +00:00
Arne Fitzenreiter	cb9c6cfbd7	kernel: update to 5.15.1 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-09 18:24:26 +01:00
Arne Fitzenreiter	757e5d4e1f	kernel: update i586 config Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-06 09:57:30 +01:00
Arne Fitzenreiter	1e5d37e87d	kernel: update x86_64 config Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-11-05 17:18:41 +01:00
Arne Fitzenreiter	832490f063	kernel: update to 5.10.76 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-28 00:39:07 +02:00
Arne Fitzenreiter	2e82a4002d	kernel: update to 5.10.75 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-21 04:39:52 +02:00
Arne Fitzenreiter	03c7877845	kernel: update to 5.10.74 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-18 00:35:42 +02:00
Arne Fitzenreiter	79930b29a4	kernel: update to 5.10.73 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-15 08:07:04 +02:00
Arne Fitzenreiter	5c372259e3	kernel: update to 5.10.72 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-10 13:23:30 +02:00
Arne Fitzenreiter	58f6264fa4	kernel: update to 5.10.71 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-10 06:46:25 +00:00
Arne Fitzenreiter	13e001f5c2	kernel: config for nanopi r2s some drivers does nozt work as module so they are now compiled into main kernel Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-08 19:54:29 +00:00
Arne Fitzenreiter	577c7c09fa	kernel: update to 5.10.70 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-10-01 23:23:01 +02:00
Arne Fitzenreiter	3d17e0d683	kernel: update to 5.10.69 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-27 12:21:51 +02:00
Arne Fitzenreiter	13fcfb9a0e	kernel: update to 5.10.68 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-26 14:58:27 +02:00
Arne Fitzenreiter	62f705316b	kernel: aarch64 enable drivers for common ROCKCHIP boards thx to Fukan K fixes #12681 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-25 13:19:25 +00:00
Arne Fitzenreiter	a21d6a30ce	kernel: aarch64 oldconfig Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-25 13:07:36 +00:00
Arne Fitzenreiter	037dc6b9bc	kernel: update to 5.10.67 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 23:45:56 +02:00
Michael Tremer	cbbed5bc14	kernel: Enable all cgroups on all architectures Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:04:36 +00:00
Michael Tremer	9df49966d6	kernel: Zero-init all stack variables by default Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:04:23 +00:00
Michael Tremer	b7ed5dc817	kernel: Enable support for TPM hardware Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:04:14 +00:00
Michael Tremer	9012cffdb6	kernel: Enable ExFAT on all architectures Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:01:02 +00:00
Michael Tremer	340f155649	kernel: Enable frontswap "Frontswap provides a “transcendent memory” interface for swap pages. In some environments, dramatic performance savings may be obtained because swapped pages are saved in RAM (or a RAM-like device) instead of a swap disk." https://www.kernel.org/doc/html/latest/vm/frontswap.html Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:00:52 +00:00
Michael Tremer	15f53912a1	kernel: Disable network security hooks This is a feature we do not use and it should therefore be disabled Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:00:41 +00:00
Michael Tremer	c913c9862c	kernel: Disable OpenvSwitch We do not use this and so we should not build it to save space. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2021-09-20 14:00:31 +00:00

1 2 3 4 5 ...

486 Commits