linux5.4: disable lsm_lockdown and add patch for iwlwifi
Enabling the lockdown module required the enabling of module signature checking which in turn marked the kernel as tainted because our kernel was not signed. Currently the kernel only supports signing with already defeated the SHA-1 algorithm which makes the feature less useful in the first place. Also the current model only works when there's a central authority that signs all modules or you compile the kernel yourself and use your own key for the signatures. We could sign all kernel modules distributed with the kernel with a randomly generated key so they could be verified but that would make out-of-tree modules taint the kernel again. Since adding another key to the keyring requires the key used at build time, it would not be possible to add your own keys to the keyring without having the private key and distributing that one would fundamentally break the public key cryptography security model. So to solve this issue and since the modules weren't signed anyway, disable lsm_lockdown and signature checking for now. If you need a locked down kernel, for now please compile it yourself, enable both features and use your own keypair so you can safely sign all in-tree and custom built modules and they can be properly verified. This also adds a patch for iwlwifi that together with upstream reverts solves issues with some Intel wifi chipsets. fixes #18384 fixes #18355
This commit is contained in:
parent
aa553f7bdf
commit
ec2921da66
9 changed files with 72 additions and 162 deletions
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/arm 5.4.3 Kernel Configuration
|
||||
# Linux/arm 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -539,6 +539,7 @@ CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
|
|||
CONFIG_HAVE_EXIT_THREAD=y
|
||||
CONFIG_ARCH_MMAP_RND_BITS=8
|
||||
CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT=y
|
||||
CONFIG_HAVE_COPY_THREAD_TLS=y
|
||||
CONFIG_CLONE_BACKWARDS=y
|
||||
CONFIG_OLD_SIGSUSPEND3=y
|
||||
CONFIG_OLD_SIGACTION=y
|
||||
|
@ -563,34 +564,20 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
CONFIG_MODULE_FORCE_UNLOAD=y
|
||||
CONFIG_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
CONFIG_UNUSED_SYMBOLS=y
|
||||
|
@ -6711,11 +6698,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
CONFIG_INTEGRITY_SIGNATURE=y
|
||||
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
|
||||
|
@ -6759,7 +6742,6 @@ CONFIG_CRYPTO=y
|
|||
#
|
||||
# Crypto core or helper
|
||||
#
|
||||
# CONFIG_CRYPTO_FIPS is not set
|
||||
CONFIG_CRYPTO_ALGAPI=y
|
||||
CONFIG_CRYPTO_ALGAPI2=y
|
||||
CONFIG_CRYPTO_AEAD=y
|
||||
|
@ -6938,7 +6920,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/arm64 5.4.3 Kernel Configuration
|
||||
# Linux/arm64 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -742,6 +742,7 @@ CONFIG_ARCH_MMAP_RND_BITS=14
|
|||
CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
|
||||
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=7
|
||||
CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT=y
|
||||
CONFIG_HAVE_COPY_THREAD_TLS=y
|
||||
CONFIG_CLONE_BACKWARDS=y
|
||||
CONFIG_OLD_SIGSUSPEND3=y
|
||||
CONFIG_COMPAT_OLD_SIGACTION=y
|
||||
|
@ -769,19 +770,13 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
# CONFIG_MODULE_FORCE_LOAD is not set
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
|
@ -789,15 +784,7 @@ CONFIG_MODULE_UNLOAD=y
|
|||
CONFIG_MODVERSIONS=y
|
||||
CONFIG_ASM_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
CONFIG_UNUSED_SYMBOLS=y
|
||||
|
@ -9248,11 +9235,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
# CONFIG_INTEGRITY is not set
|
||||
# CONFIG_DEFAULT_SECURITY_SELINUX is not set
|
||||
# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
|
||||
|
@ -9288,7 +9271,6 @@ CONFIG_CRYPTO=y
|
|||
#
|
||||
# Crypto core or helper
|
||||
#
|
||||
# CONFIG_CRYPTO_FIPS is not set
|
||||
CONFIG_CRYPTO_ALGAPI=y
|
||||
CONFIG_CRYPTO_ALGAPI2=y
|
||||
CONFIG_CRYPTO_AEAD=y
|
||||
|
@ -9486,7 +9468,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/i386 5.4.3 Kernel Configuration
|
||||
# Linux/i386 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -794,19 +794,13 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
|
@ -814,15 +808,7 @@ CONFIG_MODULE_FORCE_UNLOAD=y
|
|||
CONFIG_MODVERSIONS=y
|
||||
CONFIG_ASM_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
# CONFIG_UNUSED_SYMBOLS is not set
|
||||
|
@ -6203,8 +6189,6 @@ CONFIG_SND_SOC_SOF_INTEL_ATOM_HIFI_EP=m
|
|||
CONFIG_SND_SOC_SOF_INTEL_COMMON=m
|
||||
CONFIG_SND_SOC_SOF_BAYTRAIL_SUPPORT=y
|
||||
CONFIG_SND_SOC_SOF_BAYTRAIL=m
|
||||
CONFIG_SND_SOC_SOF_BROADWELL_SUPPORT=y
|
||||
CONFIG_SND_SOC_SOF_BROADWELL=m
|
||||
CONFIG_SND_SOC_SOF_MERRIFIELD_SUPPORT=y
|
||||
CONFIG_SND_SOC_SOF_MERRIFIELD=m
|
||||
CONFIG_SND_SOC_SOF_APOLLOLAKE_SUPPORT=y
|
||||
|
@ -8811,11 +8795,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
|
@ -9052,7 +9032,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/powerpc 5.4.3 Kernel Configuration
|
||||
# Linux/powerpc 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -522,19 +522,13 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
|
@ -542,15 +536,7 @@ CONFIG_MODULE_FORCE_UNLOAD=y
|
|||
CONFIG_MODVERSIONS=y
|
||||
CONFIG_ASM_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
# CONFIG_UNUSED_SYMBOLS is not set
|
||||
|
@ -6982,11 +6968,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
|
@ -7025,7 +7007,6 @@ CONFIG_CRYPTO=y
|
|||
#
|
||||
# Crypto core or helper
|
||||
#
|
||||
# CONFIG_CRYPTO_FIPS is not set
|
||||
CONFIG_CRYPTO_ALGAPI=y
|
||||
CONFIG_CRYPTO_ALGAPI2=y
|
||||
CONFIG_CRYPTO_AEAD=m
|
||||
|
@ -7204,7 +7185,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/powerpc 5.4.3 Kernel Configuration
|
||||
# Linux/powerpc 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -689,19 +689,13 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
|
@ -710,15 +704,7 @@ CONFIG_MODVERSIONS=y
|
|||
CONFIG_ASM_MODVERSIONS=y
|
||||
CONFIG_MODULE_REL_CRCS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
# CONFIG_UNUSED_SYMBOLS is not set
|
||||
|
@ -8904,11 +8890,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
|
@ -9134,7 +9116,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/powerpc 5.4.3 Kernel Configuration
|
||||
# Linux/powerpc 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -617,19 +617,13 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
|
@ -638,15 +632,7 @@ CONFIG_MODVERSIONS=y
|
|||
CONFIG_ASM_MODVERSIONS=y
|
||||
CONFIG_MODULE_REL_CRCS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
# CONFIG_UNUSED_SYMBOLS is not set
|
||||
|
@ -8657,11 +8643,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
|
@ -8886,7 +8868,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Automatically generated file; DO NOT EDIT.
|
||||
# Linux/x86_64 5.4.3 Kernel Configuration
|
||||
# Linux/x86_64 5.4.13 Kernel Configuration
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -821,19 +821,13 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
|
|||
CONFIG_PLUGIN_HOSTCC="g++"
|
||||
CONFIG_HAVE_GCC_PLUGINS=y
|
||||
CONFIG_GCC_PLUGINS=y
|
||||
|
||||
#
|
||||
# GCC plugins
|
||||
#
|
||||
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
|
||||
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
|
||||
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
|
||||
# end of GCC plugins
|
||||
# end of General architecture-dependent options
|
||||
|
||||
CONFIG_RT_MUTEXES=y
|
||||
CONFIG_BASE_SMALL=0
|
||||
CONFIG_MODULE_SIG_FORMAT=y
|
||||
CONFIG_MODULES=y
|
||||
CONFIG_MODULE_FORCE_LOAD=y
|
||||
CONFIG_MODULE_UNLOAD=y
|
||||
|
@ -841,15 +835,7 @@ CONFIG_MODULE_FORCE_UNLOAD=y
|
|||
CONFIG_MODVERSIONS=y
|
||||
CONFIG_ASM_MODVERSIONS=y
|
||||
# CONFIG_MODULE_SRCVERSION_ALL is not set
|
||||
CONFIG_MODULE_SIG=y
|
||||
# CONFIG_MODULE_SIG_FORCE is not set
|
||||
# CONFIG_MODULE_SIG_ALL is not set
|
||||
CONFIG_MODULE_SIG_SHA1=y
|
||||
# CONFIG_MODULE_SIG_SHA224 is not set
|
||||
# CONFIG_MODULE_SIG_SHA256 is not set
|
||||
# CONFIG_MODULE_SIG_SHA384 is not set
|
||||
# CONFIG_MODULE_SIG_SHA512 is not set
|
||||
CONFIG_MODULE_SIG_HASH="sha1"
|
||||
# CONFIG_MODULE_SIG is not set
|
||||
# CONFIG_MODULE_COMPRESS is not set
|
||||
# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set
|
||||
# CONFIG_UNUSED_SYMBOLS is not set
|
||||
|
@ -6268,8 +6254,6 @@ CONFIG_SND_SOC_SOF_INTEL_ATOM_HIFI_EP=m
|
|||
CONFIG_SND_SOC_SOF_INTEL_COMMON=m
|
||||
CONFIG_SND_SOC_SOF_BAYTRAIL_SUPPORT=y
|
||||
CONFIG_SND_SOC_SOF_BAYTRAIL=m
|
||||
CONFIG_SND_SOC_SOF_BROADWELL_SUPPORT=y
|
||||
CONFIG_SND_SOC_SOF_BROADWELL=m
|
||||
CONFIG_SND_SOC_SOF_MERRIFIELD_SUPPORT=y
|
||||
CONFIG_SND_SOC_SOF_MERRIFIELD=m
|
||||
CONFIG_SND_SOC_SOF_APOLLOLAKE_SUPPORT=y
|
||||
|
@ -8966,11 +8950,7 @@ CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
|
|||
# CONFIG_SECURITY_LOADPIN is not set
|
||||
CONFIG_SECURITY_YAMA=y
|
||||
# CONFIG_SECURITY_SAFESETID is not set
|
||||
CONFIG_SECURITY_LOCKDOWN_LSM=y
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM_EARLY is not set
|
||||
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set
|
||||
# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set
|
||||
# CONFIG_SECURITY_LOCKDOWN_LSM is not set
|
||||
CONFIG_INTEGRITY=y
|
||||
# CONFIG_INTEGRITY_SIGNATURE is not set
|
||||
CONFIG_INTEGRITY_AUDIT=y
|
||||
|
@ -9229,7 +9209,6 @@ CONFIG_PKCS7_MESSAGE_PARSER=y
|
|||
#
|
||||
# Certificates for signature checking
|
||||
#
|
||||
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
|
||||
CONFIG_SYSTEM_TRUSTED_KEYRING=y
|
||||
CONFIG_SYSTEM_TRUSTED_KEYS=""
|
||||
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
|
||||
|
|
48
srcpkgs/linux5.4/patches/iwlwifi-revert-cmd-size.patch
Normal file
48
srcpkgs/linux5.4/patches/iwlwifi-revert-cmd-size.patch
Normal file
|
@ -0,0 +1,48 @@
|
|||
From 78fe4d666ff244609c7d02bea07a22ce87e56326 Mon Sep 17 00:00:00 2001
|
||||
From: Mehmet Akif Tasova <makiftasova@gmail.com>
|
||||
Date: Mon, 30 Dec 2019 15:48:16 +0200
|
||||
Subject: Revert "iwlwifi: mvm: fix scan config command size"
|
||||
|
||||
Since v5.4-rc1 was released, iwlwifi started throwing errors when scan
|
||||
commands were sent to the firmware with certain devices (depending on
|
||||
the OTP burned in the device, which contains the list of available
|
||||
channels). For instance:
|
||||
|
||||
iwlwifi 0000:00:14.3: FW error in SYNC CMD SCAN_CFG_CMD
|
||||
|
||||
This bug was reported in the ArchLinux bug tracker:
|
||||
https://bugs.archlinux.org/task/64703
|
||||
|
||||
And also in a specific case in bugzilla, when the lar_disabled option
|
||||
was set: https://bugzilla.kernel.org/show_bug.cgi?id=205193
|
||||
|
||||
Revert the commit that introduced this error, by using the number of
|
||||
channels from the OTP instead of the number of channels that is
|
||||
specified in the FW TLV that tells us how many channels it supports.
|
||||
|
||||
This reverts commit 06eb547c4ae4382e70d556ba213d13c95ca1801b.
|
||||
|
||||
Cc: stable@vger.kernel.org # v5.4+
|
||||
Signed-off-by: Mehmet Akif Tasova <makiftasova@gmail.com>
|
||||
[ Luca: reworded the commit message a bit. ]
|
||||
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
|
||||
---
|
||||
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
|
||||
index fcafa22ec6ce..8aa567d7912c 100644
|
||||
--- a/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
|
||||
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/scan.c
|
||||
@@ -1220,7 +1220,7 @@ static int iwl_mvm_legacy_config_scan(struct iwl_mvm *mvm)
|
||||
cmd_size = sizeof(struct iwl_scan_config_v2);
|
||||
else
|
||||
cmd_size = sizeof(struct iwl_scan_config_v1);
|
||||
- cmd_size += num_channels;
|
||||
+ cmd_size += mvm->fw->ucode_capa.n_scan_channels;
|
||||
|
||||
cfg = kzalloc(cmd_size, GFP_KERNEL);
|
||||
if (!cfg)
|
||||
--
|
||||
cgit v1.2.1-1-g437b
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'linux5.4'
|
||||
pkgname=linux5.4
|
||||
version=5.4.13
|
||||
revision=1
|
||||
revision=2
|
||||
wrksrc="linux-${version}"
|
||||
short_desc="Linux kernel and modules (${version%.*} series)"
|
||||
maintainer="Helmut Pozimski <helmut@pozimski.eu>"
|
||||
|
|
Loading…
Reference in a new issue