diff --git a/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch b/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch index d840813..f3412d3 100644 --- a/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch +++ b/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch @@ -22,15 +22,16 @@ diff --git a/kernel/module.c b/kernel/module.c index 6baa1080c..118d8ee60 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -268,7 +268,7 @@ static void module_assert_mutex_or_preempt(void) - } +@@ -274,7 +274,7 @@ + #ifdef CONFIG_MODULE_SIG static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE); -module_param(sig_enforce, bool_enable_only, 0644); +module_param(sig_enforce, bool, 0644); - /* - * Export sig_enforce kernel cmdline parameter to allow other subsystems rely + void set_module_sig_enforced(void) + { + -- 2.17.1 diff --git a/kernel-arm64.config b/kernel-arm64.config index 1c9fba7..c7c8f5c 100644 --- a/kernel-arm64.config +++ b/kernel-arm64.config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.10.45 Kernel Configuration +# Linux/arm64 5.10.47 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0 20210427 (ROSA)" CONFIG_CC_IS_GCC=y @@ -12016,6 +12016,8 @@ CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SECONDARY_TRUSTED_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +CONFIG_SYSTEM_REVOCATION_LIST=y +CONFIG_SYSTEM_REVOCATION_KEYS="" # end of Certificates for signature checking CONFIG_BINARY_PRINTF=y diff --git a/kernel-i586.config b/kernel-i586.config index 9dbd23c..fa8fd3f 100644 --- a/kernel-i586.config +++ b/kernel-i586.config @@ -1,16 +1,17 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.17 Kernel Configuration +# Linux/x86 5.10.47 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0 20200723 (ROSA)" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0 20210427 (ROSA)" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=100200 +CONFIG_GCC_VERSION=110100 CONFIG_LD_VERSION=236010000 CONFIG_CLANG_VERSION=0 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y @@ -231,6 +232,7 @@ CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set CONFIG_USERFAULTFD=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y CONFIG_RSEQ=y # CONFIG_DEBUG_RSEQ is not set # CONFIG_EMBEDDED is not set @@ -828,6 +830,7 @@ CONFIG_ARCH_USE_MEMREMAP_PROT=y CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_HAVE_STATIC_CALL=y CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SPLIT_ARG64=y # # GCOV-based kernel profiling @@ -2061,7 +2064,6 @@ CONFIG_PCIEASPM_DEFAULT=y CONFIG_PCIE_PME=y CONFIG_PCIE_DPC=y CONFIG_PCIE_PTM=y -# CONFIG_PCIE_BW is not set CONFIG_PCIE_EDR=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y @@ -6492,8 +6494,13 @@ CONFIG_DRM_PANEL_BRIDGE=y # # Display Interface Bridges # +CONFIG_DRM_BAIKAL_HDMI=m CONFIG_DRM_ANALOGIX_ANX78XX=m CONFIG_DRM_ANALOGIX_DP=m +CONFIG_DRM_DW_HDMI=m +CONFIG_DRM_DW_HDMI_AHB_AUDIO=m +CONFIG_DRM_DW_HDMI_I2S_AUDIO=m +CONFIG_DRM_DW_HDMI_CEC=m # end of Display Interface Bridges # CONFIG_DRM_ETNAVIV is not set @@ -7056,8 +7063,6 @@ CONFIG_SND_SOC_SOF_INTEL_PCI=m CONFIG_SND_SOC_SOF_INTEL_HIFI_EP_IPC=m CONFIG_SND_SOC_SOF_INTEL_ATOM_HIFI_EP=m CONFIG_SND_SOC_SOF_INTEL_COMMON=m -CONFIG_SND_SOC_SOF_BROADWELL_SUPPORT=y -CONFIG_SND_SOC_SOF_BROADWELL=m CONFIG_SND_SOC_SOF_MERRIFIELD_SUPPORT=y CONFIG_SND_SOC_SOF_MERRIFIELD=m CONFIG_SND_SOC_SOF_APOLLOLAKE_SUPPORT=y @@ -8233,7 +8238,6 @@ CONFIG_INTEL_IDMA64=m CONFIG_PCH_DMA=m CONFIG_PLX_DMA=m CONFIG_TIMB_DMA=m -CONFIG_XILINX_ZYNQMP_DPDMA=m CONFIG_QCOM_HIDMA_MGMT=m CONFIG_QCOM_HIDMA=m CONFIG_DW_DMAC_CORE=m @@ -9017,8 +9021,6 @@ CONFIG_AD7887=m CONFIG_AD7923=m CONFIG_AD7949=m CONFIG_AD799X=m -CONFIG_AD9467=m -CONFIG_ADI_AXI_ADC=m CONFIG_AXP20X_ADC=m CONFIG_AXP288_ADC=m CONFIG_CC10001_ADC=m @@ -10378,6 +10380,8 @@ CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096 CONFIG_SECONDARY_TRUSTED_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +CONFIG_SYSTEM_REVOCATION_LIST=y +CONFIG_SYSTEM_REVOCATION_KEYS="" # end of Certificates for signature checking CONFIG_BINARY_PRINTF=y @@ -10578,6 +10582,7 @@ CONFIG_KDB_CONTINUE_CATASTROPHIC=0 CONFIG_ARCH_HAS_EARLY_DEBUG=y CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set +CONFIG_HAVE_KCSAN_COMPILER=y # end of Generic Kernel Debugging Instruments CONFIG_DEBUG_KERNEL=y diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 2137ae8..24c43a9 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -1,16 +1,17 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.17 Kernel Configuration +# Linux/x86 5.10.47 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0 20200723 (ROSA)" +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0 20210427 (ROSA)" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=100200 +CONFIG_GCC_VERSION=110100 CONFIG_LD_VERSION=236010000 CONFIG_CLANG_VERSION=0 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y @@ -243,6 +244,7 @@ CONFIG_USERMODE_DRIVER=y # CONFIG_BPF_PRELOAD is not set CONFIG_USERFAULTFD=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y CONFIG_RSEQ=y # CONFIG_DEBUG_RSEQ is not set # CONFIG_EMBEDDED is not set @@ -2101,7 +2103,6 @@ CONFIG_PCIEASPM_DEFAULT=y CONFIG_PCIE_PME=y CONFIG_PCIE_DPC=y CONFIG_PCIE_PTM=y -# CONFIG_PCIE_BW is not set CONFIG_PCIE_EDR=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y @@ -6462,8 +6463,13 @@ CONFIG_DRM_PANEL_BRIDGE=y # # Display Interface Bridges # +CONFIG_DRM_BAIKAL_HDMI=m CONFIG_DRM_ANALOGIX_ANX78XX=m CONFIG_DRM_ANALOGIX_DP=m +CONFIG_DRM_DW_HDMI=m +CONFIG_DRM_DW_HDMI_AHB_AUDIO=m +CONFIG_DRM_DW_HDMI_I2S_AUDIO=m +CONFIG_DRM_DW_HDMI_CEC=m # end of Display Interface Bridges # CONFIG_DRM_ETNAVIV is not set @@ -6980,8 +6986,6 @@ CONFIG_SND_SOC_SOF_INTEL_PCI=m CONFIG_SND_SOC_SOF_INTEL_HIFI_EP_IPC=m CONFIG_SND_SOC_SOF_INTEL_ATOM_HIFI_EP=m CONFIG_SND_SOC_SOF_INTEL_COMMON=m -CONFIG_SND_SOC_SOF_BROADWELL_SUPPORT=y -CONFIG_SND_SOC_SOF_BROADWELL=m CONFIG_SND_SOC_SOF_MERRIFIELD_SUPPORT=y CONFIG_SND_SOC_SOF_MERRIFIELD=m CONFIG_SND_SOC_SOF_APOLLOLAKE_SUPPORT=y @@ -8168,7 +8172,6 @@ CONFIG_INTEL_IDMA64=m CONFIG_INTEL_IDXD=m CONFIG_INTEL_IOATDMA=m CONFIG_PLX_DMA=m -CONFIG_XILINX_ZYNQMP_DPDMA=m CONFIG_QCOM_HIDMA_MGMT=m CONFIG_QCOM_HIDMA=m CONFIG_DW_DMAC_CORE=m @@ -8284,7 +8287,7 @@ CONFIG_HYPERV_BALLOON=m # CONFIG_XEN_BALLOON=y CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y -CONFIG_XEN_BALLOON_MEMORY_HOTPLUG_LIMIT=512 +CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512 CONFIG_XEN_SCRUB_PAGES_DEFAULT=y CONFIG_XEN_DEV_EVTCHN=m CONFIG_XEN_BACKEND=y @@ -9008,8 +9011,6 @@ CONFIG_AD7887=m CONFIG_AD7923=m CONFIG_AD7949=m CONFIG_AD799X=m -CONFIG_AD9467=m -CONFIG_ADI_AXI_ADC=m CONFIG_AXP20X_ADC=m CONFIG_AXP288_ADC=m CONFIG_CC10001_ADC=m @@ -10417,7 +10418,7 @@ CONFIG_PKCS7_MESSAGE_PARSER=y # # Certificates for signature checking # -CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" +CONFIG_MODULE_SIG_KEY="certs/signing_key_priv.key" CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_SYSTEM_TRUSTED_KEYS="certs/public.pem" CONFIG_SYSTEM_EXTRA_CERTIFICATE=y @@ -10425,6 +10426,8 @@ CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=12288 CONFIG_SECONDARY_TRUSTED_KEYRING=y CONFIG_SYSTEM_BLACKLIST_KEYRING=y CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +CONFIG_SYSTEM_REVOCATION_LIST=y +CONFIG_SYSTEM_REVOCATION_KEYS="" # end of Certificates for signature checking CONFIG_BINARY_PRINTF=y @@ -10635,6 +10638,8 @@ CONFIG_ARCH_HAS_EARLY_DEBUG=y CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set # end of Generic Kernel Debugging Instruments CONFIG_DEBUG_KERNEL=y