diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-02-18 10:50:45 -0800 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2019-02-18 10:50:45 -0800 |
commit | 58dc215852c09a2ff7357acd0df0f095bf31fd93 (patch) | |
tree | 7f74e40949769a60ab8e1113e09252c1cf38bc6a | |
parent | Updated to 4.20.10.a (diff) | |
download | linux-libre-hardened-ck-58dc215852c09a2ff7357acd0df0f095bf31fd93.tar.xz |
Make Spectre, Meltdown, and L1TF mitigations explicit
-
Disable old/unmaintained/insecure filesystems
-rw-r--r-- | PKGBUILD | 4 | ||||
-rw-r--r-- | config.x86_64 | 63 |
2 files changed, 17 insertions, 50 deletions
@@ -30,7 +30,7 @@ _jcpatchversion=1 _gcc_more_v='20180509' _srcname=linux-${_majver} pkgver=${_pkgver}.${_hardenedver} -pkgrel=1 +pkgrel=4 url='https://github.com/anthraxx/linux-hardened' #url='http://ck.kolivas.org/patches/' arch=('x86_64') @@ -62,7 +62,7 @@ sha256sums=('b80d5c0076dfa11ee8af63ad0b4795569d098b77020d2fffc797b892ba455a1f' '226e30068ea0fecdb22f337391385701996bfbdba37cdcf0f1dbf55f1080542d' 'e7ebf050c22bcec0028c0b3c79fd6d3913b0370ecc6a23dfe78ce475630cf503' '0f81d6e4158b7beeb0eb514f1b9401f7e23699cb0f7b0d513e25dae1815daaeb' - '602bb69819223506182319df69ca13828b9ef0a436e09903e81987c30cf19dcd' + 'f44a49012fd648b3d2b27d6aabd995cfb65ff15cde0228fea8d24d89d7ccbfb5' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' diff --git a/config.x86_64 b/config.x86_64 index 75c5adb..3c1219b 100644 --- a/config.x86_64 +++ b/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.20.10 Kernel Configuration +# Linux/x86 4.20.10.a Kernel Configuration # # @@ -474,7 +474,7 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_LEGACY_VSYSCALL_EMULATE is not set CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_CMDLINE_BOOL=y -CONFIG_CMDLINE="page_poison=1 slab_nomerge pti=on" +CONFIG_CMDLINE="page_poison=1 slab_nomerge l1tf=full,force pti=on spec_store_bypass_disable=on spectre_v2=on" # CONFIG_CMDLINE_OVERRIDE is not set # CONFIG_MODIFY_LDT_SYSCALL is not set CONFIG_HAVE_LIVEPATCH=y @@ -7748,19 +7748,7 @@ CONFIG_MTK_MMC=m CONFIG_STAGING_GASKET_FRAMEWORK=m CONFIG_STAGING_APEX_DRIVER=m CONFIG_XIL_AXIS_FIFO=m -CONFIG_EROFS_FS=m -# CONFIG_EROFS_FS_DEBUG is not set -CONFIG_EROFS_FS_XATTR=y -CONFIG_EROFS_FS_POSIX_ACL=y -CONFIG_EROFS_FS_SECURITY=y -# CONFIG_EROFS_FS_USE_VM_MAP_RAM is not set -# CONFIG_EROFS_FAULT_INJECTION is not set -CONFIG_EROFS_FS_IO_MAX_RETRIES=5 -CONFIG_EROFS_FS_ZIP=y -CONFIG_EROFS_FS_CLUSTER_PAGE_LIMIT=2 -# CONFIG_EROFS_FS_ZIP_NO_CACHE is not set -# CONFIG_EROFS_FS_ZIP_CACHE_UNIPOLAR is not set -CONFIG_EROFS_FS_ZIP_CACHE_BIPOLAR=y +# CONFIG_EROFS_FS is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACER_WIRELESS=m @@ -8635,11 +8623,7 @@ CONFIG_REISERFS_PROC_INFO=y CONFIG_REISERFS_FS_XATTR=y CONFIG_REISERFS_FS_POSIX_ACL=y CONFIG_REISERFS_FS_SECURITY=y -CONFIG_JFS_FS=m -CONFIG_JFS_POSIX_ACL=y -CONFIG_JFS_SECURITY=y -# CONFIG_JFS_DEBUG is not set -CONFIG_JFS_STATISTICS=y +# CONFIG_JFS_FS is not set CONFIG_XFS_FS=m CONFIG_XFS_QUOTA=y CONFIG_XFS_POSIX_ACL=y @@ -8663,16 +8647,8 @@ CONFIG_BTRFS_FS_POSIX_ACL=y # CONFIG_BTRFS_DEBUG is not set # CONFIG_BTRFS_ASSERT is not set # CONFIG_BTRFS_FS_REF_VERIFY is not set -CONFIG_NILFS2_FS=m -CONFIG_F2FS_FS=m -CONFIG_F2FS_STAT_FS=y -CONFIG_F2FS_FS_XATTR=y -CONFIG_F2FS_FS_POSIX_ACL=y -CONFIG_F2FS_FS_SECURITY=y -CONFIG_F2FS_CHECK_FS=y -CONFIG_F2FS_FS_ENCRYPTION=y -# CONFIG_F2FS_IO_TRACE is not set -# CONFIG_F2FS_FAULT_INJECTION is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set CONFIG_FS_DAX=y CONFIG_FS_DAX_PMD=y CONFIG_FS_POSIX_ACL=y @@ -8735,9 +8711,7 @@ CONFIG_VFAT_FS=m CONFIG_FAT_DEFAULT_CODEPAGE=437 CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" CONFIG_FAT_DEFAULT_UTF8=y -CONFIG_NTFS_FS=m -# CONFIG_NTFS_DEBUG is not set -CONFIG_NTFS_RW=y +# CONFIG_NTFS_FS is not set # # Pseudo filesystems @@ -8762,13 +8736,12 @@ CONFIG_EFIVAR_FS=y CONFIG_MISC_FILESYSTEMS=y CONFIG_ORANGEFS_FS=m # CONFIG_ADFS_FS is not set -CONFIG_AFFS_FS=m +# CONFIG_AFFS_FS is not set CONFIG_ECRYPT_FS=m # CONFIG_ECRYPT_FS_MESSAGING is not set -CONFIG_HFS_FS=m +# CONFIG_HFS_FS is not set CONFIG_HFSPLUS_FS=m -CONFIG_BEFS_FS=m -# CONFIG_BEFS_DEBUG is not set +# CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set CONFIG_JFFS2_FS=m @@ -8791,9 +8764,7 @@ CONFIG_UBIFS_FS_XATTR=y CONFIG_UBIFS_FS_ENCRYPTION=y CONFIG_UBIFS_FS_SECURITY=y CONFIG_UBIFS_FS_AUTHENTICATION=y -CONFIG_CRAMFS=m -CONFIG_CRAMFS_BLOCKDEV=y -CONFIG_CRAMFS_MTD=y +# CONFIG_CRAMFS is not set CONFIG_SQUASHFS=m # CONFIG_SQUASHFS_FILE_CACHE is not set CONFIG_SQUASHFS_FILE_DIRECT=y @@ -8810,8 +8781,8 @@ CONFIG_SQUASHFS_ZSTD=y # CONFIG_SQUASHFS_EMBEDDED is not set CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 # CONFIG_VXFS_FS is not set -CONFIG_MINIX_FS=m -CONFIG_OMFS_FS=m +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set # CONFIG_HPFS_FS is not set # CONFIG_QNX4FS_FS is not set # CONFIG_QNX6FS_FS is not set @@ -8839,12 +8810,8 @@ CONFIG_PSTORE_COMPRESS_DEFAULT="zstd" # CONFIG_PSTORE_FTRACE is not set CONFIG_PSTORE_RAM=y # CONFIG_SYSV_FS is not set -CONFIG_UFS_FS=m -# CONFIG_UFS_FS_WRITE is not set -# CONFIG_UFS_DEBUG is not set -CONFIG_EXOFS_FS=m -# CONFIG_EXOFS_DEBUG is not set -CONFIG_ORE=m +# CONFIG_UFS_FS is not set +# CONFIG_EXOFS_FS is not set CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=m CONFIG_NFS_V2=m |