Re: module signing: Changing to MODULE_SIG_SHA3_512

On Thu, Nov 9, 2023 at 8:29 AM Josh Boyer wrote: > > On Thu, Nov 9, 2023 at 8:23 AM Prarit Bhargava wrote: > > > > On 11/9/23 08:13, Josh Boyer wrote: > > > On Thu, Nov 9, 2023 at 8:03 AM Prarit Bhargava wrote: > > >> > > >> On 11/8/23

Re: module signing: Changing to MODULE_SIG_SHA3_512

On Thu, Nov 9, 2023 at 8:23 AM Prarit Bhargava wrote: > > On 11/9/23 08:13, Josh Boyer wrote: > > On Thu, Nov 9, 2023 at 8:03 AM Prarit Bhargava wrote: > >> > >> On 11/8/23 08:33, Prarit Bhargava wrote: > >>> Hey everyone, >

Re: module signing: Changing to MODULE_SIG_SHA3_512

On Thu, Nov 9, 2023 at 8:03 AM Prarit Bhargava wrote: > > On 11/8/23 08:33, Prarit Bhargava wrote: > > Hey everyone, > > > > The current kernel configs generate > > > > # CONFIG_MODULE_SIG_FORCE is not set > > CONFIG_MODULE_SIG_ALL=y > > # CONFIG_MODULE_SIG_SHA256 is not set > > # CONFIG_MODULE_SI

Re: Move xpad in kernel-modules ?

On Wed, Dec 2, 2020 at 4:18 PM Paul Bolle wrote: > > Paul Bolle schreef op wo 02-12-2020 om 21:30 [+0100]: > > Currently there seem to be over 6000 texlive packages. (Quick and dirty > > measurements, sorry.) So splitting the kernel into an absurd number of > > packages for (obscure) modules isn'

Re: Move xpad in kernel-modules ?

On Wed, Dec 2, 2020 at 3:32 PM Paul Bolle wrote: > > Marcelo Ricardo Leitner schreef op wo 02-12-2020 om 17:11 [-0300]: > > Maybe, then taking it to the extreme, less common modules can all have its > > own rpm package ;-) > > Vague ideas like this crossed my mind too. > > The local build I just f

Re: Move xpad in kernel-modules ?

On Wed, Dec 2, 2020 at 2:15 PM Matthew Miller wrote: > > On Wed, Dec 02, 2020 at 10:31:17AM -0500, Bastien Nocera wrote: > > You should see the hoops people go through to make their controllers work, > > either installing user-space drivers, or finding out how to solve the > > problem > > by inst

Re: Upcoming Fedora kernel workflow changes

On Wed, Mar 11, 2020 at 1:26 PM Josh Boyer wrote: > > On Wed, Mar 11, 2020 at 1:21 PM Jeremy Cline wrote: > > > > On Wed, 2020-03-11 at 12:58 -0400, Josh Boyer wrote: > > > On Wed, Mar 11, 2020 at 12:41 PM Jeremy Cline > > > wrote: > > > >

Re: Upcoming Fedora kernel workflow changes

On Wed, Apr 15, 2020 at 5:32 AM Thorsten Leemhuis wrote: > > Am 15.04.20 um 00:37 schrieb Jeremy Cline: > > On Tue, 2020-04-07 at 15:33 +, Jeremy Cline wrote: > >> On Wed, 2020-03-11 at 16:40 +, Jeremy Cline wrote: > >> > >> Just a note folks, the plan is to do this starting next week afte

Re: Upcoming Fedora kernel workflow changes

On Fri, Mar 13, 2020 at 9:49 AM Neal Gompa wrote: > > On Fri, Mar 13, 2020 at 9:42 AM Josh Boyer wrote: > > > > On Fri, Mar 13, 2020 at 7:08 AM Neal Gompa wrote: > > > > > > On Fri, Mar 13, 2020 at 7:02 AM Bastien Nocera wrote: > > > >

Re: Upcoming Fedora kernel workflow changes

On Fri, Mar 13, 2020 at 9:51 AM Peter Robinson wrote: > > > > > > >> The git tags are still signed by Linus. Does that cover your > > > > > >> concerns? > > > > > > > > > > > > Not really, no. I think that multiplying the intermediaries between > > > > > > kernel.org > > > > > > and the Fedora re

Re: Upcoming Fedora kernel workflow changes

On Fri, Mar 13, 2020 at 7:08 AM Neal Gompa wrote: > > On Fri, Mar 13, 2020 at 7:02 AM Bastien Nocera wrote: > > > > > > > > - Original Message - > > > > > > > > > On 3/12/20 10:57 AM, Bastien Nocera wrote: > > > > > > > > > > > > - Original Message - > > > > > > > >> The git tags

Re: Upcoming Fedora kernel workflow changes

On Wed, Mar 11, 2020 at 1:21 PM Jeremy Cline wrote: > > On Wed, 2020-03-11 at 12:58 -0400, Josh Boyer wrote: > > On Wed, Mar 11, 2020 at 12:41 PM Jeremy Cline > > wrote: > > > Hi folks, > > > > > > This should come as no surprise to those who have b

Re: Upcoming Fedora kernel workflow changes

On Wed, Mar 11, 2020 at 12:41 PM Jeremy Cline wrote: > > Hi folks, > > This should come as no surprise to those who have been following the > kernel list and/or saw Laura's Flock talk last summer, but there are > some changes to the way the Fedora kernel is maintained coming in the > next couple o

Re: Discussion: what would not blocking on btrfs look like?

On Wed, Aug 28, 2019 at 2:40 PM Josef Bacik wrote: > > On Wed, Aug 28, 2019 at 02:35:39PM -0400, Laura Abbott wrote: > > On 8/28/19 1:58 PM, Josef Bacik wrote: > > > On Tue, Aug 27, 2019 at 07:53:20AM -0400, Laura Abbott wrote: > > > > On 8/26/19 11:39 PM, Neal Gompa wrote: > > > > > On Mon, Aug 2

Re: Discussion: what would not blocking on btrfs look like?

On Tue, Aug 27, 2019 at 8:48 AM Neal Gompa wrote: > > On Tue, Aug 27, 2019 at 8:30 AM Josh Boyer wrote: > > > > On Tue, Aug 27, 2019 at 8:10 AM Neal Gompa wrote: > > > > > > On Tue, Aug 27, 2019 at 7:41 AM Josh Boyer > > > wrote: > > >

Re: Discussion: what would not blocking on btrfs look like?

On Tue, Aug 27, 2019 at 8:10 AM Neal Gompa wrote: > > On Tue, Aug 27, 2019 at 7:41 AM Josh Boyer wrote: > > > > On Tue, Aug 27, 2019 at 7:19 AM Neal Gompa wrote: > > > > > > On Tue, Aug 27, 2019 at 5:55 AM wrote: > > > > > > > > On Mo

Re: Discussion: what would not blocking on btrfs look like?

On Tue, Aug 27, 2019 at 7:19 AM Neal Gompa wrote: > > On Tue, Aug 27, 2019 at 5:55 AM wrote: > > > > On Mon, 2019-08-26 at 23:54 -0400, Neal Gompa wrote: > > > On Mon, Aug 26, 2019 at 7:16 AM wrote: > > > > > > > > I understand them. The point is, for them and even us (the > > > > installer) > >

Re: Support buildid in kernel-headers

On Wed, Aug 21, 2019 at 2:47 PM Paul Moore wrote: > > Hello, > > Last year there was a change to how the kernel-headers package is > built, and unfortunately that change made it so that changes to the > kernel's buildid variable do not carryover to the the kernel-header's > build. While I recogni

Re: [PATCH 6/9] Remove some old modalias adjustments

On Thu, Aug 15, 2019 at 3:58 PM Laura Abbott wrote: > > We've come a long way. Let's just leave these drivers alone. Can we not build them at all instead? Or put them in modules-extra if we're too chicken to disable them entirely. josh > Signed-off-by: Laura Abbott > --- > die-floppy-die.pat

Re: [PATCH 2/9] Drop cpumask auto select patch

y-die.patch > diff --git a/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch > b/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch > deleted file mode 100644 > index 5e6d6611e..0 > --- a/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch > +++ /de

Re: [PATCH 9/9] Remove crash driver

On Thu, Aug 15, 2019 at 4:02 PM Laura Abbott wrote: > > This has since been replaced by other in kernel pieces. We > can finally drop it. Which pieces? josh > > Signed-off-by: Laura Abbott > --- > crash-driver.patch | 722 - > kernel.spec|

Re: Certificate used to sign Fedora kernels for UEFI Secure Boot?

On Mon, Aug 12, 2019 at 11:23 AM Paul Moore wrote: > > On Fri, Aug 9, 2019 at 8:31 AM Paul Moore wrote: > > > > Hello all, > > > > I'm not sure if this is the place for this, but if not perhaps you > > could point me in the right direction? > > > > I'm looking for the certificate associated with

Re: [PATCH] Fix cross kernel headers location - rhbz#1642037

On Thu, Oct 25, 2018 at 7:50 AM Nicolas Chauvet wrote: > > Le mar. 23 oct. 2018 à 17:54, Josh Boyer a écrit : > > > > On Tue, Oct 23, 2018 at 11:12 AM Nicolas Chauvet wrote: > > > > > > Cross compiled kernel headers are installed into /usr/*-linux-gnu/includ

Re: [PATCH] Fix cross kernel headers location - rhbz#1642037

On Tue, Oct 23, 2018 at 11:12 AM Nicolas Chauvet wrote: > > Cross compiled kernel headers are installed into /usr/*-linux-gnu/include/ > instead of /usr/*-linux-gnu/sys-root/usr/include/ where they can be > found by default by the Fedora cross compiler toolchain. Is that a new change in how the c

Re: Make kernel.spec friendlier to el7

On Wed, Oct 3, 2018 at 4:13 PM Peter Robinson wrote: > > On Wed, Oct 3, 2018 at 8:12 PM Pablo Sebastián Greco > wrote: > > > > Didn't know about the "No attachment" rule, sorry. > > The general rule is use "git send-email" and have them inline. You could submit a pull request with pagure too. j

Re: [help] where is git tree of upstream source of the kernel ?

On Mon, Jul 23, 2018 at 12:06 PM Laura Abbott wrote > > On 07/22/2018 12:12 PM, stan wrote: > > On Sun, 22 Jul 2018 18:49:36 +0100 > > Sérgio Basto wrote: > > > >> Hello , I need bisect kernel between kernel 4.15-git1 and 4.15.0-git2 > >> > >> where I find a git tree with these commits (patch-4.1

Re: Any way to get the source of old fedora kernels?

On Sun, Jul 22, 2018 at 10:54 AM stan wrote: > > I've been having an issue with Fedora virtual consoles coming up with > the wrong color scheme for a while. Instead of coming up with white on > black, they come up as grey on white. When I startx, X resets the > parameters and they revert to whit

Re: Can't capture vmcore?

On Tue, Jan 9, 2018 at 1:51 PM, Maxim Burgerhout wrote: > I'm getting kernel panics in a VM that functions as a hypervisor, the moment > I spin up the nested guest (on AMD ThreadRipper / Fedora 27). That is > annoying, of course, so I try to be a good citizen and file a bug. > > For some reason th

Re: Current specfile misapplies v4.14.10 stable update for fc26

On Tue, Jan 2, 2018 at 4:55 PM, Paul Bolle wrote: > On Tue, 2018-01-02 at 12:32 -0800, Laura Abbott wrote: >> On 01/02/2018 08:35 AM, Paul Bolle wrote: >> > A bit off topic: I suppose at the ultimate goal is to do rpmbuild from >> > within >> > a proper git clone of the kernel repository. Ie, usi

Re: Current specfile misapplies v4.14.10 stable update for fc26

On Tue, Jan 2, 2018 at 4:35 PM, Paul Bolle wrote: > On Tue, 2018-01-02 at 16:28 -0500, Josh Boyer wrote: >> So if you want to use git apply instead of patch, I have no objections >> that I can remember. It'll just require some extra work to make sure >> the git rep

Re: Current specfile misapplies v4.14.10 stable update for fc26

On Sun, Dec 31, 2017 at 9:13 PM, Laura Abbott wrote: > On 12/30/2017 04:52 AM, Paul Bolle wrote: >> >> 0) The v4.14.10 stable updates adds a new executable (tools/objtool/sync- >> check.sh). Somehow this was added non-executable during my local build of >> v4.14.10 (on fc26, that is). This made th

Re: Adding virtualbox guest driver to Fedora kernels (revisited)

On Tue, Dec 19, 2017 at 6:03 AM, Hans de Goede wrote: > Hi All, > > Good news, the vboxguest driver has been queued for > upstream merging in char-misc-next. This just happened > so I want to wait for a couple of days to make sure > they stick and they do not get reverted for some reason. Nice jo

Re: RFC: Moving kernel-tools out of kernel.spec

On Wed, Nov 29, 2017 at 10:16 AM, Prarit Bhargava wrote: > > > On 11/29/2017 10:07 AM, Josh Boyer wrote: >> On Wed, Nov 29, 2017 at 9:58 AM, Prarit Bhargava wrote: >>> On 11/28/2017 09:16 PM, Josh Boyer wrote: >>>> On Tue, Nov 28, 2017 at 5:03 PM, Laura Abbott

Re: RFC: Moving kernel-tools out of kernel.spec

On Wed, Nov 29, 2017 at 9:58 AM, Prarit Bhargava wrote: > On 11/28/2017 09:16 PM, Josh Boyer wrote: >> On Tue, Nov 28, 2017 at 5:03 PM, Laura Abbott wrote: >>> Like all good bits of software, the kernel.spec has grown over time. >>> Part of this growth has com

Re: RFC: Moving kernel-tools out of kernel.spec

On Tue, Nov 28, 2017 at 5:03 PM, Laura Abbott wrote: > Like all good bits of software, the kernel.spec has grown over time. > Part of this growth has come from building more of the userspace > tools that live under the tools directory of the kernel. I've been > experimenting with moving these to a

Re: Deprecating old networking protocols

On Wed, Nov 15, 2017 at 6:09 PM, R P Herrold wrote: > On Tue, 14 Nov 2017, Steven Whitehouse wrote: > >> I think it is probably overdue in the DECnet case, however I >> did get a very happy with it for the most part. Anyway it is >> clear that nobody is maintaining it and it seems sensible >> that

Re: Reviving the hardware census

On Wed, Nov 8, 2017 at 2:14 PM, Don Zickus wrote: > On Wed, Nov 08, 2017 at 01:48:36PM -0500, Josh Boyer wrote: >> >> [1] https://github.com/npmccallum/census >> >> [2] https://github.com/npmccallum/census/blob/master/client/plugins/ >> >> [3] http

Re: Reviving the hardware census

On Wed, Nov 8, 2017 at 12:34 PM, Don Zickus wrote: > On Tue, Nov 07, 2017 at 10:49:02PM +, Jeremy Cline wrote: >> Hey folks, >> >> For some time now, Fedora has operated without a database of hardware >> users have. Smolt, the old hardware database, was retired in 2012[0] and >> its intended s

Re: [X86] x86 Architecture SIG

On Mon, Sep 11, 2017 at 1:22 PM, Justin Forbes wrote: > On Fri, Sep 8, 2017 at 9:41 PM, Jeff Backus wrote: > >> (Apologies - resending because I wasn't subscribed earlier) >> >> Hi list, >> >> I'm contacting you on behalf of the x86 SIG. Today FESCo approved our >> request to continue to support

Re: Assistance to built a kernel with patches

On Fri, Sep 8, 2017 at 2:48 AM, Luya Tshimbalanga wrote: > Hello team, > > I attemptedt o build a patched kernel from the Fedora repo using the > tutorial[1] and hit a roadblock as seen from COPR repository: > https://copr.fedorainfracloud.org/coprs/luya/kernel-acpi-ec/builds/ > > You can check t

Re: Kernel 4.13 rebase plans

On Tue, Sep 5, 2017 at 6:25 PM, James Hogarth wrote: > > > On 5 September 2017 at 22:40, Chris Murphy wrote: >> >> On Tue, Sep 5, 2017 at 3:38 PM, Chris Murphy >> wrote: >> >> > FWIW, you can just download the F27 kernel, kernel-core, >> > kernel-modules (optionally extras), and 'sudo dnf instal

Re: Kernel 4.13 rebase plans

On Tue, Sep 5, 2017 at 6:25 PM, James Hogarth wrote: > > > On 5 September 2017 at 22:40, Chris Murphy wrote: >> >> On Tue, Sep 5, 2017 at 3:38 PM, Chris Murphy >> wrote: >> >> > FWIW, you can just download the F27 kernel, kernel-core, >> > kernel-modules (optionally extras), and 'sudo dnf instal

Re: Topics for kernel discussion at Flock

On Thu, Aug 24, 2017 at 5:05 PM, Peter Robinson wrote: > On Thu, Aug 24, 2017 at 6:18 PM, Josh Boyer wrote: >> On Thu, Aug 24, 2017 at 1:03 PM, Peter Robinson wrote: >>> On Thu, Aug 24, 2017 at 5:46 PM, Laura Abbott wrote: >>>> Hi, >>>> >>&g

Re: Topics for kernel discussion at Flock

On Thu, Aug 24, 2017 at 1:03 PM, Peter Robinson wrote: > On Thu, Aug 24, 2017 at 5:46 PM, Laura Abbott wrote: >> Hi, >> >> Flock is next week and there is a session about kernel process >> (https://flock2017.sched.com/event/Bm9W/fedora-kernel-process-review). >> Obviously not everyone can attend

Re: [PATCH] disable SWIOTLB on Power (#1480380)

On Fri, Aug 11, 2017 at 6:25 AM, Dan Horák wrote: > All supported platforms have IOMMU, thus disable. > --- > baseconfig/powerpc/CONFIG_SWIOTLB | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) I fixed this up to have a blurb in the kernel.spec changelog and pushed it to f26 and rawhide.

Re: [PATCH] Enforce kernel-devel-uname-r >= uname-r if any kernel-devel-uname-r - rhbz#1450577

On Mon, Jul 24, 2017 at 9:40 AM, Nicolas Chauvet wrote: > 2017-07-24 15:28 GMT+02:00 Josh Boyer : >> On Mon, Jul 24, 2017 at 9:20 AM, Nicolas Chauvet wrote: >> >> Please add a descriptive changelog to the patch. People shouldn't >> have to go somewhere else to se

Re: [PATCH] Enforce kernel-devel-uname-r >= uname-r if any kernel-devel-uname-r - rhbz#1450577

On Mon, Jul 24, 2017 at 9:20 AM, Nicolas Chauvet wrote: Please add a descriptive changelog to the patch. People shouldn't have to go somewhere else to see why a change is being made. I even read the bug and still don't fully understand what problem you're trying to solve. > --- > kernel.spec

Re: kernel-4.13-rc0 question

On Mon, Jul 17, 2017 at 8:40 AM, Sérgio Basto wrote: > On Fri, 2017-07-14 at 08:03 -0400, Josh Boyer wrote: >> On Fri, Jul 14, 2017 at 7:46 AM, Sérgio Basto >> wrote: >> > Hi, >> > I have a bug report that can't build virtualbox kmods for kernels >>

Re: kernel-4.13-rc0 question

On Fri, Jul 14, 2017 at 7:46 AM, Sérgio Basto wrote: > Hi, > I have a bug report that can't build virtualbox kmods for kernels on > rawhide > > Larry Finger for opensuse wrote: > > Yes, it does not work for kernel 4.11. The "#ifndef" will eventually be > replaced > by "#if LINUX_VERSION_CODE >= KE

Re: ppisar pushed to kernel (master). "perl dependency renamed to perl-interpreter "

On Thu, Jul 13, 2017 at 8:24 AM, Petr Pisar wrote: > On Thu, Jul 13, 2017 at 08:15:14AM -0400, Josh Boyer wrote: >> On Thu, Jul 13, 2017 at 3:54 AM, wrote: >> > From 575a9e2f6afcad8fa21ca7b0c38278730e2670db Mon Sep 17 00:00:00 2001 >> > From: =?UTF-8?q?Petr=20P=C3=A

Re: ppisar pushed to kernel (master). "perl dependency renamed to perl-interpreter "

On Thu, Jul 13, 2017 at 3:54 AM, wrote: > From 575a9e2f6afcad8fa21ca7b0c38278730e2670db Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= > Date: Thu, 13 Jul 2017 09:54:13 +0200 > Subject: perl dependency renamed to perl-interpreter >

Re: Building kernel with fedpkg and custom config

On Fri, Jun 9, 2017 at 9:02 AM, wrote: > > Hi Laura, > > Thanks for the reply, and indeed it works like a charm when I put that > #x86_64 header in the config file, likewise the kernel-local file also works > perfectly, when I keep the header in the file. > > One of the very few things I didn't

Re: [PATCH] Drop kernel-devel virtual provide rhbz#1420754

On Tue, Feb 28, 2017 at 4:02 AM, Nicolas Chauvet wrote: > 2017-02-16 19:33 GMT+01:00 Nicolas Chauvet : >> 2017-02-16 19:26 GMT+01:00 Nicolas Chauvet : >>> --- >>> kernel.spec | 1 - >>> 1 file changed, 1 deletion(-) >>> >>> diff --git a/kernel.spec b/kernel.spec >>> index 4363050..38968ba 100644

Re: [PATCH] enable NUMA on s390x

On Fri, Feb 10, 2017 at 9:19 AM, Dan Horák wrote: > Hi, > > this is for Rawhide and related to > https://bugzilla.redhat.com/show_bug.cgi?id=1419064 > so the user-space then will work. ACK. Let's throw that in the patch itself next time so it lands in the commit log :) josh > On Fri, 10 Feb 20

Re: [PATCH] set zEC12 as minimum hw level for s390x

On Fri, Feb 3, 2017 at 2:13 PM, Justin Forbes wrote: > On Fri, Feb 3, 2017 at 11:08 AM, Josh Boyer > wrote: >> >> On Thu, Feb 2, 2017 at 11:53 AM, Dan Horák wrote: >> >> Ack. We did similar changes in rpm macros already so that gcc builds >> for this platfo

Re: [PATCH] set zEC12 as minimum hw level for s390x

On Thu, Feb 2, 2017 at 11:53 AM, Dan Horák wrote: Ack. We did similar changes in rpm macros already so that gcc builds for this platform by default. Glibc will be making equivalent changes as well. josh > --- > baseconfig/s390x/CONFIG_MARCH_Z900 | 1 - > baseconfig/s390x/CONFIG_MARCH_Z990

Re: Adding out-of-tree wifi drivers to the Fedora kernel pkg

On Wed, Jan 18, 2017 at 9:28 AM, Hans de Goede wrote: > Hi, > > > On 18-01-17 13:10, Josh Boyer wrote: >> >> On Wed, Jan 18, 2017 at 5:18 AM, Hans de Goede >>> And I still end up at my original unanswered question: >>> >>> "All I'm as

Re: Adding out-of-tree wifi drivers to the Fedora kernel pkg

On Wed, Jan 18, 2017 at 5:18 AM, Hans de Goede wrote: > Hi, > > > On 17-01-17 21:59, Laura Abbott wrote: >> >> On 01/17/2017 05:19 AM, Hans de Goede wrote: >>> >>> Hi, >>> >>> On 17-01-17 14:12, Thorsten Leemhuis wrote: Lo! Three quick question from someone who for some strange reason is

Re: Repository of Kernels for Fedora

On Thu, Jan 12, 2017 at 8:47 AM, Benson Muite wrote: > > > On 01/12/2017 03:32 PM, Josh Boyer wrote: >> >> On Thu, Jan 12, 2017 at 8:22 AM, Benson Muite >> wrote: >>> >>> Hi, >>> >>> Is there a repository of compiled linux kern

Re: Repository of Kernels for Fedora

On Thu, Jan 12, 2017 at 8:22 AM, Benson Muite wrote: > Hi, > > Is there a repository of compiled linux kernels for Fedora similar to that > for Ubunutu at: > http://kernel.ubuntu.com/~kernel-ppa/mainline/ Nothing quite like that, no. All the kernels built and shipped for a Fedora release are in

Re: Fedora kernels should disable CONFIG_IWLWIFI_PCIE_RTPM

On Tue, Dec 20, 2016 at 1:18 PM, Jóhann B. Guðmundsson wrote: > On 12/15/2016 12:01 PM, Josh Boyer wrote: > >> On Thu, Dec 15, 2016 at 5:37 AM, Hans de Goede >> wrote: >>> >>> Hi, >>> >>> I stumbled over this while looking into something

Re: Fedora kernels should disable CONFIG_IWLWIFI_PCIE_RTPM

On Thu, Dec 15, 2016 at 5:37 AM, Hans de Goede wrote: > Hi, > > I stumbled over this while looking into something completely different, > according to: > > https://bugzilla.kernel.org/show_bug.cgi?id=172411 > > As this point in time it is better to not enable > CONFIG_IWLWIFI_PCIE_RTPM, as it caus

Re: [PATCH] config: Enable CONFIG_MODVERSIONS

On Thu, Dec 1, 2016 at 9:58 AM, Don Zickus wrote: > On Thu, Dec 01, 2016 at 07:53:06AM -0600, Justin Forbes wrote: >> On Wed, Nov 30, 2016 at 8:03 PM, Don Zickus wrote: >> >> > On Wed, Nov 30, 2016 at 04:25:30PM -0800, Laura Abbott wrote: >> > > > I don't think it would be a bad idea to enable i

Re: [PATCH] config: Enable CONFIG_MODVERSIONS

On Wed, Nov 30, 2016 at 6:19 PM, Justin Forbes wrote: > On Wed, Nov 30, 2016 at 4:33 PM, Josh Boyer > wrote: >> >> On Wed, Nov 30, 2016 at 5:29 PM, Paul Bolle wrote: >> > On Wed, 2016-11-30 at 17:15 -0500, Don Zickus wrote: >> >> I noticed that CONFIG_MO

Re: [PATCH] config: Enable CONFIG_MODVERSIONS

On Wed, Nov 30, 2016 at 5:29 PM, Paul Bolle wrote: > On Wed, 2016-11-30 at 17:15 -0500, Don Zickus wrote: >> I noticed that CONFIG_MODVERSIONS was not enabled in Fedora. I do not know >> the history and would be curious to know if someone knew. >> >> Otherwise, I would like to propose enabling it

Re: arm64: F26 vs F25 kernel config for 4.9 (48-bit VA)

On Tue, Nov 22, 2016 at 2:14 PM, Jon Masters wrote: > Hi Folks, > > A quick reminder that, while 48-bit VA is enabled in rawhide/26: > > commit c0f22caded1d549e532d2ab3ce767f8f3d2206f8 > Author: Peter Robinson > Date: Mon Oct 31 15:45:58 2016 + > > arm64: Enable 48bit VA

Re: [PATCH] set z10 as minimum architecture level for s390x

On Tue, Nov 15, 2016 at 6:11 AM, Dan Horák wrote: > This is intended for f26/rawhide only. > > > Dan > > On Tue, 15 Nov 2016 11:38:25 +0100 > Dan Horák wrote: > >> --- >> config-s390x | 4 +--- >> 1 file changed, 1 insertion(+), 3 deletions(-) >> >> diff --git a/config-s390x b/co

Re: [PATCH 1/5] Run oldnoconfig make targets silently

On Mon, Nov 14, 2016 at 2:08 PM, Paul Bolle wrote: > On Thu, 2016-11-10 at 19:38 -0500, Josh Boyer wrote: >> [...] but it can't be at the expense of people that have >> to do things with this package multiple times a day. > > Sure. > > But - to keep my reply

Re: [PATCH 1/5] Run oldnoconfig make targets silently

On Thu, Nov 10, 2016 at 4:32 PM, Paul Bolle wrote: > On Thu, 2016-11-10 at 16:09 -0500, Josh Boyer wrote: >> Paul, your changes make some logical sense but they break the workflow >> of the people that have to maintain the package. That's where most of >> the push

Re: [PATCH 1/5] Run oldnoconfig make targets silently

On Thu, Nov 10, 2016 at 4:03 PM, Peter Robinson wrote: > On Thu, Nov 10, 2016 at 8:59 PM, Paul Bolle wrote: >> On Thu, 2016-11-10 at 20:28 +, Peter Robinson wrote: >>> I agree with Josh, what is it that you're actually trying to achieve here? >> >> What I want to achieve is to make the build

Re: [PATCH 3/5] Only run listnewconfig and oldnoconfig for one arch

On Thu, Nov 10, 2016 at 1:09 PM, Paul Bolle wrote: > On Thu, 2016-11-10 at 11:16 -0500, Josh Boyer wrote: >> We used to only run it for the current build architecture. However, >> when we did that what wound up happening is that we'd have the new >> options co

Re: [PATCH 3/5] Only run listnewconfig and oldnoconfig for one arch

On Thu, Nov 10, 2016 at 11:08 AM, Paul Bolle wrote: > During the %prep phase we run "make listnewconfig" and "make oldnoconfig" for > all six supported architectures (arm64, arm, i386, powerpc, s390, and x86_64). > We only care about the set of .configs that is relevant for the current build > arc

Re: [PATCH 5/5] Remove references to (31 bits) s390

On Thu, Nov 10, 2016 at 11:08 AM, Paul Bolle wrote: > We don't build for (31 bits) s390 but only for (64 bits) s390x. So remove a > few > irrelevant references to s390. > > Signed-off-by: Paul Bolle Seems fine. josh > --- > kernel.spec | 8 > 1 file changed, 4 insertions(+), 4 delet

[PATCH 19/20] MODSIGN: Support not importing certs from db

If a user tells shim to not use the certs/hashes in the UEFI db variable for verification purposes, shim will set a UEFI variable called MokIgnoreDB. Have the uefi import code look for this and not import things from the db variable. Signed-off-by: Josh Boyer --- kernel/modsign_uefi.c | 40

[PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot

'dbx' variable. We load those certificates into the newly introduced system blacklist keyring and forbid any module signed with those from loading. Signed-off-by: Josh Boyer --- certs/system_keyring.c| 13 ++ include/keys/system_keyring.h | 1 + init/Kconfig

[PATCH 17/20] KEYS: Add a system blacklist keyring

gning. Signed-off-by: Josh Boyer --- certs/system_keyring.c| 22 ++ include/keys/system_keyring.h | 4 init/Kconfig | 9 + 3 files changed, 35 insertions(+) diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 50979d6

[PATCH 20/20] Add sysrq option to disable secure boot mode

From: Kyle McMartin Bugzilla: N/A Upstream-status: Fedora mustard --- arch/x86/kernel/setup.c | 36 drivers/input/misc/uinput.c | 1 + drivers/tty/sysrq.c | 19 +-- include/linux/input.h | 5 + include/linux/sysrq.h

[PATCH 16/20] Add an EFI signature blob parser and key loader.

From: Dave Howells X.509 certificates are loaded into the specified keyring as asymmetric type keys. [labb...@fedoraproject.org: Drop KEY_ALLOC_TRUSTED] Signed-off-by: David Howells --- crypto/asymmetric_keys/Kconfig | 8 +++ crypto/asymmetric_keys/Makefile | 1 + crypto/asymmetri

[PATCH 09/20] x86: Restrict MSR access when module loading is restricted

From: Matthew Garrett Writing to MSRs should not be allowed if module loading is restricted, since it could lead to execution of arbitrary code in kernel mode. Based on a patch by Kees Cook. Cc: Kees Cook Signed-off-by: Matthew Garrett --- arch/x86/kernel/msr.c | 7 +++ 1 file changed, 7

[PATCH 15/20] Add EFI signature data types

From: Dave Howells Add the data types that are used for containing hashes, keys and certificates for cryptographic verification. Bugzilla: N/A Upstream-status: Fedora mustard for now Signed-off-by: David Howells --- include/linux/efi.h | 17 + 1 file changed, 17 insertions(+)

[PATCH 14/20] hibernate: Disable in a signed modules environment

There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it in a secure modules environment. Signed-off-by: Josh Boyer --- kernel/power/hibernate.c | 3

[PATCH 13/20] efi: Add EFI_SECURE_BOOT bit

UEFI machines can be booted in Secure Boot mode. Add a EFI_SECURE_BOOT bit for use with efi_enabled. Signed-off-by: Josh Boyer --- arch/x86/kernel/setup.c | 2 ++ include/linux/efi.h | 1 + 2 files changed, 3 insertions(+) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c

[PATCH 12/20] efi: Disable secure boot if shim is in insecure mode

boot mode if that variable is set. Signed-off-by: Josh Boyer --- arch/x86/boot/compressed/eboot.c | 20 +++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c index ebc85c1eefd6..50e027f388d8 100644

[PATCH 10/20] Add option to automatically enforce module signatures when in Secure Boot mode

From: Matthew Garrett UEFI Secure Boot provides a mechanism for ensuring that the firmware will only load signed bootloaders and kernels. Certain use cases may also require that all kernel modules also be signed. Add a configuration option that enforces this automatically when enabled. Signed-of

[PATCH 11/20] efi: Add SHIM and image security database GUID definitions

Add the definitions for shim and image security database, both of which are used widely in various Linux distros. Signed-off-by: Josh Boyer --- include/linux/efi.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/efi.h b/include/linux/efi.h index 2d089487d2da..ce943d5accfd

[PATCH 04/20] ACPI: Limit access to custom_method

From: Matthew Garrett custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if any such restrictions have been enabled. Signed-off-by: Matthew Garrett --- drivers/acpi/custom_method.c | 3

[PATCH 08/20] kexec: Disable at runtime if the kernel enforces module loading restrictions

From: Matthew Garrett kexec permits the loading and execution of arbitrary code in ring 0, which is something that module signing enforcement is meant to prevent. It makes sense to disable kexec in this situation. Signed-off-by: Matthew Garrett --- kernel/kexec.c | 8 1 file changed,

[PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is restricted

From: Matthew Garrett Allowing users to write to address space makes it possible for the kernel to be subverted, avoiding module loading restrictions. Prevent this when any restrictions have been imposed on loading modules. Signed-off-by: Matthew Garrett --- drivers/char/mem.c | 6 ++ 1 fi

[PATCH 05/20] asus-wmi: Restrict debugfs interface when module loading is restricted

From: Matthew Garrett We have no way of validating what all of the Asus WMI methods do on a given machine, and there's a risk that some will allow hardware state to be manipulated in such a way that arbitrary code can be executed in the kernel, circumventing module loading restrictions. Prevent t

[PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted

From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to circumvent any restrictions imposed on loading modules. Disable it in that case. Signed-off-by: Josh Boyer --- drivers/acpi/osl.c | 3 ++- 1 file changed, 2 insertions

[PATCH 02/20] PCI: Lock down BAR access when module security is enabled

From: Matthew Garrett Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to modify kernel code, allowing them to circumvent disabled module loading or module signing. Default to paranoid - in future we can potent

[PATCH 01/20] Add secure_modules() call

From: Matthew Garrett Provide a single call to allow kernel code to determine whether the system has been configured to either disable module loading entirely or to load only modules signed with a trusted key. Bugzilla: N/A Upstream-status: Fedora mustard. Replaced by securelevels, but that was

[PATCH 03/20] x86: Lock down IO port access when module security is enabled

From: Matthew Garrett IO port access would permit users to gain access to PCI configuration registers, which in turn (on a lot of hardware) give access to MMIO register space. This would potentially permit root to trigger arbitrary DMA, so lock it down by default. Signed-off-by: Matthew Garrett

Refresh Secure Boot patchset

The upstream 0-day bot found an issue with the existing patchset in the rawhide kernel. Everything builds fine as a whole, but if one were to bisect the patches, a build would break because the shim GUID is used in a patch before it is actually defined. Fix this by inserting a patch in the series

Re: realtek wireless modules

On Mon, Oct 10, 2016 at 2:02 PM, Peter Robinson wrote: > Hi Laura, Justin, et el, > > I've been playing with a handful of cheap USB wireless modules for > support on the Raspberry Pi and other similar devices. > > I've noticed that there's a bunch of overlap regarding usb IDs between > the newer (

Re: The future of secure boot patches in Fedora

On Tue, Aug 23, 2016 at 7:23 AM, Thorsten Leemhuis wrote: > On 22.08.2016 23:14, Laura Abbott wrote: >> On 08/22/2016 01:16 PM, Chris Murphy wrote: >>> On Mon, Aug 22, 2016 at 2:08 PM, John Dulaney wrote: On Mon, Aug 22, 2016 at 12:28:18PM -0700, Laura Abbott wrote: > The secure boot pat

Re: The future of secure boot patches in Fedora

On Mon, Aug 22, 2016 at 9:18 PM, Jarod Wilson wrote: > On Mon, Aug 22, 2016 at 08:34:02PM -0400, Josh Boyer wrote: >> On Mon, Aug 22, 2016 at 8:22 PM, Jarod Wilson wrote: >> > On Mon, Aug 22, 2016 at 03:50:22PM -0600, Chris Murphy wrote: >> >> On Mon, Aug 22, 2016 a

Re: The future of secure boot patches in Fedora

On Tue, Aug 23, 2016 at 4:05 AM, Peter Robinson wrote: The secure boot patches have been around in the Fedora tree for a while now. They work well enough but there has not been much active work in getting them accepted upstream in recent years.

Re: The future of secure boot patches in Fedora

On Mon, Aug 22, 2016 at 8:22 PM, Jarod Wilson wrote: > On Mon, Aug 22, 2016 at 03:50:22PM -0600, Chris Murphy wrote: >> On Mon, Aug 22, 2016 at 3:14 PM, Laura Abbott wrote: >> > On 08/22/2016 01:16 PM, Chris Murphy wrote: >> >> >> >> On Mon, Aug 22, 2016 at 2:08 PM, John Dulaney wrote: >> >>> >>

Re: Kernel 4.7 rebase plans

On Mon, Aug 22, 2016 at 7:44 AM, Edward O'Callaghan wrote: > I am currently + linux-firmware testing. Problem is I am setting this box up > for a non-technical user you see.. :/ testing packages means its easier for > him to do a system update and smoothly progress into a 'normal' system once >

  1   2   3   4   5   6   7   8   9   >