summaryrefslogtreecommitdiff
path: root/packages/linux-kernel/arch/x86
AgeCommit message (Collapse)Author
2024-09-25T861: sign all Kernel modules with an ephemeral keyChristian Breunig
The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key.
2024-09-22Kernel: T5887: disable various unused/not needed debug optionsChristian Breunig
2024-09-16Merge pull request #763 from c-po/secure-bootViacheslav Hletenko
T861: add UEFI Secure Boot support
2024-09-14T861: add UEFI Secure Boot supportChristian Breunig
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-06T6703: add support for amd pstate driverNicolas Vollmar
2024-08-20linux-kernel: T6485: build modules for thunderbolt and thunderbolt-netRafael Antunes
2024-07-17T6584: Revert "T6293: add Mediatek MT7921 to defconfig"Christian Breunig
This reverts commit dbf7e47a27537a9c298afd665244b7bc2b6cf5f6.
2024-05-27T6406: enables CONFIG_CFS_BANDWIDTH for cpu cgroup limitsNicolas Vollmar
2024-05-27Kernel: T6406: enables CONFIG_CGROUP_CPUACCTNicolas Vollmar
2024-05-24kernel: T6395: Enabled VFIO_NOIOMMU supportzsdc
VFIO No-IOMMU support is required for environments where IOMMU is not available but we still want to use VFIO.
2024-05-02T6293: add Mediatek MT7921 to defconfigSaul Goodman
2024-04-30kernel: T6286: Enable Generic driver for Hyper-V VMBuszsdc
Generic driver for Hyper-V VMBus is required in Hyper-V environments for direct access to network devices from userspace.
2024-02-07Kernel: T5973: compile in vrf module for proper strict_mode setupChristian Breunig
2024-02-01Kernel: T5995: enable CONFIG_HINIC for Huawei NICsChristian Breunig
2024-02-01Kernel: T5619: remove build-in Intel IXGBE driver for out-of-tree versionChristian Breunig
2024-02-01Kernel: T5887: update Linux Kernel to v6.6.15Christian Breunig
2024-01-20Kernel: T5954: Enable nvme_hwmon and drivetempPiotr Maksymiuk
2024-01-10Merge pull request #484 from sever-sever/T3429Christian Breunig
T3429: Add kernel modules for Hyper-V
2024-01-10Kernel: T5887: remove build-in QAT drivers, using out-of-tree modulesChristian Breunig
2024-01-10T3429: Add kernel modules for Hyper-VViacheslav Hletenko
Add kernel modules for Hyper-V Based on user reviews the following settings must be made: ``` CONFIG_CONNECTOR=y CONFIG_HYPERV_UTILS=m ```
2024-01-04Kernel: T5887: update Linux Kernel to v6.6.9Christian Breunig
2023-12-20kernel: T5838: Enabled Infiniband for `mlx4` and `mlx5`zsdc
Mellanox/NVIDIA NICs require Infiniband support for proper communication with user space, which is used by tools like DPDK. This commit enables Infiniband with user access support and adds it to `mlx4`/`mlx5`.
2023-11-23T5776: kernel enable VFIO supportViacheslav Hletenko
2023-10-17Revert "Kernel: T4928: enable CONFIG_USB_NET_RNDIS_HOST=m"Christian Breunig
This reverts commit 88be901bc103d1c47adbbc874d02e8ec5cde3397.
2023-10-02Kernel: T5626: only select required Kernel CGROUP controllersChristian Breunig
TL;DR: systemd does not require the performance-sensitive bits of Linux control groups enabled in the kernel. However, it does require some non-performance-sensitive bits of the control group logic. http://0pointer.de/blog/projects/cgroups-vs-cgroups.html The only controllers required for VyOS to function are the memory and PID controller required by the container feature. All other controlles can be disabled.
2023-10-02Kernel: T5626: update to latest version with Kernel defaultsChristian Breunig
With all the minor fixes applied to the Kernel, also options change - this just syncs the previous config to the latest version with the new defaults applied that slipped in during all those bugfixes.
2023-09-19T5588: Add kernel module CONFIG_NF_CONNTRACK_BRIDGEViacheslav Hletenko
2023-08-12Kernel: T5325: enable CONFIG_PARPORTChristian Breunig
2023-08-01Kernel: T4599: set CONFIG_VIRTIO_FS to mYuya Kusakabe
Enable virtiofs to support lxd-agent. See https://github.com/canonical/lxd/blob/005bd8d473002a1f72b19b3e4f9e05557bece639/lxd/instance/drivers/driver_qemu.go#L2510-L2549
2023-06-24Kernel: T5310: add stmicro driver supportJohn
I added also additional expansion card with 2 Intel i211 NIC’s. I want to utilize all 4 NIC’s, but I have an issue because only NIC on expansion cards are properly detected.
2023-06-17T5298:Add RFKILL support into kernel.cuongdt1994
Jun 16 20:39:24 systemd[1]: Starting hostapd@wlan0.service - Access point and authentication server for Wi-Fi and Ethernet (wlan0)… Jun 16 20:39:25 hostapd[7198]: rfkill: Cannot open RFKILL control device Jun 16 20:39:25 hostapd[7198]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE Jun 16 20:39:25 systemd[1]: Started hostapd@wlan0.service - Access point and authentication server for Wi-Fi and Ethernet (wlan0). Seems RFKILL is missing, or could there be someting else?
2023-06-15T5281: Add CONFIG_VHOST_MENU to kernelViacheslav Hletenko
Without this option the 'vhost' modules are not included
2023-06-12T5281: Add kernel options for vhost-netViacheslav Hletenko
The kernel 'vhost-net' options required for creating TAP devices vpp# create tap create tap: open '/dev/vhost-net': No such file or directory vpp# vpp# create tap id 1 host-if-name tap1 create tap: open '/dev/vhost-net': No such file or directory vpp#
2023-06-08T5264: Add Mellanox Technologies firmware flash module mlxfw to kernelcuongdt1994
Add Mellanox Technologies firmware flash module mlxfw to kernel
2023-05-10T5217: Kernel add CONFIG_NFT_SYNPROXYViacheslav Hletenko
2023-05-02Kernel: T4928: enable CONFIG_RD_ZSTD and CONFIG_DECOMPRESS_ZSTDChristian Breunig
2023-04-29Kernel: T4928: enable CONFIG_USB_NET_RNDIS_HOST=mChristian Breunig
2023-03-21Kernel: T4928: statically compile CONFIG_IKCONFIGChristian Breunig
2023-03-17Kernel: T5086: enable CONFIG_NET_DROP_MONITOR for hsflowdChristian Breunig
2023-03-17Kernel: T4928: update config to v6.1.19Christian Breunig
2023-01-03Kernel: T4691: enable CONFIG_BLK_DEV_DM optionChristian Poessinger
This enables Device Mapper support for either RAID targets or encrypted partitions.
2022-11-23Kernel: T4836: enable Ethernet switch device driver modelChristian Poessinger
2022-11-23Kernel: T4836: enable High-availability Seamless Redundancy (HSR & PRP)Christian Poessinger
2022-11-23Kernel: T4836: enable TCP encapsulation of IKE and IPsec messages (RFC 8229)Christian Poessinger
2022-09-13Kernel: T4691: Initial support for 5.15.67Christian Poessinger
2022-08-25Kernel: T4647: enable GVE (Google Virtual NIC)Christian Poessinger
2022-08-25Kernel: T3923: enable INET(6)_ESPINTCPChristian Poessinger
2022-07-18Kernel: T1368: statically build MPLS support into the KernelChristian Poessinger
2022-07-09Kernel: T893: enable VPP related featuresChristian Poessinger
2022-07-09Kernel: T1475: enable CONFIG_DCBChristian Poessinger
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 04:36:55 +0000