| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The shim review board (which is the secure boot base loader) recommends using
ephemeral keys when signing the Linux Kernel. This commit enables the Kernel
build system to generate a one-time ephemeral key that is used to:
* sign all build-in Kernel modules
* sign all other out-of-tree Kernel modules
The key lives in /tmp and is destroyed after the build container exits and is
named: "VyOS build time autogenerated kernel key".
In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it
unable to load any Kernel Module to the image that is NOT signed by the
ephemeral key.
|
|
|
|
|
|
|
|
This fixes an error introduced by commit 3d5445d8f7c0 ("T5499: arm64: build
jool with correct depends").
|
|
|
|
|
|
Individual packages like dropbear, frr, iproute2 ... all came with a copy of
gitignore rules already present in the base file.
Those rules have been dropped.
|
|
|
|
This reverts commit 78c43c2078e292ac9b53d2d6a41a47466d283914.
Unfortunately we must revert the Kernel upgrade as there are two problematic
issues. One which is the break of ABI functionality with parted [1] and second
the internal cryptop API [2] which removed required literals for the build of
Intel QAT acceleration.
In the two weeks running 5.8 we still learned a lot - we experienced a
performance improvement of ~30% when doing NAT @ > 10GBit/s and also utilizing
the build in updated drivers for Intel NICs and WireGuard.
We are looking forward to the release of this years LTS kernel and we hope to
ship this in the final 1.3 release.
1: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.8.y&id=692d062655
2: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.5.y&id=d63007eb95
|
|
Imported from https://github.com/vyos/vyos-build-kernel commit 9e7c12b
|
