| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The shim review board (which is the secure boot base loader) recommends using
ephemeral keys when signing the Linux Kernel. This commit enables the Kernel
build system to generate a one-time ephemeral key that is used to:
* sign all build-in Kernel modules
* sign all other out-of-tree Kernel modules
The key lives in /tmp and is destroyed after the build container exits and is
named: "VyOS build time autogenerated kernel key".
In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it
unable to load any Kernel Module to the image that is NOT signed by the
ephemeral key.
|
|
|
|
T861: add UEFI Secure Boot support
|
|
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.
NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:
data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
|
|
|
|
|
|
This reverts commit dbf7e47a27537a9c298afd665244b7bc2b6cf5f6.
|
|
|
|
|
|
VFIO No-IOMMU support is required for environments where IOMMU is not available
but we still want to use VFIO.
|
|
|
|
Generic driver for Hyper-V VMBus is required in Hyper-V environments for direct
access to network devices from userspace.
|
|
Kernel: T5499: update arm64 kernel configuration to v6.6.15
|
|
|
|
|
|
|
|
|
|
|
|
|
|
T3429: Add kernel modules for Hyper-V
|
|
|
|
Add kernel modules for Hyper-V
Based on user reviews the following settings must be made:
```
CONFIG_CONNECTOR=y
CONFIG_HYPERV_UTILS=m
```
|
|
|
|
Mellanox/NVIDIA NICs require Infiniband support for proper communication with
user space, which is used by tools like DPDK.
This commit enables Infiniband with user access support and adds it to
`mlx4`/`mlx5`.
|
|
|
|
It's the second time the maintainers talk about removing RNDIS from the Linux
Kernel. We should not bet on such a feature if not extremely necessary.
https://www.phoronix.com/news/Linux-Disabling-RNDIS-Drivers
|
|
This reverts commit 88be901bc103d1c47adbbc874d02e8ec5cde3397.
|
|
TL;DR: systemd does not require the performance-sensitive bits of Linux control
groups enabled in the kernel. However, it does require some
non-performance-sensitive bits of the control group logic.
http://0pointer.de/blog/projects/cgroups-vs-cgroups.html
The only controllers required for VyOS to function are the memory and PID
controller required by the container feature. All other controlles can be
disabled.
|
|
With all the minor fixes applied to the Kernel, also options change - this
just syncs the previous config to the latest version with the new defaults
applied that slipped in during all those bugfixes.
|
|
|
|
This reverts commit 8aafa6834bdd3d8ea4518fd73189141e2de70c9e.
This increases Kernel build time to >6h ane enables features we do not
need, as this is not Desktop/Server but a router.
|
|
Signed-off-by: Date Huang <tjjh89017@hotmail.com>
|
|
|
|
|
|
Enable virtiofs to support lxd-agent.
See https://github.com/canonical/lxd/blob/005bd8d473002a1f72b19b3e4f9e05557bece639/lxd/instance/drivers/driver_qemu.go#L2510-L2549
|
|
I added also additional expansion card with 2 Intel i211 NIC’s.
I want to utilize all 4 NIC’s, but I have an issue because only NIC on expansion cards are properly detected.
|
|
Jun 16 20:39:24 systemd[1]: Starting hostapd@wlan0.service - Access point and authentication server for Wi-Fi and Ethernet (wlan0)…
Jun 16 20:39:25 hostapd[7198]: rfkill: Cannot open RFKILL control device
Jun 16 20:39:25 hostapd[7198]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Jun 16 20:39:25 systemd[1]: Started hostapd@wlan0.service - Access point and authentication server for Wi-Fi and Ethernet (wlan0).
Seems RFKILL is missing, or could there be someting else?
|
|
Without this option the 'vhost' modules are not included
|
|
The kernel 'vhost-net' options required for creating TAP devices
vpp# create tap
create tap: open '/dev/vhost-net': No such file or directory
vpp#
vpp# create tap id 1 host-if-name tap1
create tap: open '/dev/vhost-net': No such file or directory
vpp#
|
|
Add Mellanox Technologies firmware flash module mlxfw to kernel
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This enables Device Mapper support for either RAID targets or encrypted
partitions.
|
|
|
|
|
