summaryrefslogtreecommitdiff
path: root/packages/linux-kernel
AgeCommit message (Collapse)Author
2024-10-02T6754: Delete Jenkins build packagesViacheslav Hletenko
2024-09-25T861: sign all Kernel modules with an ephemeral keyChristian Breunig
The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key.
2024-09-22Kernel: T5887: disable various unused/not needed debug optionsChristian Breunig
2024-09-16Merge pull request #764 from c-po/secure-bootChristian Breunig
Kernel: T861: use find over ls when probing for Kernel signing public keys
2024-09-16Kernel: T861: use find over ls when probing for Kernel signing public keysChristian Breunig
2024-09-16Merge pull request #763 from c-po/secure-bootViacheslav Hletenko
T861: add UEFI Secure Boot support
2024-09-14T861: add UEFI Secure Boot supportChristian Breunig
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-14Kernel: T5887: cleanup Debian postinst files after package buildChristian Breunig
2024-09-14mellanox: T6231: execute build script with sudoChristian Breunig
2024-09-07Kernel: T861: remove superfluous architecture from Kernel stringChristian Breunig
2024-09-06T6703: add support for amd pstate driverNicolas Vollmar
2024-08-26Merge pull request #657 from rafaelgaspar/add-thunderbolt-netChristian Breunig
linux-kernel: T6485: build modules for thunderbolt and thunderbolt-net
2024-08-24T6231: update OFED version and fix build scriptRageLtMan
Push OFED to 24.07-0.6.1.0 Replace bash syntax for conditional check with sh syntax in OFED build script.
2024-08-20linux-kernel: T6485: build modules for thunderbolt and thunderbolt-netRafael Antunes
2024-08-11Kernel: T5887: update Linux Kernel to v6.6.45Christian Breunig
2024-07-25Merge pull request #665 from sempervictus/feature/mellanox_ofed_driversChristian Breunig
T6231: Mellanox OFED
2024-07-25mellanox: T6231: we do not need to build all packages, delete all unused onesChristian Breunig
2024-07-25mellanox: T6231: add missing KERNEL_SUFFIX for module installation pathChristian Breunig
All VyOS kernel modules must live in the appropriate module directory, example: /lib/modules/6.6.41-amd64-vyos/ In addition we do not abbreviate script options to make reading easier, without call --help all the time.
2024-07-25Kernel: T6231: verify mellanox driver source by SHA1 hashChristian Breunig
2024-07-25Kernel: T6231: update .gitignore for mellanox driversChristian Breunig
2024-07-17T6584: Revert "T6293: add Mediatek MT7921 to defconfig"Christian Breunig
This reverts commit dbf7e47a27537a9c298afd665244b7bc2b6cf5f6.
2024-07-06Kernel: T5887: update linux-firmware to 20240610Christian Breunig
2024-07-02Kernel: T5887: update Linux Kernel to v6.6.36Christian Breunig
2024-06-21T6231: Mellanox OFED Kernel and Userspace PackagesRageLtMan
Build OFED drivers and userspace components against the kernel source tree similar to Intel's NIC drivers. OFED installers create Debian packages of their own tageting the kernel version defined in the build invocation if DKMS is omitted. Script builds with supporting components for VPP to permit handoff of function to the underlying hardware as appropriate. Updating the version is fairly trivial along with adding patching as needed to handle kCFI and hardening measures as they are introduced. Testing: Tested against GCC-built Linux Hardened kernel with the various additions from PR 132 - sustained line-rate testing against 4x100g links on a single machine at a hair below 200g for each LACP pair.
2024-06-17Kernel: T5887: update Linux Kernel to v6.6.34Christian Breunig
2024-05-27T6406: enables CONFIG_CFS_BANDWIDTH for cpu cgroup limitsNicolas Vollmar
2024-05-27Kernel: T6406: enables CONFIG_CGROUP_CPUACCTNicolas Vollmar
2024-05-24kernel: T6395: Enabled VFIO_NOIOMMU supportzsdc
VFIO No-IOMMU support is required for environments where IOMMU is not available but we still want to use VFIO.
2024-05-19Kernel: T5887: update Linux Kernel to v6.6.31Christian Breunig
2024-05-02T6293: add Mediatek MT7921 to defconfigSaul Goodman
2024-05-02Kernel: T5887: update Linux Kernel to v6.6.30Christian Breunig
2024-04-30kernel: T6286: Enable Generic driver for Hyper-V VMBuszsdc
Generic driver for Hyper-V VMBus is required in Hyper-V environments for direct access to network devices from userspace.
2024-04-29ixgbe: T5619: update driver version to 5.20.3Christian Breunig
2024-04-29Merge pull request #540 from ErnyTech/currentChristian Breunig
ixgbe: T6162: Add 1000BASE-BX support
2024-04-03Kernel: T5887: rebase inotify patchChristian Breunig
2024-03-30T4204: accel-ppp bump version 1.13.0Viacheslav Hletenko
Update accel-pppd version to 1.13.0 release Multiple fixes https://github.com/accel-ppp/accel-ppp/releases/tag/1.13.0
2024-03-23ixgbe: T6162: Add 1000BASE-BX supportErnesto Castellotti
The ixgbe driver did not support the 1000BASE-BX standard so for example FS.com SFP-GE-BX 1310/1490nm 10km transceiver received an unsupported module error even with allow_unsupported_sfp enabled. To solve this problem I created a patch that was accepted by Linux upstream (https://github.com/torvalds/linux/commit/1b43e0d20f2d007ec4c124b0deaa848ff8d61f4a) so starting from kernel 6.9 the ixgbe driver will have 1000BASE-BX support, however VyOS uses the out of tree driver so it is necessary to backport the patch.
2024-03-23ixgbe: T6155: always enable allow_unsupported_sfp even if module_param_array ↵Christian Breunig
is undefined This extends an else path with the logic from commit ea7d59a4b ("ixgbe: T6155: always enable allow_unsupported_sfp for all NICs by default")
2024-03-22ixgbe: T6155: always enable allow_unsupported_sfp for all NICs by defaultChristian Breunig
In-tree vs. Out-Of-Tree drivers differ in the way how unsupported transceivers are defined (uint vs array of int) for the Kernel module parameters. This results in: kernel: ixgbe 0000:5e:00.0: failed to initialize because an unsupported SFP+ module type was detected. kernel: ixgbe 0000:5e:00.0: Reload the driver after installing a supported module. kernel: ixgbe 0000:5e:00.0: removed PHC on eth6 This patch always enables unsupported SFP+ modules as wo do anyway from the userspace but only for the first port.
2024-03-20chore: T671: remove unused scripts and references to themDaniil Baturin
2024-03-10Kernel: T4022: add RTSP netfilter helper kernel moduleIndrek Ardel
2024-03-07Kernel: T5887: forward patch linkstate-ip-device-attribute for 6.6.21Christian Breunig
2024-03-01Kernel: T5887: forward patch linkstate-ip-device-attribute for 6.6.19Christian Breunig
2024-02-09Merge pull request #495 from Schamper/currentChristian Breunig
Kernel: T5499: update arm64 kernel configuration to v6.6.15
2024-02-07Kernel: T5973: compile in vrf module for proper strict_mode setupChristian Breunig
2024-02-05Kernel: T5499: update arm64 kernel configuration to v6.6.15Schamper
2024-02-01T5619: Add out-of-tree Intel ixgbevf driverChristian Breunig
2024-02-01Kernel: T5995: enable CONFIG_HINIC for Huawei NICsChristian Breunig
2024-02-01ixgbe: T5619: remove pci_*_pcie_error_reporting() code to work with Kernel 6.6Christian Breunig
This fixes commit 0f80a22b5 ("T5619: Add out-of-tree Intel ixgbe driver") to work with the latest 6.6 code base. For more information see https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com
2024-02-01T5619: Add out-of-tree Intel ixgbe driverSkyler Mäntysaari
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 13:28:06 +0000