b7ea8c6cae
pygoscelis: Disable TPM, TEE and others (disable TPM support, again)
...
This reverts the remaining options from earlier commit
4a4699674f58e72604f8eb1f74f23f253d19b801 because actually I do not trust
the TPM for my personal thread model enough and it doesn't support the
GPG ciphers I want to use. (Instead I use an external USB token again.)
2021-08-18 09:50:30 +02:00
621dc029cd
pygoscelis: Bump to 5.13.12-T14s
2021-08-18 09:50:29 +02:00
32e135d70d
pygoscelis: Enable CONFIG_GENTOO_KERNEL_SELF_PROTECTION
2021-08-12 16:53:25 +02:00
d54c235e88
pygoscelis: Bump to 5.13.10-T14s
2021-08-12 16:53:25 +02:00
297b2f5d2f
aptenodytes: Enable GENTOO_KERNEL_SELF_PROTECTION
2021-08-12 16:51:45 +02:00
9740b68fe7
aptenodytes: Bump to 5.13.10-gentoo
2021-08-12 16:51:45 +02:00
973dc59390
aptenodytes: Disable the automounter
2021-08-12 16:51:45 +02:00
6ab0b9cf35
aptenodytes: Convert FUSE into a module
2021-08-12 16:51:45 +02:00
e732a96cff
aptenodytes: Disable a compat CONFIG key
2021-08-12 16:51:45 +02:00
d6ab291c30
aptenodytes: Disable the ancient quota format v1
2021-08-12 16:51:44 +02:00
8c1c0c502e
aptenodytes: Convert USB mass storage support into a module
2021-08-12 16:51:44 +02:00
f300436802
aptenodytes: Disable USB3 support
2021-08-12 16:51:44 +02:00
e874a259e7
aptenodytes: Disable PINCTRL
2021-08-12 16:51:44 +02:00
7d5f6d3bc0
aptenodytes: Convert some builtins into modules
2021-08-12 16:51:44 +02:00
b86bf6bd9b
aptenodytes: Configure modules
...
- signing
- signing with SHA512
- compression with XZ
- trimming of unused symbols
2021-08-12 16:51:43 +02:00
62c523b776
aptenodytes: Enable modules for the dracut initramfs
...
Holy cow, how can s.o. be so ignorant to enforce modules?
2021-08-12 16:51:43 +02:00
1225a0a23b
aptenodytes: Disable PSTORE (probably unsupported)
2021-08-11 17:35:04 +02:00
25b19f0427
aptenodytes: Disable unused net HW support
2021-08-11 17:35:04 +02:00
d92c226594
aptenodytes: Disable SAS expander support
2021-08-11 17:35:04 +02:00
a2d1ee202a
aptenodytes: Disable support for ATA_FORCE
2021-08-11 17:35:04 +02:00
3d36750b14
aptenodytes: Drop unused TCP congestion control algorithms
2021-08-11 17:35:04 +02:00
3d133e1e5a
aptenodytes: Enable block device writeback throttling
2021-08-11 17:35:04 +02:00
c77f03e902
aptenodytes: Drop CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS
2021-08-11 17:35:04 +02:00
e4d82e6488
aptenodytes: Bump to 5.13.9-gentoo
2021-08-11 17:35:04 +02:00
b9777de673
pygoscelis: Downgrade to 5.13.9-T14s
...
Back, and forth, and back, and..
2021-08-08 15:09:11 +02:00
e2f26190d1
aptenodytes: Bump to 5.13.8-gentoo
2021-08-07 12:13:33 +02:00
8a1cc382b6
aptenodytes: Enable CONFIG_USER_NS for podman
...
Actually for app-emulation/runc-1.0.0
2021-08-07 12:13:32 +02:00
23a96891a0
aptenodytes: Enable BRIDGE_VLAN_FILTERING for podman
...
Actually for net-misc/cni-plugins-0.9.1.
2021-08-07 12:13:32 +02:00
15a703c803
centro: Enable landlock
2021-08-03 21:21:23 +02:00
0931f47365
centro: Disable SECURITY_LOADPIN
2021-08-03 21:21:22 +02:00
7f78017654
centro: Enable HARDENED_USERCOPY_PAGESPAN
2021-08-03 21:21:22 +02:00
07af2bf453
centro: Disable misc section
2021-08-03 21:21:22 +02:00
2f5b81cb29
centro: Disable CONFIG_SQUASHFS
2021-08-03 21:21:22 +02:00
762f1de201
centro: Enable EXT4_USE_FOR_EXT2
2021-08-03 21:21:22 +02:00
ecf268dd7f
centro: Enable CONFIG_X86_X2APIC
2021-08-03 21:21:22 +02:00
884e77c318
centro: Bump to 5.13.7-gentoo
2021-08-03 21:21:22 +02:00
df6b6848a5
pygoscelis: Enable THINKPAD_LMI
...
For details see e.g. phoronix:
https://www.phoronix.com/scan.php?page=news_item&px=Lenovo-Think-LMI-Driver
2021-08-02 08:38:42 +02:00
a4de168515
pygoscelis: Bump gcc-version
2021-08-02 08:38:42 +02:00
70bec651af
aptenodytes: Bump to 5.13.7-gentoo (and gcc 11.2.0)
2021-08-02 08:38:42 +02:00
5835b898a6
pygoscelis: Enable transaction translators (unverified)
2021-07-26 20:14:56 +02:00
51828c2cf4
pygoscelis: Disable some vendor-specific meta menus
2021-07-26 20:14:56 +02:00
f75f6b6368
pygoscelis: Disable CONFIG_X86_PLATFORM_DRIVERS_INTEL
2021-07-26 20:14:56 +02:00
b45618599f
pygoscelis: Bump to 5.14.0-rc3
2021-07-26 20:14:56 +02:00
fdcf22cbbb
pygoscelis: Update GPU firmware order
2021-07-26 20:14:56 +02:00
bd6cf6c3e8
pygoscelis: Disable DRM_DP_CEC
2021-07-26 20:14:55 +02:00
102e903033
pygoscelis: Disable slub debugging
2021-07-26 20:14:55 +02:00
72acb5bc07
pygoscelis: Enable module compression (XZ)
2021-07-26 20:14:55 +02:00
e673f57a2e
pygoscelis: Disable AMD SEV
...
Looks as it is not (or not fully) supported on my Renoir CPU. Some docs:
https://libvirt.org/kbase/launch_security_sev.html
https://github.com/AMDESE/AMDSEV/issues/1
2021-07-26 20:14:55 +02:00
dede554774
pygoscelis: Switch to CONFIG_MNATIVE_AMD
2021-07-26 20:14:55 +02:00
62197b5759
pygoscelis: Bump to 5.13.4-T14s with updated genpatches
2021-07-26 20:14:55 +02:00