diff --git a/sys-kernel/hardened-kernel/Manifest b/sys-kernel/hardened-kernel/Manifest index a023c22..2889f5a 100644 --- a/sys-kernel/hardened-kernel/Manifest +++ b/sys-kernel/hardened-kernel/Manifest @@ -1,9 +1,9 @@ -AUX linux-6.10.amd64.config 186636 BLAKE2B 6863435292024559b924e3a887e3a88720abfc5f84d405fc84541cc61d0959ffa276a793a0933c2e6ae74d17160849101231a45eb9ba95eb3dad1537789a5c54 SHA512 a83fc45b41e54347467ae9c9a22ebf249b2fa9f06d71c396095382003851d70a2c1bd7156781553261b7142bd832432e31312b09250cdb99d36a50ddba6fd0d4 +AUX linux-6.10.amd64.config 187289 BLAKE2B 11f06aff9983d6476ac66699601dfd91ebecbae80e751bf9428b4bb725fdde3567752b860646f185a8926428047644cffee03fb23b5d9002ce3f55e9b364936d SHA512 bbed04c7d3d2ae4c6d131dbcd420de156b0232dfb75e74874a2aa3b62607521b88daae386226a196c9ff05ab743282843b2fd1aa91bc99de02e785023a38d577 AUX linux-6.6.amd64.config 183290 BLAKE2B 3da242321cba8173f61a9946df4a27276193e2fe7c029ff8ae9e883aeb326efa4d4b65173d4c940b17c1f4c801752871f7737e65862e686e516f8bc85e028f28 SHA512 a949c6875184e005395b527dd58c06ea10e0efd7c1a36eea8139ee61ae7b6c218b54625cc469ae377b5518d87e2ab710f9ecfb9463538d8eae3ed8256fb94227 DIST 6.10.12-1467.tar.gz 1651884 BLAKE2B b4fc2ff81071ca8078bcc4d093cdf19cd3f6ac1debeca809ee0b7ab9e984a825925aebfe0b60c40ba9c5a333ad350eaf943d6603cd134c13cf5a0a4391ab67db SHA512 38b703eb075d8c24215c7ce4f32981854b0628110bf10ba293d74531b2a489f35522f2bd17e1688febf1adfb0eb629bb41d5d91f8572d0f5f35df726d42a5e82 -DIST genpatches-6.10-15.base.tar.xz 774884 BLAKE2B e5363896fadb615a40b43b90c4146f93aee696c0aeff3ceee6a8d60882112f90b8bb1df838a827353d290cfb37aada5b53b673cc21dc611e774a4b7376fd12ad SHA512 dc45ee28cad09a1ea2005e6eed656b4fbe7e9d291571583eaa57388b0b3d08f769bf10752aeb7a519dfd1bad679bf277114fafe49c8243f78b9bd7548935a21f -DIST genpatches-6.10-15.experimental.tar.xz 81216 BLAKE2B c10dab94e0600f2befd04e8d0864cf35adfbdd913fcd7f0606f4e5a34fe6f4cc91136d6380611c358720dfb9d183eab507bccd14a990f7361215ebb8124328c2 SHA512 5d5611d5c46c0b2e341eb65233591bb0540e11225efd77034d20b500cb86dec595e41bd656605c1413f98d2630769544508db717c1198424743ea6ba0a79d7ce -DIST genpatches-6.10-15.extras.tar.xz 4056 BLAKE2B c80ea0b763a9c37e6f3aa5192b712c0acc7849be3dab66c911b175af94a8e8b22afc7cb56a10f7fcd91a34e0ff5d295abebfbfd5de260f86c800e3227a3c651b SHA512 7e50e426d10736a8d3fb51180d58e434097b70b9675bc23b89539834a09ed343772764945925a2e556b1140af8561fa7231622513f185fdaacb81d7763dd6d02 +DIST genpatches-6.10-16.base.tar.xz 973248 BLAKE2B f91a03c3d8c1f09a4c51f17eddcbe3ef733da7242a61891647efae6c79b49bfdb589342a76a4955ae3e908e533b29f974ba414ea5649ec0a93826cf61ae625e9 SHA512 df9fb97cf87a0255afe9eb6c74c51dbe90bab5851f20097c17abc72ab00d63d2d7b4f2622f3db18daeee6cc8d0bdda9dae60bc42ef7844c5544c4eb147ded50f +DIST genpatches-6.10-16.experimental.tar.xz 81200 BLAKE2B 7029757b6c300b4da086c087576fb04a0e3fed9655d37204ef2a1af67cdc4480f1e2d08b04e7f5e08ac443d5b69fc4685c09581f69fa0295ba467631f2c15ca3 SHA512 a206f745393efddfd7bd7ea5b2a070ecb8159357d97a4f161f31a67c5dad0eb0ab9f518dca53a4849393cf099ba6fb69db220fdbe6fb3c0472a64c2838fcb0a2 +DIST genpatches-6.10-16.extras.tar.xz 4056 BLAKE2B 3a0dcfe962509bc0ab802688055d1f001b2508276f6860944c94d45e69cb9a453d9381f450f86dcf120ded7c161cc8714411d0bcb22edfc3ba1b78cab4ca21dc SHA512 a279b9fb36e66b5017ab142e71134d35097859f755c480a0ad3434d347ad5611b16b79f47a0f329a43aa3a8d4301279280212d76381d8bd45fe57fe1a6c2e9b7 DIST genpatches-6.6-60.base.tar.xz 3204668 BLAKE2B 4076b1d74984ff1777a6d41d6c71a1a67139571314da88597e88ac0bd0067ce49ba7954b26690f8bb21009708e99be5e29abbb6871d8ab7c39740c243efc74d4 SHA512 91d0d2bef786151f9bb94370e26e8cc488a57e8307de018e068c3d4f07ff20cdb59516de1ab6718943286323812b999bf2b43ab63c9a79d70bdc7dd2ece68ee3 DIST genpatches-6.6-60.experimental.tar.xz 5760 BLAKE2B e22cfd19c15a752e2a350d6aa80f340020abf778b847f8a93de5502288221d9759205cf5fc6cb174aa732547a06b5029fc3e62326ae53347c15552b604576da1 SHA512 b46d756e1289a5f701fae0c20c5b8892ac031313947a9439e406f175b4ceb195a249b6aa539994b769fe7ca89aa3ef7a5786c08eb516c78becd15e95e792a9c5 DIST genpatches-6.6-60.extras.tar.xz 4056 BLAKE2B 605705101398b9b0954b1b1050c7a35ca0cf9db76cb8b83a8686e4d895e96cdb5852b82fb47808a811eec73dbdb730550b4bdc09a9ce12c9a6f08f1c5fbcd2fa SHA512 6809450ccae6d26a77195a10997fc1c28408d8b1dd64cbe9985b1364d29ba520f4d1035e55fab34e6f169c92357a30fa95c2a9197da35366b09a5c634b9950a5 @@ -18,8 +18,8 @@ DIST kernel-x86_64-fedora.config.6.10.1-gentoo 251109 BLAKE2B 511862bd42123b8e80 DIST kernel-x86_64-fedora.config.6.6.12-gentoo 243607 BLAKE2B 7e670d37c6471e50aa0ba395570cd0173af0210afe63faa48d7a147327110652e3aab5c339cf10ed22a6a20e81e505aee84311beb21fda3eb577e06ea55ecac8 SHA512 c484403a60670dd006ecbe65240cb00d97e8b3fe22d1169c5b6ccb92bcdbddb3ecd474d2b57880b30baf6a38bcef11fc8d56b8b0b02fcddd859833c3640cdc9c DIST linux-6.10.tar.xz 145142812 BLAKE2B bb243ea7493b9d63aa2df2050a3f1ae2b89ee84a20015239cf157e3f4f51c7ac5efedc8a51132b2d7482f9276ac418de6624831c8a3b806130d9c2d2124c539b SHA512 baa2487954044f991d2ae254d77d14a1f0185dd62c9f0fcaff69f586c9f906823017b8db1c4588f27b076dfa3ebb606929fec859f60ea419e7974330b9289cc2 DIST linux-6.6.tar.xz 140064536 BLAKE2B 5f02fd8696d42f7ec8c5fbadec8e7270bdcfcb1f9844a6c4db3e1fd461c93ce1ccda650ca72dceb4890ebcbbf768ba8fba0bce91efc49fbd2c307b04e95665f2 SHA512 458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 -DIST linux-hardened-v6.10.12-hardened1.patch 94944 BLAKE2B 0b3cd388f968c271424465fcc7662b4671149f16a373fb9d9d253c3933d0a0c98326b1714ab47463c275942b79b92bb43312dbcd7adc5a4171be350f40f4f0b7 SHA512 92a301621bdf2e405821e288ea700523e538106807c42379ff753c6d1e71f5aa937174fa3b963f9abb502fade11883520569060c8be82a3b17fec9535bee4a80 +DIST linux-hardened-v6.10.13-hardened1.patch 94944 BLAKE2B f4345c653452cbf9376c13094bb265feb29b847f9c20589d2b8a046fce19aea0d801491fd5db7a996eba7cf3c22ff625108d8213bd5d748e79107fd7359bd8ad SHA512 a5101ae71c61d0645661de6912b296926ff0a39d73ca010bd0ffd1ff5f885309bc04c6828432e98c796e8c68228f8b48f8f9801cd8a364819781a73bbf591423 DIST linux-hardened-v6.6.53-hardened1.patch 98239 BLAKE2B f06c47bc88a9c0b1bf15ee9f6cfef16c4d2a40b167dc005b9233a632c8aebe62fd532d0798bfd3cf9d5df2479f6c66be03d4f26e3ecc13b72b0d5a12d9f7c9d8 SHA512 bc1fd920ff763d725bf188ded906e0524da0eb0ef1358f51b9d93e008b6f305b48376b98d564ae8d667294625d54d9671968af20fc3fd5cf5214ff2a3cab4e26 -EBUILD hardened-kernel-6.10.12.ebuild 5118 BLAKE2B 58141ad153e14ef81a6225efbcee9eca1db1cb150653c1c38ad42cf7cae80fc64ba664604a450b7102bb023afb5d315dae5647ef03be75907749185f6cc0931f SHA512 b8027bfb4639ef5ff0778ea53f63394755bb05be481573bca3bc3dd70d60bf9cf211d6c56c622dcfd39a0ed1f1d944a1b9387b50a339fbac117209167b6bcc3f +EBUILD hardened-kernel-6.10.13.ebuild 5120 BLAKE2B 25e1619e2e08230513fa0b2809e814ebe9ec621757012d4e01d6ebb9bdc985be72310edf08d2d68b8cf2e2e9c018293ef5002609681bb96a6bc7e7b99601249d SHA512 972a40afd555b48c0e6523c9124eab14de5d3def313f1ff072e61ad3b8ef4556de8ab76e26c2dca218841eae4cc6afce5f3c350cfa78d396782ff2e99b3d765e EBUILD hardened-kernel-6.6.53.ebuild 4327 BLAKE2B 9f9e97a711087eebf8b12782f5ec5beda1b0754727929f61874e41a404b4d183044d710e3ba857fc0d22249a255826ed95e2591539385bf869604aad364711f2 SHA512 5d4afefcea6fcfe84d2eb23af9cda50a6cd8080cc94df8003f1075752bcef7a3d7f29f8e6065cb0665b464ca6aebd69311a51839ea383a523322e29a5dd249d2 MISC metadata.xml 345 BLAKE2B 4003222d76459210cbeba27d68bcef9b42f500dd3dafe53505dae42004c5224eeae395fb30d7582de614654d2fde19d118c8c31fbc35e5335c9150d93f42efc9 SHA512 994d288cd16858bad3177d383a279f0f549ddf40ef87c62683815540b331bd48d4afa4d0c6af947e409c58f8abb5e1da045bb98dc00a422ea724cdf0610d6619 diff --git a/sys-kernel/hardened-kernel/files/linux-6.10.amd64.config b/sys-kernel/hardened-kernel/files/linux-6.10.amd64.config index c89fe23..58bdf4a 100644 --- a/sys-kernel/hardened-kernel/files/linux-6.10.amd64.config +++ b/sys-kernel/hardened-kernel/files/linux-6.10.amd64.config @@ -77,6 +77,7 @@ CONFIG_GENERIC_MSI_IRQ=y CONFIG_IRQ_MSI_IOMMU=y CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_GENERIC_IRQ_STAT_SNAPSHOT=y CONFIG_IRQ_FORCED_THREADING=y CONFIG_SPARSE_IRQ=y # CONFIG_GENERIC_IRQ_DEBUGFS is not set @@ -104,6 +105,8 @@ CONFIG_NO_HZ_COMMON=y # CONFIG_HZ_PERIODIC is not set CONFIG_NO_HZ_IDLE=y # CONFIG_NO_HZ_FULL is not set +CONFIG_CONTEXT_TRACKING_USER=y +CONFIG_CONTEXT_TRACKING_USER_FORCE=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100 @@ -132,13 +135,15 @@ CONFIG_PREEMPT_VOLUNTARY=y CONFIG_PREEMPT_COUNT=y CONFIG_PREEMPTION=y CONFIG_PREEMPT_DYNAMIC=y +CONFIG_SCHED_CORE=y # # CPU/Task time and stats accounting # -CONFIG_TICK_CPU_ACCOUNTING=y -# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set -# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_VIRT_CPU_ACCOUNTING=y +# CONFIG_TICK_CPU_ACCOUNTING is not set +CONFIG_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_SCHED_AVG_IRQ=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y @@ -146,6 +151,8 @@ CONFIG_TASKSTATS=y CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y +CONFIG_PSI=y +# CONFIG_PSI_DEFAULT_DISABLED is not set # end of CPU/Task time and stats accounting CONFIG_CPU_ISOLATION=y @@ -177,9 +184,8 @@ CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y # # Scheduler features # -CONFIG_SCHED_ALT=y -# CONFIG_SCHED_BMQ is not set -CONFIG_SCHED_PDS=y +# CONFIG_UCLAMP_TASK is not set +# CONFIG_SCHED_ALT is not set # end of Scheduler features CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y @@ -191,6 +197,7 @@ CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_GCC_NO_STRINGOP_OVERFLOW=y CONFIG_CC_NO_STRINGOP_OVERFLOW=y CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_NUMA_BALANCING is not set CONFIG_SLAB_OBJ_EXT=y CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y @@ -201,6 +208,8 @@ CONFIG_BLK_CGROUP=y CONFIG_CGROUP_WRITEBACK=y CONFIG_CGROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set CONFIG_SCHED_MM_CID=y CONFIG_CGROUP_PIDS=y CONFIG_CGROUP_RDMA=y @@ -223,7 +232,8 @@ CONFIG_USER_NS=y CONFIG_USER_NS_UNPRIVILEGED=y CONFIG_PID_NS=y CONFIG_NET_NS=y -# CONFIG_CHECKPOINT_RESTORE is not set +CONFIG_CHECKPOINT_RESTORE=y +CONFIG_SCHED_AUTOGROUP=y CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="" @@ -451,8 +461,6 @@ CONFIG_PERF_EVENTS_AMD_UNCORE=m # CONFIG_PERF_EVENTS_AMD_BRS is not set # end of Performance monitoring -CONFIG_X86_16BIT=y -CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y # CONFIG_X86_IOPL_IOPERM is not set CONFIG_MICROCODE=y @@ -527,9 +535,9 @@ CONFIG_HOTPLUG_CPU=y # CONFIG_LEGACY_VSYSCALL_XONLY is not set CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_CMDLINE_BOOL=y -CONFIG_CMDLINE="cfi=kcfi vdso32=0 page_poison=1 page_alloc.shuffle=1 slab_nomerge pti=on rootflags=discard" +CONFIG_CMDLINE="vdso32=0 page_poison=1 page_alloc.shuffle=1 slab_nomerge pti=on" # CONFIG_CMDLINE_OVERRIDE is not set -CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_MODIFY_LDT_SYSCALL is not set # CONFIG_STRICT_SIGALTSTACK_SIZE is not set CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features @@ -972,13 +980,15 @@ CONFIG_BLK_DEV_INTEGRITY_T10=y CONFIG_BLK_DEV_WRITE_MOUNTED=y CONFIG_BLK_DEV_ZONED=y CONFIG_BLK_DEV_THROTTLING=y -# CONFIG_BLK_WBT is not set +CONFIG_BLK_WBT=y +CONFIG_BLK_WBT_MQ=y CONFIG_BLK_CGROUP_IOLATENCY=y CONFIG_BLK_CGROUP_IOCOST=y CONFIG_BLK_CGROUP_IOPRIO=y CONFIG_BLK_DEBUG_FS=y # CONFIG_BLK_SED_OPAL is not set -# CONFIG_BLK_INLINE_ENCRYPTION is not set +CONFIG_BLK_INLINE_ENCRYPTION=y +CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK=y # # Partition Types @@ -1015,8 +1025,8 @@ CONFIG_BLK_MQ_STACKING=y # IO Schedulers # CONFIG_MQ_IOSCHED_DEADLINE=y -CONFIG_MQ_IOSCHED_KYBER=m -CONFIG_IOSCHED_BFQ=m +CONFIG_MQ_IOSCHED_KYBER=y +CONFIG_IOSCHED_BFQ=y CONFIG_BFQ_GROUP_IOSCHED=y # CONFIG_BFQ_CGROUP_DEBUG is not set # end of IO Schedulers @@ -1142,6 +1152,7 @@ CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_USE_PERCPU_NUMA_NODE_ID=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y # CONFIG_CMA is not set +# CONFIG_MEM_SOFT_DIRTY is not set CONFIG_GENERIC_EARLY_IOREMAP=y # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set CONFIG_PAGE_IDLE_FLAG=y @@ -2293,7 +2304,7 @@ CONFIG_SCSI_VIRTIO=m # CONFIG_SCSI_DH is not set # end of SCSI device support -CONFIG_ATA=m +CONFIG_ATA=y CONFIG_SATA_HOST=y CONFIG_PATA_TIMINGS=y CONFIG_ATA_VERBOSE_ERROR=y @@ -2305,7 +2316,7 @@ CONFIG_SATA_PMP=y # # Controllers with non-SFF native interface # -CONFIG_SATA_AHCI=m +CONFIG_SATA_AHCI=y CONFIG_SATA_MOBILE_LPM_POLICY=0 CONFIG_SATA_AHCI_PLATFORM=m # CONFIG_AHCI_DWC is not set @@ -5023,6 +5034,7 @@ CONFIG_MMC_BLOCK=m CONFIG_MMC_BLOCK_MINORS=8 # CONFIG_SDIO_UART is not set CONFIG_MMC_TEST=m +# CONFIG_MMC_CRYPTO is not set # # MMC/SD/SDIO Host Controller Drivers @@ -5832,6 +5844,7 @@ CONFIG_EXPORTFS_BLOCK_OPS=y CONFIG_FILE_LOCKING=y CONFIG_FS_ENCRYPTION=y CONFIG_FS_ENCRYPTION_ALGS=y +CONFIG_FS_ENCRYPTION_INLINE_CRYPT=y CONFIG_FS_VERITY=y CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y CONFIG_FSNOTIFY=y @@ -6119,7 +6132,7 @@ CONFIG_HARDENED_USERCOPY=y CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set CONFIG_SECURITY_SELINUX=y -# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set +CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 @@ -6127,7 +6140,13 @@ CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 # CONFIG_SECURITY_SELINUX_DEBUG is not set # CONFIG_SECURITY_SMACK is not set # CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set +CONFIG_SECURITY_APPARMOR=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set +CONFIG_SECURITY_APPARMOR_INTROSPECT_POLICY=y +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +CONFIG_SECURITY_APPARMOR_EXPORT_BINARY=y +CONFIG_SECURITY_APPARMOR_PARANOID_LOAD=y # CONFIG_SECURITY_LOADPIN is not set CONFIG_SECURITY_YAMA=y CONFIG_SECURITY_SAFESETID=y @@ -6145,9 +6164,10 @@ CONFIG_INTEGRITY_AUDIT=y # CONFIG_IMA is not set # CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set # CONFIG_EVM is not set -CONFIG_DEFAULT_SECURITY_SELINUX=y -# CONFIG_DEFAULT_SECURITY_DAC is not set -CONFIG_LSM="selinux,safesetid,yama,lockdown,landlock,bpf" +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SECURITY_APPARMOR is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="lockdown,yama,integrity,selinux,bpf,landlock" # # Kernel hardening options @@ -6279,7 +6299,7 @@ CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_HCTR2=m CONFIG_CRYPTO_KEYWRAP=m CONFIG_CRYPTO_LRW=m -CONFIG_CRYPTO_PCBC=y +CONFIG_CRYPTO_PCBC=m CONFIG_CRYPTO_XCTR=m CONFIG_CRYPTO_XTS=y CONFIG_CRYPTO_NHPOLY1305=m @@ -6292,8 +6312,8 @@ CONFIG_CRYPTO_AEGIS128=m CONFIG_CRYPTO_CHACHA20POLY1305=m CONFIG_CRYPTO_CCM=m CONFIG_CRYPTO_GCM=m -CONFIG_CRYPTO_GENIV=y -CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_GENIV=m +CONFIG_CRYPTO_SEQIV=m CONFIG_CRYPTO_ECHAINIV=m CONFIG_CRYPTO_ESSIV=m # end of AEAD (authenticated encryption with associated data) ciphers @@ -6350,8 +6370,8 @@ CONFIG_CRYPTO_ZSTD=y CONFIG_CRYPTO_ANSI_CPRNG=y CONFIG_CRYPTO_DRBG_MENU=y CONFIG_CRYPTO_DRBG_HMAC=y -# CONFIG_CRYPTO_DRBG_HASH is not set -# CONFIG_CRYPTO_DRBG_CTR is not set +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 @@ -6396,19 +6416,19 @@ CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64=m CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64=m CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64=m -CONFIG_CRYPTO_CHACHA20_X86_64=m +CONFIG_CRYPTO_CHACHA20_X86_64=y CONFIG_CRYPTO_AEGIS128_AESNI_SSE2=m CONFIG_CRYPTO_NHPOLY1305_SSE2=m CONFIG_CRYPTO_NHPOLY1305_AVX2=m CONFIG_CRYPTO_BLAKE2S_X86=y CONFIG_CRYPTO_POLYVAL_CLMUL_NI=m -CONFIG_CRYPTO_POLY1305_X86_64=m +CONFIG_CRYPTO_POLY1305_X86_64=y CONFIG_CRYPTO_SHA1_SSSE3=m CONFIG_CRYPTO_SHA256_SSSE3=m CONFIG_CRYPTO_SHA512_SSSE3=m CONFIG_CRYPTO_SM3_AVX_X86_64=m CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m -CONFIG_CRYPTO_CRC32C_INTEL=m +CONFIG_CRYPTO_CRC32C_INTEL=y CONFIG_CRYPTO_CRC32_PCLMUL=m CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m # end of Accelerated Cryptographic Algorithms for CPU (x86) @@ -6489,16 +6509,16 @@ CONFIG_CRYPTO_LIB_ARC4=m CONFIG_CRYPTO_LIB_GF128MUL=m CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y -CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m -CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y CONFIG_CRYPTO_LIB_CHACHA=m CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=m CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=m CONFIG_CRYPTO_LIB_CURVE25519=m CONFIG_CRYPTO_LIB_DES=m CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m -CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y CONFIG_CRYPTO_LIB_POLY1305=m CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA1=y @@ -6641,7 +6661,7 @@ CONFIG_DEBUG_INFO_NONE=y # CONFIG_DEBUG_INFO_DWARF4 is not set # CONFIG_DEBUG_INFO_DWARF5 is not set CONFIG_FRAME_WARN=2048 -# CONFIG_STRIP_ASM_SYMS is not set +CONFIG_STRIP_ASM_SYMS=y # CONFIG_READABLE_ASM is not set # CONFIG_HEADERS_INSTALL is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set @@ -6738,6 +6758,7 @@ CONFIG_PANIC_ON_OOPS_VALUE=0 CONFIG_PANIC_TIMEOUT=0 CONFIG_LOCKUP_DETECTOR=y CONFIG_SOFTLOCKUP_DETECTOR=y +CONFIG_SOFTLOCKUP_DETECTOR_INTR_STORM=y # CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set CONFIG_HAVE_HARDLOCKUP_DETECTOR_BUDDY=y CONFIG_HARDLOCKUP_DETECTOR=y diff --git a/sys-kernel/hardened-kernel/hardened-kernel-6.10.12.ebuild b/sys-kernel/hardened-kernel/hardened-kernel-6.10.13.ebuild similarity index 99% rename from sys-kernel/hardened-kernel/hardened-kernel-6.10.12.ebuild rename to sys-kernel/hardened-kernel/hardened-kernel-6.10.13.ebuild index ca82dcb..3ea7a91 100644 --- a/sys-kernel/hardened-kernel/hardened-kernel-6.10.12.ebuild +++ b/sys-kernel/hardened-kernel/hardened-kernel-6.10.13.ebuild @@ -13,7 +13,7 @@ GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 3 )) CONFIG_VER=6.10.1-gentoo GENTOO_CONFIG_VER=g13 HARDENED_PATCH_VER="${PV}-hardened1" -CLEARLINUX_PATCH_VER=${PV}-1467 +CLEARLINUX_PATCH_VER=6.10.12-1467 GENPATCHES_EXCLUDE="1500_XATTR_USER_PREFIX.patch 1510_fs-enable-link-security-restrictions-by-default.patch 2900_dev-root-proc-mount-fix.patch