Revert debuginfo changes for stable rebases

2017-07-11 13:27:04 -05:00 · 2017-07-11 13:27:04 -05:00 · 272a38dcb8
parent b0f3de0ab8
commit 272a38dcb8
429 changed files with 6119 additions and 6765 deletions
--- a/Add-EFI-signature-data-types.patch
+++ b/Add-EFI-signature-data-types.patch
@ -1,37 +1,36 @@
-From ba3f737b8521314b62edaa7d4cc4bdc9aeefe394 Mon Sep 17 00:00:00 2001
+From 0451d4e795929a69a0fda6d960aa4b077c5bd179 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
-Date: Tue, 23 Oct 2012 09:30:54 -0400
-Subject: [PATCH 15/20] Add EFI signature data types
+Date: Fri, 5 May 2017 08:21:58 +0100
+Subject: [PATCH 1/4] efi: Add EFI signature data types

-Add the data types that are used for containing hashes, keys and certificates
-for cryptographic verification.
-
-Bugzilla: N/A
-Upstream-status: Fedora mustard for now
+Add the data types that are used for containing hashes, keys and
+certificates for cryptographic verification along with their corresponding
+type GUIDs.

 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- include/linux/efi.h | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
+ include/linux/efi.h | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)

 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 5af91b58afae..190858d62fe3 100644
+index ec36f42..3259ad6 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void);
- #define LINUX_EFI_LOADER_ENTRY_GUID		EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf,  0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
- #define LINUX_EFI_RANDOM_SEED_TABLE_GUID	EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2,  0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b)
- 
-+#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092,  0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
-+#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7,  0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
+@@ -614,6 +614,10 @@ void efi_native_runtime_setup(void);
+ #define EFI_IMAGE_SECURITY_DATABASE_GUID	EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596,  0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
+ #define EFI_SHIM_LOCK_GUID			EFI_GUID(0x605dab50, 0xe046, 0x4300,  0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
+
+#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
+#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
+#define EFI_CERT_X509_SHA256_GUID		EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed)
 +
- typedef struct {
- 	efi_guid_t guid;
- 	u64 table;
-@@ -853,6 +856,20 @@ typedef struct {
+ /*
+  * This GUID is used to pass to the kernel proper the struct screen_info
+  * structure that was populated by the stub based on the GOP protocol instance
+@@ -873,6 +877,27 @@ typedef struct {
 	efi_memory_desc_t entry[0];
 } efi_memory_attributes_table_t;
- 
+
 +typedef struct  {
 +	efi_guid_t signature_owner;
 +	u8 signature_data[];
@ -45,6 +44,13 @@ index 5af91b58afae..190858d62fe3 100644
 +	u8 signature_header[];
 +	/* efi_signature_data_t signatures[][] */
 +} efi_signature_list_t;
+
+typedef u8 efi_sha256_hash_t[32];
+
+typedef struct {
+	efi_sha256_hash_t to_be_signed_hash;
+	efi_time_t time_of_revocation;
+} efi_cert_x509_sha256_t;
 +
 /*
  * All runtime access to EFI goes through this structure:
--- a/Add-an-EFI-signature-blob-parser-and-key-loader.patch
+++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
@ -1,29 +1,38 @@
-From 822b4b3eb76ca451a416a51f0a7bfedfa5c5ea39 Mon Sep 17 00:00:00 2001
+From e4c62c12635a371e43bd17e8d33a936668264491 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
-Date: Tue, 23 Oct 2012 09:36:28 -0400
-Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
+Date: Fri, 5 May 2017 08:21:58 +0100
+Subject: [PATCH 2/4] efi: Add an EFI signature blob parser

-X.509 certificates are loaded into the specified keyring as asymmetric type
-keys.
+Add a function to parse an EFI signature blob looking for elements of
+interest.  A list is made up of a series of sublists, where all the
+elements in a sublist are of the same type, but sublists can be of
+different types.
+
+For each sublist encountered, the function pointed to by the
+get_handler_for_guid argument is called with the type specifier GUID and
+returns either a pointer to a function to handle elements of that type or
+NULL if the type is not of interest.
+
+If the sublist is of interest, each element is passed to the handler
+function in turn.

-[labbott@fedoraproject.org: Drop KEY_ALLOC_TRUSTED]
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- crypto/asymmetric_keys/Kconfig      |   8 +++
- crypto/asymmetric_keys/Makefile     |   1 +
- crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++
- include/linux/efi.h                 |   4 ++
- 4 files changed, 121 insertions(+)
- create mode 100644 crypto/asymmetric_keys/efi_parser.c
+ certs/Kconfig       |   8 ++++
+ certs/Makefile      |   1 +
+ certs/efi_parser.c  | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ include/linux/efi.h |   9 +++++
+ 4 files changed, 130 insertions(+)
+ create mode 100644 certs/efi_parser.c
+
+diff --git a/certs/Kconfig b/certs/Kconfig
+index 6ce51ed..630ae09 100644
+--- a/certs/Kconfig
+++ b/certs/Kconfig
+@@ -82,4 +82,12 @@ config SYSTEM_BLACKLIST_HASH_LIST
+ 	  wrapper to incorporate the list into the kernel.  Each <hash> should
+ 	  be a string of hex digits.

-diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
-index 331f6baf2df8..5f9002d3192e 100644
--- a/crypto/asymmetric_keys/Kconfig
-+++ b/crypto/asymmetric_keys/Kconfig
-@@ -61,4 +61,12 @@ config SIGNED_PE_FILE_VERIFICATION
- 	  This option provides support for verifying the signature(s) on a
- 	  signed PE binary.
- 
 +config EFI_SIGNATURE_LIST_PARSER
 +	bool "EFI signature list parser"
 +	depends on EFI
@ -32,28 +41,28 @@ index 331f6baf2df8..5f9002d3192e 100644
 +	  This option provides support for parsing EFI signature lists for
 +	  X.509 certificates and turning them into keys.
 +
- endif # ASYMMETRIC_KEY_TYPE
-diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
-index 6516855bec18..c099fe15ed6d 100644
--- a/crypto/asymmetric_keys/Makefile
-+++ b/crypto/asymmetric_keys/Makefile
-@@ -10,6 +10,7 @@ asymmetric_keys-y := \
- 	signature.o
- 
- obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+ endmenu
+diff --git a/certs/Makefile b/certs/Makefile
+index 4119bb3..738151a 100644
+--- a/certs/Makefile
+++ b/certs/Makefile
+@@ -9,6 +9,7 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
+ else
+ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
+ endif
 +obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
- 
- #
- # X.509 Certificate handling
-diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
+
+ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
+
+diff --git a/certs/efi_parser.c b/certs/efi_parser.c
 new file mode 100644
-index 000000000000..636feb18b733
+index 0000000..4e396f9
 --- /dev/null
-+++ b/crypto/asymmetric_keys/efi_parser.c
-@@ -0,0 +1,108 @@
+++ b/certs/efi_parser.c
+@@ -0,0 +1,112 @@
 +/* EFI signature/key/certificate list parser
 + *
-+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved.
 + * Written by David Howells (dhowells@redhat.com)
 + *
 + * This program is free software; you can redistribute it and/or
@ -67,27 +76,44 @@ index 000000000000..636feb18b733
 +#include <linux/printk.h>
 +#include <linux/err.h>
 +#include <linux/efi.h>
-+#include <keys/asymmetric-type.h>
-+
-+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
 +
 +/**
 + * parse_efi_signature_list - Parse an EFI signature list for certificates
+ * @source: The source of the key
 + * @data: The data blob to parse
 + * @size: The size of the data blob
-+ * @keyring: The keyring to add extracted keys to
+ * @get_handler_for_guid: Get the handler func for the sig type (or NULL)
+ *
+ * Parse an EFI signature list looking for elements of interest.  A list is
+ * made up of a series of sublists, where all the elements in a sublist are of
+ * the same type, but sublists can be of different types.
+ *
+ * For each sublist encountered, the @get_handler_for_guid function is called
+ * with the type specifier GUID and returns either a pointer to a function to
+ * handle elements of that type or NULL if the type is not of interest.
+ *
+ * If the sublist is of interest, each element is passed to the handler
+ * function in turn.
+ *
+ * Error EBADMSG is returned if the list doesn't parse correctly and 0 is
+ * returned if the list was parsed correctly.  No error can be returned from
+ * the @get_handler_for_guid function or the element handler function it
+ * returns.
 + */
-+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
+int __init parse_efi_signature_list(
+	const char *source,
+	const void *data, size_t size,
+	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *))
 +{
+	efi_element_handler_t handler;
 +	unsigned offs = 0;
-+	size_t lsize, esize, hsize, elsize;
 +
 +	pr_devel("-->%s(,%zu)\n", __func__, size);
 +
 +	while (size > 0) {
-+		efi_signature_list_t list;
 +		const efi_signature_data_t *elem;
-+		key_ref_t key;
+		efi_signature_list_t list;
+		size_t lsize, esize, hsize, elsize;
 +
 +		if (size < sizeof(list))
 +			return -EBADMSG;
@ -108,6 +134,7 @@ index 000000000000..636feb18b733
 +				 __func__, offs);
 +			return -EBADMSG;
 +		}
+
 +		if (lsize < sizeof(list) ||
 +		    lsize - sizeof(list) < hsize ||
 +		    esize < sizeof(*elem) ||
@ -117,7 +144,8 @@ index 000000000000..636feb18b733
 +			return -EBADMSG;
 +		}
 +
-+		if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
+		handler = get_handler_for_guid(&list.signature_type);
+		if (!handler) {
 +			data += lsize;
 +			size -= lsize;
 +			offs += lsize;
@ -132,24 +160,9 @@ index 000000000000..636feb18b733
 +			elem = data;
 +
 +			pr_devel("ELEM[%04x]\n", offs);
-+
-+			key = key_create_or_update(
-+				make_key_ref(keyring, 1),
-+				"asymmetric",
-+				NULL,
+			handler(source,
 +				&elem->signature_data,
-+				esize - sizeof(*elem),
-+				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+				KEY_USR_VIEW,
-+				KEY_ALLOC_NOT_IN_QUOTA);
-+
-+			if (IS_ERR(key))
-+				pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
-+				       PTR_ERR(key));
-+			else
-+				pr_notice("Loaded cert '%s' linked to '%s'\n",
-+					  key_ref_to_ptr(key)->description,
-+					  keyring->description);
+				esize - sizeof(*elem));
 +
 +			data += esize;
 +			size -= esize;
@ -160,16 +173,21 @@ index 000000000000..636feb18b733
 +	return 0;
 +}
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 190858d62fe3..668aa1244885 100644
+index 3259ad6..08024c6 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -1025,6 +1025,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
+@@ -1055,6 +1055,15 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
 char * __init efi_md_typeattr_format(char *buf, size_t size,
 				     const efi_memory_desc_t *md);
- 
-+struct key;
-+extern int __init parse_efi_signature_list(const void *data, size_t size,
-+					   struct key *keyring);
+
+
+typedef void (*efi_element_handler_t)(const char *source,
+				      const void *element_data,
+				      size_t element_size);
+extern int __init parse_efi_signature_list(
+	const char *source,
+	const void *data, size_t size,
+	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *));
 +
 /**
  * efi_range_is_wc - check the WC bit on an address range
--- a/AllWinner-h3.patch
+++ b/AllWinner-h3.patch
--- a/AllWinner-net-emac.patch
+++ b/AllWinner-net-emac.patch
--- a/CVE-2017-7645.patch
+++ b/CVE-2017-7645.patch
@ -1,180 +0,0 @@
-From: "J. Bruce Fields" <bfields@redhat.com>
-Date:       2017-04-14 15:04:40
-Subject:    [PATCH] nfsd: check for oversized NFSv2/v3 arguments
-
-A client can append random data to the end of an NFSv2 or NFSv3 RPC call
-without our complaining; we'll just stop parsing at the end of the
-expected data and ignore the rest.
-
-Encoded arguments and replies are stored together in an array of pages,
-and if a call is too large it could leave inadequate space for the
-reply.  This is normally OK because NFS RPC's typically have either
-short arguments and long replies (like READ) or long arguments and short
-replies (like WRITE).  But a client that sends an incorrectly long reply
-can violate those assumptions.  This was observed to cause crashes.
-
-So, insist that the argument not be any longer than we expect.
-
-Also, several operations increment rq_next_page in the decode routine
-before checking the argument size, which can leave rq_next_page pointing
-well past the end of the page array, causing trouble later in
-svc_free_pages.
-
-As followup we may also want to rewrite the encoding routines to check
-more carefully that they aren't running off the end of the page array.
-
-Reported-by: Tuomas Haanpää <thaan@synopsys.com>
-Reported-by: Ari Kauppi <ari@synopsys.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---
- fs/nfsd/nfs3xdr.c          | 23 +++++++++++++++++------
- fs/nfsd/nfsxdr.c           | 13 ++++++++++---
- include/linux/sunrpc/svc.h |  3 +--
- 3 files changed, 28 insertions(+), 11 deletions(-)
-
-diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
-index dba2ff8eaa68..be66bcadfaea 100644
--- a/fs/nfsd/nfs3xdr.c
-+++ b/fs/nfsd/nfs3xdr.c
-@@ -334,8 +334,11 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
- 	if (!p)
- 		return 0;
- 	p = xdr_decode_hyper(p, &args->offset);
-
- 	args->count = ntohl(*p++);
-+
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
-+
- 	len = min(args->count, max_blocksize);
- 
- 	/* set up the kvec */
-@@ -349,7 +352,7 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
- 		v++;
- 	}
- 	args->vlen = v;
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- int
-@@ -536,9 +539,11 @@ nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
- 	p = decode_fh(p, &args->fh);
- 	if (!p)
- 		return 0;
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
- 	args->buffer = page_address(*(rqstp->rq_next_page++));
- 
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- int
-@@ -564,10 +569,14 @@ nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
- 	args->verf   = p; p += 2;
- 	args->dircount = ~0;
- 	args->count  = ntohl(*p++);
-+
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
-+
- 	args->count  = min_t(u32, args->count, PAGE_SIZE);
- 	args->buffer = page_address(*(rqstp->rq_next_page++));
- 
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- int
-@@ -585,6 +594,9 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
- 	args->dircount = ntohl(*p++);
- 	args->count    = ntohl(*p++);
- 
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
-+
- 	len = args->count = min(args->count, max_blocksize);
- 	while (len > 0) {
- 		struct page *p = *(rqstp->rq_next_page++);
-@@ -592,8 +604,7 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
- 			args->buffer = page_address(p);
- 		len -= PAGE_SIZE;
- 	}
-
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- int
-diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
-index 41b468a6a90f..79268369f7b3 100644
--- a/fs/nfsd/nfsxdr.c
-+++ b/fs/nfsd/nfsxdr.c
-@@ -257,6 +257,9 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
- 	len = args->count     = ntohl(*p++);
- 	p++; /* totalcount - unused */
- 
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
-+
- 	len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);
- 
- 	/* set up somewhere to store response.
-@@ -272,7 +275,7 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
- 		v++;
- 	}
- 	args->vlen = v;
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- int
-@@ -360,9 +363,11 @@ nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readli
- 	p = decode_fh(p, &args->fh);
- 	if (!p)
- 		return 0;
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
- 	args->buffer = page_address(*(rqstp->rq_next_page++));
- 
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- int
-@@ -400,9 +405,11 @@ nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
- 	args->cookie = ntohl(*p++);
- 	args->count  = ntohl(*p++);
- 	args->count  = min_t(u32, args->count, PAGE_SIZE);
-+	if (!xdr_argsize_check(rqstp, p))
-+		return 0;
- 	args->buffer = page_address(*(rqstp->rq_next_page++));
- 
-	return xdr_argsize_check(rqstp, p);
-+	return 1;
- }
- 
- /*
-diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
-index e770abeed32d..6ef19cf658b4 100644
--- a/include/linux/sunrpc/svc.h
-+++ b/include/linux/sunrpc/svc.h
-@@ -336,8 +336,7 @@ xdr_argsize_check(struct svc_rqst *rqstp, __be32 *p)
- {
- 	char *cp = (char *)p;
- 	struct kvec *vec = &rqstp->rq_arg.head[0];
-	return cp >= (char*)vec->iov_base
-		&& cp <= (char*)vec->iov_base + vec->iov_len;
-+	return cp == (char *)vec->iov_base + vec->iov_len;
- }
- 
- static inline int
-- 
-2.9.3
-
--
-To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
-the body of a message to majordomo@vger.kernel.org
-More majordomo info at  http://vger.kernel.org/majordomo-info.html
--- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
+++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
@ -1,7 +1,7 @@
-From 8a4535bcfe24d317be675e53cdc8c61d22fdc7f3 Mon Sep 17 00:00:00 2001
+From 90dc66270b02981b19a085c6a9184e3452b7b3e8 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Fri, 26 Oct 2012 12:42:16 -0400
-Subject: [PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot
+Date: Fri, 5 May 2017 08:21:59 +0100
+Subject: [PATCH 3/4] MODSIGN: Import certificates from UEFI Secure Boot

 Secure Boot stores a list of allowed certificates in the 'db' variable.
 This imports those certificates into the system trusted keyring.  This
@ -11,104 +11,68 @@ variable, a user can allow a module signed with that certificate to
 load.  The shim UEFI bootloader has a similar certificate list stored
 in the 'MokListRT' variable.  We import those as well.

-In the opposite case, Secure Boot maintains a list of disallowed
-certificates in the 'dbx' variable.  We load those certificates into
-the newly introduced system blacklist keyring and forbid any module
-signed with those from loading.
+Secure Boot also maintains a list of disallowed certificates in the 'dbx'
+variable.  We load those certificates into the newly introduced system
+blacklist keyring and forbid any module signed with those from loading and
+forbid the use within the kernel of any key with a matching hash.
+
+This facility is enabled by setting CONFIG_LOAD_UEFI_KEYS.

 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- certs/system_keyring.c        | 13 ++++++
- include/keys/system_keyring.h |  1 +
- init/Kconfig                  |  9 ++++
- kernel/Makefile               |  3 ++
- kernel/modsign_uefi.c         | 99 +++++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 125 insertions(+)
- create mode 100644 kernel/modsign_uefi.c
+ certs/Kconfig     |  16 ++++++
+ certs/Makefile    |   4 ++
+ certs/load_uefi.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 188 insertions(+)
+ create mode 100644 certs/load_uefi.c

-diff --git a/certs/system_keyring.c b/certs/system_keyring.c
-index 787eeead2f57..4d9123ed5c07 100644
--- a/certs/system_keyring.c
-+++ b/certs/system_keyring.c
-@@ -30,6 +30,19 @@ extern __initconst const u8 system_certificate_list[];
- extern __initconst const unsigned long system_certificate_list_size;
- 
- /**
-+ * get_system_keyring - Return a pointer to the system keyring
-+ *
-+ */
-+struct key *get_system_keyring(void)
-+{
-+	struct key *system_keyring = NULL;
-+
-+	system_keyring = builtin_trusted_keys;
-+	return system_keyring;
-+}
-+EXPORT_SYMBOL_GPL(get_system_keyring);
-+
-+/**
-  * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
-  *
-  * Restrict the addition of keys into a keyring based on the key-to-be-added
-diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
-index 5bc291a3d261..56ff5715ab67 100644
--- a/include/keys/system_keyring.h
-+++ b/include/keys/system_keyring.h
-@@ -36,6 +36,7 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
- #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
- extern struct key *system_blacklist_keyring;
- #endif
-+extern struct key *get_system_keyring(void);
- 
- #ifdef CONFIG_IMA_BLACKLIST_KEYRING
- extern struct key *ima_blacklist_keyring;
-diff --git a/init/Kconfig b/init/Kconfig
-index 461ad575a608..93646fd7b1c8 100644
--- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -2009,6 +2009,15 @@ config MODULE_SIG_ALL
- comment "Do not forget to sign required modules with scripts/sign-file"
- 	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
- 
-+config MODULE_SIG_UEFI
-+	bool "Allow modules signed with certs stored in UEFI"
-+	depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
-+	select EFI_SIGNATURE_LIST_PARSER
+diff --git a/certs/Kconfig b/certs/Kconfig
+index 630ae09..edf9f75 100644
+--- a/certs/Kconfig
+++ b/certs/Kconfig
+@@ -90,4 +90,20 @@ config EFI_SIGNATURE_LIST_PARSER
+ 	  This option provides support for parsing EFI signature lists for
+ 	  X.509 certificates and turning them into keys.
+
+config LOAD_UEFI_KEYS
+	bool "Load certs and blacklist from UEFI db for module checking"
+	depends on SYSTEM_BLACKLIST_KEYRING
+	depends on SECONDARY_TRUSTED_KEYRING
+	depends on EFI
+	depends on EFI_SIGNATURE_LIST_PARSER
 +	help
-+	  This will import certificates stored in UEFI and allow modules
-+	  signed with those to be loaded.  It will also disallow loading
-+	  of modules stored in the UEFI dbx variable.
+	  If the kernel is booted in secure boot mode, this option will cause
+	  the kernel to load the certificates from the UEFI db and MokListRT
+	  into the secondary trusted keyring.  It will also load any X.509
+	  SHA256 hashes in the dbx list into the blacklist.
 +
- choice
- 	prompt "Which hash algorithm should modules be signed with?"
- 	depends on MODULE_SIG
-diff --git a/kernel/Makefile b/kernel/Makefile
-index eb26e12c6c2a..e0c2268cb97e 100644
--- a/kernel/Makefile
-+++ b/kernel/Makefile
-@@ -57,6 +57,7 @@ endif
- obj-$(CONFIG_UID16) += uid16.o
- obj-$(CONFIG_MODULES) += module.o
- obj-$(CONFIG_MODULE_SIG) += module_signing.o
-+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
- obj-$(CONFIG_KALLSYMS) += kallsyms.o
- obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
- obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
-@@ -113,6 +114,8 @@ obj-$(CONFIG_MEMBARRIER) += membarrier.o
- 
- obj-$(CONFIG_HAS_IOMEM) += memremap.o
- 
-+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+	  The effect of this is that, if the kernel is booted in secure boot
+	  mode, modules signed with UEFI-stored keys will be permitted to be
+	  loaded and keys that match the blacklist will be rejected.
 +
- $(obj)/configs.o: $(obj)/config_data.h
- 
- targets += config_data.gz
-diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
+ endmenu
+diff --git a/certs/Makefile b/certs/Makefile
+index 738151a..a5e057a 100644
+--- a/certs/Makefile
+++ b/certs/Makefile
+@@ -11,6 +11,10 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
+ endif
+ obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
+
+obj-$(CONFIG_LOAD_UEFI_KEYS) += load_uefi.o
+$(obj)/load_uefi.o: KBUILD_CFLAGS += -fshort-wchar
+
+
+ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
+
+ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
 new file mode 100644
-index 000000000000..fe4a6f2bf10a
+index 0000000..b44e464
 --- /dev/null
-+++ b/kernel/modsign_uefi.c
-@@ -0,0 +1,99 @@
+++ b/certs/load_uefi.c
+@@ -0,0 +1,168 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/cred.h>
@ -117,14 +81,22 @@ index 000000000000..fe4a6f2bf10a
 +#include <linux/slab.h>
 +#include <keys/asymmetric-type.h>
 +#include <keys/system_keyring.h>
-+#include "module-internal.h"
+#include "internal.h"
 +
-+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
+static __initdata efi_guid_t efi_cert_x509_sha256_guid = EFI_CERT_X509_SHA256_GUID;
+static __initdata efi_guid_t efi_cert_sha256_guid = EFI_CERT_SHA256_GUID;
+
+/*
+ * Get a certificate list blob from the named EFI variable.
+ */
+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+				  unsigned long *size)
 +{
 +	efi_status_t status;
 +	unsigned long lsize = 4;
 +	unsigned long tmpdb[4];
-+	void *db = NULL;
+	void *db;
 +
 +	status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
 +	if (status != EFI_BUFFER_TOO_SMALL) {
@ -135,23 +107,89 @@ index 000000000000..fe4a6f2bf10a
 +	db = kmalloc(lsize, GFP_KERNEL);
 +	if (!db) {
 +		pr_err("Couldn't allocate memory for uefi cert list\n");
-+		goto out;
+		return NULL;
 +	}
 +
 +	status = efi.get_variable(name, guid, NULL, &lsize, db);
 +	if (status != EFI_SUCCESS) {
 +		kfree(db);
-+		db = NULL;
 +		pr_err("Error reading db var: 0x%lx\n", status);
+		return NULL;
 +	}
-+out:
+
 +	*size = lsize;
 +	return db;
 +}
 +
 +/*
-+ *  * Load the certs contained in the UEFI databases
-+ *   */
+ * Blacklist an X509 TBS hash.
+ */
+static __init void uefi_blacklist_x509_tbs(const char *source,
+					   const void *data, size_t len)
+{
+	char *hash, *p;
+
+	hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
+	if (!hash)
+		return;
+	p = memcpy(hash, "tbs:", 4);
+	p += 4;
+	bin2hex(p, data, len);
+	p += len * 2;
+	*p = 0;
+
+	mark_hash_blacklisted(hash);
+	kfree(hash);
+}
+
+/*
+ * Blacklist the hash of an executable.
+ */
+static __init void uefi_blacklist_binary(const char *source,
+					 const void *data, size_t len)
+{
+	char *hash, *p;
+
+	hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
+	if (!hash)
+		return;
+	p = memcpy(hash, "bin:", 4);
+	p += 4;
+	bin2hex(p, data, len);
+	p += len * 2;
+	*p = 0;
+
+	mark_hash_blacklisted(hash);
+	kfree(hash);
+}
+
+/*
+ * Return the appropriate handler for particular signature list types found in
+ * the UEFI db and MokListRT tables.
+ */
+static __init efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type)
+{
+	if (efi_guidcmp(*sig_type, efi_cert_x509_guid) == 0)
+		return add_trusted_secondary_key;
+	return 0;
+}
+
+/*
+ * Return the appropriate handler for particular signature list types found in
+ * the UEFI dbx and MokListXRT tables.
+ */
+static __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type)
+{
+	if (efi_guidcmp(*sig_type, efi_cert_x509_sha256_guid) == 0)
+		return uefi_blacklist_x509_tbs;
+	if (efi_guidcmp(*sig_type, efi_cert_sha256_guid) == 0)
+		return uefi_blacklist_binary;
+	return 0;
+}
+
+/*
+ * Load the certs contained in the UEFI databases
+ */
 +static int __init load_uefi_certs(void)
 +{
 +	efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
@ -159,17 +197,9 @@ index 000000000000..fe4a6f2bf10a
 +	void *db = NULL, *dbx = NULL, *mok = NULL;
 +	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
 +	int rc = 0;
-+	struct key *keyring = NULL;
 +
-+	/* Check if SB is enabled and just return if not */
-+	if (!efi_enabled(EFI_SECURE_BOOT))
-+		return 0;
-+
-+	keyring = get_system_keyring();
-+	if (!keyring) {
-+		pr_err("MODSIGN: Couldn't get system keyring\n");
-+		return -EINVAL;
-+	}
+	if (!efi.get_variable)
+		return false;
 +
 +	/* Get db, MokListRT, and dbx.  They might not exist, so it isn't
 +	 * an error if we can't get them.
@ -178,7 +208,8 @@ index 000000000000..fe4a6f2bf10a
 +	if (!db) {
 +		pr_err("MODSIGN: Couldn't get UEFI db list\n");
 +	} else {
-+		rc = parse_efi_signature_list(db, dbsize, keyring);
+		rc = parse_efi_signature_list("UEFI:db",
+					      db, dbsize, get_handler_for_db);
 +		if (rc)
 +			pr_err("Couldn't parse db signatures: %d\n", rc);
 +		kfree(db);
@ -188,7 +219,8 @@ index 000000000000..fe4a6f2bf10a
 +	if (!mok) {
 +		pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
 +	} else {
-+		rc = parse_efi_signature_list(mok, moksize, keyring);
+		rc = parse_efi_signature_list("UEFI:MokListRT",
+					      mok, moksize, get_handler_for_db);
 +		if (rc)
 +			pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
 +		kfree(mok);
@ -198,8 +230,9 @@ index 000000000000..fe4a6f2bf10a
 +	if (!dbx) {
 +		pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
 +	} else {
-+		rc = parse_efi_signature_list(dbx, dbxsize,
-+			system_blacklist_keyring);
+		rc = parse_efi_signature_list("UEFI:dbx",
+					      dbx, dbxsize,
+					      get_handler_for_dbx);
 +		if (rc)
 +			pr_err("Couldn't parse dbx signatures: %d\n", rc);
 +		kfree(dbx);
--- a/MODSIGN-Support-not-importing-certs-from-db.patch
+++ b/MODSIGN-Support-not-importing-certs-from-db.patch
@ -1,62 +1,62 @@
-From 9d2e5c61d5adcf7911f67ed44a1b0ff881f175bb Mon Sep 17 00:00:00 2001
+From 9f1958a0cc911e1f79b2733ee5029dbd819ff328 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Thu, 3 Oct 2013 10:14:23 -0400
-Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
+Date: Fri, 5 May 2017 08:21:59 +0100
+Subject: [PATCH 4/4] MODSIGN: Allow the "db" UEFI variable to be suppressed

 If a user tells shim to not use the certs/hashes in the UEFI db variable
-for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
-Have the uefi import code look for this and not import things from the db
-variable.
+for verification purposes, shim will set a UEFI variable called
+MokIgnoreDB.  Have the uefi import code look for this and ignore the db
+variable if it is found.

 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
- 1 file changed, 31 insertions(+), 9 deletions(-)
+ certs/load_uefi.c | 44 ++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 34 insertions(+), 10 deletions(-)

-diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
-index fe4a6f2bf10a..a41da14b1ffd 100644
--- a/kernel/modsign_uefi.c
-+++ b/kernel/modsign_uefi.c
-@@ -8,6 +8,23 @@
- #include <keys/system_keyring.h>
- #include "module-internal.h"
- 
-+static __init int check_ignore_db(void)
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index b44e464..3d88459 100644
+--- a/certs/load_uefi.c
+++ b/certs/load_uefi.c
+@@ -13,6 +13,26 @@ static __initdata efi_guid_t efi_cert_x509_sha256_guid = EFI_CERT_X509_SHA256_GU
+ static __initdata efi_guid_t efi_cert_sha256_guid = EFI_CERT_SHA256_GUID;
+
+ /*
+ * Look to see if a UEFI variable called MokIgnoreDB exists and return true if
+ * it does.
+ *
+ * This UEFI variable is set by the shim if a user tells the shim to not use
+ * the certs/hashes in the UEFI db variable for verification purposes.  If it
+ * is set, we should ignore the db variable also and the true return indicates
+ * this.
+ */
+static __init bool uefi_check_ignore_db(void)
 +{
 +	efi_status_t status;
 +	unsigned int db = 0;
 +	unsigned long size = sizeof(db);
 +	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
 +
-+	/* Check and see if the MokIgnoreDB variable exists.  If that fails
-+	 * then we don't ignore DB.  If it succeeds, we do.
-+	 */
 +	status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
-+	if (status != EFI_SUCCESS)
-+		return 0;
-+
-+	return 1;
+	return status == EFI_SUCCESS;
 +}
 +
- static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
+/*
+  * Get a certificate list blob from the named EFI variable.
+  */
+ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+@@ -113,7 +133,9 @@ static __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_ty
+ }
+
+ /*
+- * Load the certs contained in the UEFI databases
+ * Load the certs contained in the UEFI databases into the secondary trusted
+ * keyring and the UEFI blacklisted X.509 cert SHA256 hashes into the blacklist
+ * keyring.
+  */
+ static int __init load_uefi_certs(void)
 {
- 	efi_status_t status;
-@@ -47,7 +64,7 @@ static int __init load_uefi_certs(void)
- 	efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
- 	void *db = NULL, *dbx = NULL, *mok = NULL;
- 	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
-	int rc = 0;
-+	int ignore_db, rc = 0;
- 	struct key *keyring = NULL;
- 
- 	/* Check if SB is enabled and just return if not */
-@@ -60,17 +77,22 @@ static int __init load_uefi_certs(void)
- 		return -EINVAL;
- 	}
- 
-+	/* See if the user has setup Ignore DB mode */
-+	ignore_db = check_ignore_db();
-+
+@@ -129,15 +151,17 @@ static int __init load_uefi_certs(void)
 	/* Get db, MokListRT, and dbx.  They might not exist, so it isn't
 	 * an error if we can't get them.
 	 */
@ -64,22 +64,24 @@ index fe4a6f2bf10a..a41da14b1ffd 100644
 -	if (!db) {
 -		pr_err("MODSIGN: Couldn't get UEFI db list\n");
 -	} else {
-		rc = parse_efi_signature_list(db, dbsize, keyring);
+-		rc = parse_efi_signature_list("UEFI:db",
+-					      db, dbsize, get_handler_for_db);
 -		if (rc)
 -			pr_err("Couldn't parse db signatures: %d\n", rc);
 -		kfree(db);
-+	if (!ignore_db) {
+	if (!uefi_check_ignore_db()) {
 +		db = get_cert_list(L"db", &secure_var, &dbsize);
 +		if (!db) {
 +			pr_err("MODSIGN: Couldn't get UEFI db list\n");
 +		} else {
-+			rc = parse_efi_signature_list(db, dbsize, keyring);
+			rc = parse_efi_signature_list("UEFI:db",
+						      db, dbsize, get_handler_for_db);
 +			if (rc)
 +				pr_err("Couldn't parse db signatures: %d\n", rc);
 +			kfree(db);
 +		}
 	}
- 
+
 	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
 -- 
 2.9.3
--- a/arm-imx6-hummingboard2.patch
+++ b/arm-imx6-hummingboard2.patch
@ -26,21 +26,21 @@ index 011808490fed..ccdff6650541 100644
 --- a/arch/arm/boot/dts/Makefile
 +++ b/arch/arm/boot/dts/Makefile
@@ -353,6 +353,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
- 	imx6dl-gw552x.dtb \
- 	imx6dl-gw553x.dtb \
+ 	imx6dl-gw5903.dtb \
+ 	imx6dl-gw5904.dtb \
 	imx6dl-hummingboard.dtb \
 +	imx6dl-hummingboard2.dtb \
 	imx6dl-icore.dtb \
 	imx6dl-icore-rqs.dtb \
 	imx6dl-nit6xlite.dtb \
@@ -397,6 +398,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
- 	imx6q-gw553x.dtb \
+ 	imx6q-gw5904.dtb \
 	imx6q-h100.dtb \
 	imx6q-hummingboard.dtb \
 +	imx6q-hummingboard2.dtb \
 	imx6q-icore.dtb \
- 	imx6q-icore-rqs.dtb \
- 	imx6q-marsboard.dtb \
+ 	imx6q-icore-ofcap10.dtb \
+ 	imx6q-icore-ofcap12.dtb \
 diff --git a/arch/arm/boot/dts/imx6dl-hummingboard2.dts b/arch/arm/boot/dts/imx6dl-hummingboard2.dts
 new file mode 100644
 index 000000000000..990b5050de5b
--- a/arm-rk3288-tinker.patch
+++ b/arm-rk3288-tinker.patch
@ -1,573 +0,0 @@
-From 223599514133293bb9afe7b82937140c3b275877 Mon Sep 17 00:00:00 2001
-From: Eddie Cai <eddie.cai.linux@gmail.com>
-Date: Tue, 14 Feb 2017 18:07:31 +0800
-Subject: ARM: dts: rockchip: add dts for RK3288-Tinker board
-
-This patch add basic support for RK3288-Tinker board. We can boot in to rootfs
-with this patch.
-
-Signed-off-by: Eddie Cai <eddie.cai.linux@gmail.com>
-Signed-off-by: Heiko Stuebner <heiko@sntech.de>
---
- arch/arm/boot/dts/Makefile          |   1 +
- arch/arm/boot/dts/rk3288-tinker.dts | 536 ++++++++++++++++++++++++++++++++++++
- 2 files changed, 537 insertions(+)
- create mode 100644 arch/arm/boot/dts/rk3288-tinker.dts
-
-diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
-index 0118084..fb46849 100644
--- a/arch/arm/boot/dts/Makefile
-+++ b/arch/arm/boot/dts/Makefile
-@@ -695,6 +695,7 @@ dtb-$(CONFIG_ARCH_ROCKCHIP) += \
- 	rk3288-popmetal.dtb \
- 	rk3288-r89.dtb \
- 	rk3288-rock2-square.dtb \
-+	rk3288-tinker.dtb \
- 	rk3288-veyron-brain.dtb \
- 	rk3288-veyron-jaq.dtb \
- 	rk3288-veyron-jerry.dtb \
-diff --git a/arch/arm/boot/dts/rk3288-tinker.dts b/arch/arm/boot/dts/rk3288-tinker.dts
-new file mode 100644
-index 0000000..f601c78
--- /dev/null
-+++ b/arch/arm/boot/dts/rk3288-tinker.dts
-@@ -0,0 +1,536 @@
-+/*
-+ * Copyright (c) 2017 Fuzhou Rockchip Electronics Co., Ltd.
-+ *
-+ * This file is dual-licensed: you can use it either under the terms
-+ * of the GPL or the X11 license, at your option. Note that this dual
-+ * licensing only applies to this file, and not this project as a
-+ * whole.
-+ *
-+ *  a) This file is free software; you can redistribute it and/or
-+ *     modify it under the terms of the GNU General Public License as
-+ *     published by the Free Software Foundation; either version 2 of the
-+ *     License, or (at your option) any later version.
-+ *
-+ *     This file is distributed in the hope that it will be useful,
-+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ *     GNU General Public License for more details.
-+ *
-+ * Or, alternatively,
-+ *
-+ *  b) Permission is hereby granted, free of charge, to any person
-+ *     obtaining a copy of this software and associated documentation
-+ *     files (the "Software"), to deal in the Software without
-+ *     restriction, including without limitation the rights to use,
-+ *     copy, modify, merge, publish, distribute, sublicense, and/or
-+ *     sell copies of the Software, and to permit persons to whom the
-+ *     Software is furnished to do so, subject to the following
-+ *     conditions:
-+ *
-+ *     The above copyright notice and this permission notice shall be
-+ *     included in all copies or substantial portions of the Software.
-+ *
-+ *     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-+ *     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-+ *     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-+ *     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-+ *     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-+ *     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+ *     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-+ *     OTHER DEALINGS IN THE SOFTWARE.
-+ */
-+
-+/dts-v1/;
-+
-+#include "rk3288.dtsi"
-+#include <dt-bindings/input/input.h>
-+
-+/ {
-+	model = "Rockchip RK3288 Tinker Board";
-+	compatible = "asus,rk3288-tinker", "rockchip,rk3288";
-+
-+	memory {
-+		reg = <0x0 0x80000000>;
-+		device_type = "memory";
-+	};
-+
-+	ext_gmac: external-gmac-clock {
-+		compatible = "fixed-clock";
-+		#clock-cells = <0>;
-+		clock-frequency = <125000000>;
-+		clock-output-names = "ext_gmac";
-+	};
-+
-+	gpio-keys {
-+		compatible = "gpio-keys";
-+		#address-cells = <1>;
-+		#size-cells = <0>;
-+		autorepeat;
-+
-+		pinctrl-names = "default";
-+		pinctrl-0 = <&pwrbtn>;
-+
-+		button@0 {
-+			gpios = <&gpio0 RK_PA5 GPIO_ACTIVE_LOW>;
-+			linux,code = <KEY_POWER>;
-+			label = "GPIO Key Power";
-+			linux,input-type = <1>;
-+			wakeup-source;
-+			debounce-interval = <100>;
-+		};
-+	};
-+
-+	gpio-leds {
-+		compatible = "gpio-leds";
-+
-+		act-led {
-+			gpios=<&gpio1 RK_PD0 GPIO_ACTIVE_HIGH>;
-+			linux,default-trigger="mmc0";
-+		};
-+
-+		heartbeat-led {
-+			gpios=<&gpio1 RK_PD1 GPIO_ACTIVE_HIGH>;
-+			linux,default-trigger="heartbeat";
-+		};
-+
-+		pwr-led {
-+			gpios = <&gpio0 RK_PA3 GPIO_ACTIVE_HIGH>;
-+			linux,default-trigger = "default-on";
-+		};
-+	};
-+
-+	sound {
-+		compatible = "simple-audio-card";
-+		simple-audio-card,format = "i2s";
-+		simple-audio-card,name = "rockchip,tinker-codec";
-+		simple-audio-card,mclk-fs = <512>;
-+
-+		simple-audio-card,codec {
-+			sound-dai = <&hdmi>;
-+		};
-+
-+		simple-audio-card,cpu {
-+			sound-dai = <&i2s>;
-+		};
-+	};
-+
-+	vcc_sys: vsys-regulator {
-+		compatible = "regulator-fixed";
-+		regulator-name = "vcc_sys";
-+		regulator-min-microvolt = <5000000>;
-+		regulator-max-microvolt = <5000000>;
-+		regulator-always-on;
-+		regulator-boot-on;
-+	};
-+
-+	vcc_sd: sdmmc-regulator {
-+		compatible = "regulator-fixed";
-+		gpio = <&gpio7 11 GPIO_ACTIVE_LOW>;
-+		pinctrl-names = "default";
-+		pinctrl-0 = <&sdmmc_pwr>;
-+		regulator-name = "vcc_sd";
-+		regulator-min-microvolt = <3300000>;
-+		regulator-max-microvolt = <3300000>;
-+		startup-delay-us = <100000>;
-+		vin-supply = <&vcc_io>;
-+	};
-+};
-+
-+&cpu0 {
-+	cpu0-supply = <&vdd_cpu>;
-+};
-+
-+&gmac {
-+	assigned-clocks = <&cru SCLK_MAC>;
-+	assigned-clock-parents = <&ext_gmac>;
-+	clock_in_out = "input";
-+	phy-mode = "rgmii";
-+	phy-supply = <&vcc33_lan>;
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&rgmii_pins>;
-+	snps,reset-gpio = <&gpio4 7 0>;
-+	snps,reset-active-low;
-+	snps,reset-delays-us = <0 10000 1000000>;
-+	tx_delay = <0x30>;
-+	rx_delay = <0x10>;
-+	status = "ok";
-+};
-+
-+&hdmi {
-+	ddc-i2c-bus = <&i2c5>;
-+	status = "okay";
-+};
-+
-+&i2c0 {
-+	clock-frequency = <400000>;
-+	status = "okay";
-+
-+	rk808: pmic@1b {
-+		compatible = "rockchip,rk808";
-+		reg = <0x1b>;
-+		interrupt-parent = <&gpio0>;
-+		interrupts = <4 IRQ_TYPE_LEVEL_LOW>;
-+		#clock-cells = <1>;
-+		clock-output-names = "xin32k", "rk808-clkout2";
-+		dvs-gpios = <&gpio0 11 GPIO_ACTIVE_HIGH>,
-+				<&gpio0 12 GPIO_ACTIVE_HIGH>;
-+		pinctrl-names = "default";
-+		pinctrl-0 = <&pmic_int &global_pwroff &dvs_1 &dvs_2>;
-+		rockchip,system-power-controller;
-+		wakeup-source;
-+
-+		vcc1-supply = <&vcc_sys>;
-+		vcc2-supply = <&vcc_sys>;
-+		vcc3-supply = <&vcc_sys>;
-+		vcc4-supply = <&vcc_sys>;
-+		vcc6-supply = <&vcc_sys>;
-+		vcc7-supply = <&vcc_sys>;
-+		vcc8-supply = <&vcc_io>;
-+		vcc9-supply = <&vcc_io>;
-+		vcc10-supply = <&vcc_io>;
-+		vcc11-supply = <&vcc_sys>;
-+		vcc12-supply = <&vcc_io>;
-+		vddio-supply = <&vcc_io>;
-+
-+		regulators {
-+			vdd_cpu: DCDC_REG1 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <750000>;
-+				regulator-max-microvolt = <1350000>;
-+				regulator-name = "vdd_arm";
-+				regulator-ramp-delay = <6000>;
-+				regulator-state-mem {
-+					regulator-off-in-suspend;
-+				};
-+			};
-+
-+			vdd_gpu: DCDC_REG2 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <850000>;
-+				regulator-max-microvolt = <1250000>;
-+				regulator-name = "vdd_gpu";
-+				regulator-ramp-delay = <6000>;
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1000000>;
-+				};
-+			};
-+
-+			vcc_ddr: DCDC_REG3 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-name = "vcc_ddr";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+				};
-+			};
-+
-+			vcc_io: DCDC_REG4 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <3300000>;
-+				regulator-max-microvolt = <3300000>;
-+				regulator-name = "vcc_io";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <3300000>;
-+				};
-+			};
-+
-+			vcc18_ldo1: LDO_REG1 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc18_ldo1";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vcc33_mipi: LDO_REG2 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <3300000>;
-+				regulator-max-microvolt = <3300000>;
-+				regulator-name = "vcc33_mipi";
-+				regulator-state-mem {
-+					regulator-off-in-suspend;
-+				};
-+			};
-+
-+			vdd_10: LDO_REG3 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1000000>;
-+				regulator-max-microvolt = <1000000>;
-+				regulator-name = "vdd_10";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1000000>;
-+				};
-+			};
-+
-+			vcc18_codec: LDO_REG4 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc18_codec";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vccio_sd: LDO_REG5 {
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <3300000>;
-+				regulator-name = "vccio_sd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <3300000>;
-+				};
-+			};
-+
-+			vdd10_lcd: LDO_REG6 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1000000>;
-+				regulator-max-microvolt = <1000000>;
-+				regulator-name = "vdd10_lcd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1000000>;
-+				};
-+			};
-+
-+			vcc_18: LDO_REG7 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc_18";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vcc18_lcd: LDO_REG8 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc18_lcd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vcc33_sd: SWITCH_REG1 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-name = "vcc33_sd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+				};
-+			};
-+
-+			vcc33_lan: SWITCH_REG2 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-name = "vcc33_lan";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+				};
-+			};
-+		};
-+	};
-+};
-+
-+&i2c2 {
-+	status = "okay";
-+};
-+
-+&i2c5 {
-+	status = "okay";
-+};
-+
-+&i2s {
-+	#sound-dai-cells = <0>;
-+	status = "okay";
-+};
-+
-+&io_domains {
-+	status = "okay";
-+
-+	sdcard-supply = <&vccio_sd>;
-+};
-+
-+&pinctrl {
-+	pcfg_pull_none_drv_8ma: pcfg-pull-none-drv-8ma {
-+		drive-strength = <8>;
-+	};
-+
-+	pcfg_pull_up_drv_8ma: pcfg-pull-up-drv-8ma {
-+		bias-pull-up;
-+		drive-strength = <8>;
-+	};
-+
-+	backlight {
-+		bl_en: bl-en {
-+			rockchip,pins = <7 2 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+
-+	buttons {
-+		pwrbtn: pwrbtn {
-+			rockchip,pins = <0 5 RK_FUNC_GPIO &pcfg_pull_up>;
-+		};
-+	};
-+
-+	eth_phy {
-+		eth_phy_pwr: eth-phy-pwr {
-+			rockchip,pins = <0 6 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+
-+	pmic {
-+		pmic_int: pmic-int {
-+			rockchip,pins = <RK_GPIO0 4 RK_FUNC_GPIO \
-+					&pcfg_pull_up>;
-+		};
-+
-+		dvs_1: dvs-1 {
-+			rockchip,pins = <RK_GPIO0 11 RK_FUNC_GPIO \
-+					&pcfg_pull_down>;
-+		};
-+
-+		dvs_2: dvs-2 {
-+			rockchip,pins = <RK_GPIO0 12 RK_FUNC_GPIO \
-+					&pcfg_pull_down>;
-+		};
-+	};
-+
-+	sdmmc {
-+		sdmmc_bus4: sdmmc-bus4 {
-+			rockchip,pins = <6 16 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
-+					<6 17 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
-+					<6 18 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
-+					<6 19 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
-+		};
-+
-+		sdmmc_clk: sdmmc-clk {
-+			rockchip,pins = <6 20 RK_FUNC_1 \
-+					&pcfg_pull_none_drv_8ma>;
-+		};
-+
-+		sdmmc_cmd: sdmmc-cmd {
-+			rockchip,pins = <6 21 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
-+		};
-+
-+		sdmmc_pwr: sdmmc-pwr {
-+			rockchip,pins = <7 11 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+
-+	usb {
-+		host_vbus_drv: host-vbus-drv {
-+			rockchip,pins = <0 14 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+
-+		pwr_3g: pwr-3g {
-+			rockchip,pins = <7 8 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+};
-+
-+&pwm0 {
-+	status = "okay";
-+};
-+
-+&saradc {
-+	vref-supply = <&vcc18_ldo1>;
-+	status ="okay";
-+};
-+
-+&sdmmc {
-+	bus-width = <4>;
-+	cap-mmc-highspeed;
-+	cap-sd-highspeed;
-+	card-detect-delay = <200>;
-+	disable-wp;			/* wp not hooked up */
-+	num-slots = <1>;
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>;
-+	status = "okay";
-+	vmmc-supply = <&vcc33_sd>;
-+	vqmmc-supply = <&vccio_sd>;
-+};
-+
-+&tsadc {
-+	rockchip,hw-tshut-mode = <1>; /* tshut mode 0:CRU 1:GPIO */
-+	rockchip,hw-tshut-polarity = <1>; /* tshut polarity 0:LOW 1:HIGH */
-+	status = "okay";
-+};
-+
-+&uart0 {
-+	status = "okay";
-+};
-+
-+&uart1 {
-+	status = "okay";
-+};
-+
-+&uart2 {
-+	status = "okay";
-+};
-+
-+&uart3 {
-+	status = "okay";
-+};
-+
-+&uart4 {
-+	status = "okay";
-+};
-+
-+&usbphy {
-+	status = "okay";
-+};
-+
-+&usb_host0_ehci {
-+	status = "okay";
-+};
-+
-+&usb_host1 {
-+	status = "okay";
-+};
-+
-+&usb_otg {
-+	status= "okay";
-+};
-+
-+&vopb {
-+	status = "okay";
-+};
-+
-+&vopb_mmu {
-+	status = "okay";
-+};
-+
-+&vopl {
-+	status = "okay";
-+};
-+
-+&vopl_mmu {
-+	status = "okay";
-+};
-+
-+&wdt {
-+	status = "okay";
-+};
-- 
-cgit v1.1
-
--- a/arm64-hikey-fixes.patch
+++ b/arm64-hikey-fixes.patch
@ -1,77 +0,0 @@
-From patchwork Sat Apr  8 07:18:40 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: reset: hi6220: Set module license so that it can be loaded
-From: Jeremy Linton <lintonrjeremy@gmail.com>
-X-Patchwork-Id: 9670985
-Message-Id: <20170408071840.29380-1-lintonrjeremy@gmail.com>
-To: linux-kernel@vger.kernel.org
-Cc: p.zabel@pengutronix.de, saberlily.xia@hisilicon.com,
- puck.chen@hisilicon.com, xinliang.liu@linaro.org,
- Jeremy Linton <lintonrjeremy@gmail.com>
-Date: Sat,  8 Apr 2017 02:18:40 -0500
-
-The hi6220_reset driver can be built as a standalone module
-yet it cannot be loaded because it depends on GPL exported symbols.
-
-Lets set the module license so that the module loads, and things like
-the on-board kirin drm starts working.
-
-Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
-reviewed-by: Xinliang Liu <xinliang.liu@linaro.org>
---
- drivers/reset/hisilicon/hi6220_reset.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c
-index 35ce53e..d5e5229 100644
--- a/drivers/reset/hisilicon/hi6220_reset.c
-+++ b/drivers/reset/hisilicon/hi6220_reset.c
-@@ -155,3 +155,5 @@ static int __init hi6220_reset_init(void)
- }
- 
- postcore_initcall(hi6220_reset_init);
-+
-+MODULE_LICENSE("GPL v2");
-From patchwork Mon Apr  3 05:28:42 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: [v2,1/2] regulator: hi655x: Describe consumed platform device
-From: Jeremy Linton <lintonrjeremy@gmail.com>
-X-Patchwork-Id: 9658793
-Message-Id: <20170403052843.12711-2-lintonrjeremy@gmail.com>
-To: linux-kernel@vger.kernel.org
-Cc: broonie@kernel.org, lgirdwood@gmail.com, puck.chen@hisilicon.com,
- lee.jones@linaro.org, Jeremy Linton <lintonrjeremy@gmail.com>
-Date: Mon,  3 Apr 2017 00:28:42 -0500
-
-The hi655x-regulator driver consumes a similarly named platform device.
-Adding that to the module device table, allows modprobe to locate this
-driver once the device is created.
-
-Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
---
- drivers/regulator/hi655x-regulator.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/regulator/hi655x-regulator.c b/drivers/regulator/hi655x-regulator.c
-index 065c100..36ae54b 100644
--- a/drivers/regulator/hi655x-regulator.c
-+++ b/drivers/regulator/hi655x-regulator.c
-@@ -214,7 +214,14 @@ static int hi655x_regulator_probe(struct platform_device *pdev)
- 	return 0;
- }
- 
-+static const struct platform_device_id hi655x_regulator_table[] = {
-+	{ .name = "hi655x-regulator" },
-+	{},
-+};
-+MODULE_DEVICE_TABLE(platform, hi655x_regulator_table);
-+
- static struct platform_driver hi655x_regulator_driver = {
-+	.id_table = hi655x_regulator_table,
- 	.driver = {
- 		.name	= "hi655x-regulator",
- 	},
--- a/baseconfig/CONFIG_ADXL345_I2C
+++ b/baseconfig/CONFIG_ADXL345_I2C
@ -0,0 +1 @@
+# CONFIG_ADXL345_I2C is not set
--- a/baseconfig/CONFIG_ADXL345_SPI
+++ b/baseconfig/CONFIG_ADXL345_SPI
@ -0,0 +1 @@
+# CONFIG_ADXL345_SPI is not set
--- a/baseconfig/CONFIG_ARM64_ERRATUM_858921
+++ b/baseconfig/CONFIG_ARM64_ERRATUM_858921
@ -0,0 +1 @@
+CONFIG_ARM64_ERRATUM_858921=y
--- a/baseconfig/CONFIG_B43LEGACY_DEBUG
+++ b/baseconfig/CONFIG_B43LEGACY_DEBUG
@ -1 +1 @@
-CONFIG_B43LEGACY_DEBUG=y
+# CONFIG_B43LEGACY_DEBUG is not set
--- a/baseconfig/CONFIG_B43_DEBUG
+++ b/baseconfig/CONFIG_B43_DEBUG
@ -1 +1 @@
-CONFIG_B43_DEBUG=y
+# CONFIG_B43_DEBUG is not set
--- a/baseconfig/CONFIG_BACKLIGHT_ARCXCNN
+++ b/baseconfig/CONFIG_BACKLIGHT_ARCXCNN
@ -0,0 +1 @@
+CONFIG_BACKLIGHT_ARCXCNN=m
--- a/baseconfig/CONFIG_BATTERY_LEGO_EV3
+++ b/baseconfig/CONFIG_BATTERY_LEGO_EV3
@ -0,0 +1 @@
+# CONFIG_BATTERY_LEGO_EV3 is not set
--- a/baseconfig/CONFIG_BCM_FLEXRM_MBOX
+++ b/baseconfig/CONFIG_BCM_FLEXRM_MBOX
@ -0,0 +1 @@
+# CONFIG_BCM_FLEXRM_MBOX is not set
--- a/baseconfig/CONFIG_BFQ_GROUP_IOSCHED
+++ b/baseconfig/CONFIG_BFQ_GROUP_IOSCHED
@ -0,0 +1 @@
+CONFIG_BFQ_GROUP_IOSCHED=y
--- a/baseconfig/CONFIG_BLK_DEV_HD
+++ b/baseconfig/CONFIG_BLK_DEV_HD
@ -1 +0,0 @@
-# CONFIG_BLK_DEV_HD is not set
--- a/baseconfig/CONFIG_BLK_DEV_THROTTLING_LOW
+++ b/baseconfig/CONFIG_BLK_DEV_THROTTLING_LOW
@ -0,0 +1 @@
+# CONFIG_BLK_DEV_THROTTLING_LOW is not set
--- a/baseconfig/CONFIG_BT_HCIUART_SERDEV
+++ b/baseconfig/CONFIG_BT_HCIUART_SERDEV
@ -0,0 +1 @@
+CONFIG_BT_HCIUART_SERDEV=y
--- a/baseconfig/CONFIG_BT_QCOMSMD
+++ b/baseconfig/CONFIG_BT_QCOMSMD
@ -1 +0,0 @@
-# CONFIG_BT_QCOMSMD is not set
--- a/baseconfig/CONFIG_CAN_HI311X
+++ b/baseconfig/CONFIG_CAN_HI311X
@ -0,0 +1 @@
+CONFIG_CAN_HI311X=m
--- a/baseconfig/CONFIG_CAN_MCBA_USB
+++ b/baseconfig/CONFIG_CAN_MCBA_USB
@ -0,0 +1 @@
+CONFIG_CAN_MCBA_USB=m
--- a/baseconfig/CONFIG_CAN_PEAK_PCIEFD
+++ b/baseconfig/CONFIG_CAN_PEAK_PCIEFD
@ -0,0 +1 @@
+CONFIG_CAN_PEAK_PCIEFD=m
--- a/baseconfig/CONFIG_CAN_VXCAN
+++ b/baseconfig/CONFIG_CAN_VXCAN
@ -0,0 +1 @@
+CONFIG_CAN_VXCAN=m
--- a/baseconfig/CONFIG_CEC_PLATFORM_DRIVERS
+++ b/baseconfig/CONFIG_CEC_PLATFORM_DRIVERS
@ -0,0 +1 @@
+CONFIG_CEC_PLATFORM_DRIVERS=y
--- a/baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT
+++ b/baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT
@ -1 +1 @@
-# CONFIG_CROS_KBD_LED_BACKLIGHT is not set
+CONFIG_CROS_KBD_LED_BACKLIGHT=m
--- a/baseconfig/CONFIG_CRYPTO_DEV_CCREE
+++ b/baseconfig/CONFIG_CRYPTO_DEV_CCREE
@ -0,0 +1 @@
+# CONFIG_CRYPTO_DEV_CCREE is not set
--- a/baseconfig/CONFIG_CRYPTO_DH
+++ b/baseconfig/CONFIG_CRYPTO_DH
@ -1 +1 @@
-CONFIG_CRYPTO_DH=m
+CONFIG_CRYPTO_DH=y
--- a/baseconfig/CONFIG_DM_INTEGRITY
+++ b/baseconfig/CONFIG_DM_INTEGRITY
@ -0,0 +1 @@
+CONFIG_DM_INTEGRITY=m
--- a/baseconfig/CONFIG_DRM_DW_HDMI_AHB_AUDIO
+++ b/baseconfig/CONFIG_DRM_DW_HDMI_AHB_AUDIO
@ -0,0 +1 @@
+# CONFIG_DRM_DW_HDMI_AHB_AUDIO is not set
--- a/baseconfig/CONFIG_DRM_DW_HDMI_I2S_AUDIO
+++ b/baseconfig/CONFIG_DRM_DW_HDMI_I2S_AUDIO
@ -1 +1 @@
-CONFIG_DRM_DW_HDMI_I2S_AUDIO=m
+# CONFIG_DRM_DW_HDMI_I2S_AUDIO is not set
--- a/baseconfig/CONFIG_DRM_FBDEV_OVERALLOC
+++ b/baseconfig/CONFIG_DRM_FBDEV_OVERALLOC
@ -0,0 +1 @@
+CONFIG_DRM_FBDEV_OVERALLOC=100
--- a/baseconfig/CONFIG_DRM_LVDS_ENCODER
+++ b/baseconfig/CONFIG_DRM_LVDS_ENCODER
@ -0,0 +1 @@
+# CONFIG_DRM_LVDS_ENCODER is not set
--- a/baseconfig/CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW
+++ b/baseconfig/CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW
@ -0,0 +1 @@
+# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set
--- a/baseconfig/CONFIG_DRM_MXSFB
+++ b/baseconfig/CONFIG_DRM_MXSFB
@ -1 +1 @@
-CONFIG_DRM_MXSFB=m
+# CONFIG_DRM_MXSFB is not set
--- a/baseconfig/x86/CONFIG_DRM_PANEL_LG_LG4573
+++ b/baseconfig/x86/CONFIG_DRM_PANEL_LG_LG4573
--- a/baseconfig/CONFIG_DRM_PANEL_LVDS
+++ b/baseconfig/CONFIG_DRM_PANEL_LVDS
@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_LVDS is not set
--- a/baseconfig/x86/CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00
+++ b/baseconfig/x86/CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00
--- a/baseconfig/x86/CONFIG_DRM_PANEL_SAMSUNG_LD9040
+++ b/baseconfig/x86/CONFIG_DRM_PANEL_SAMSUNG_LD9040
--- a/baseconfig/CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2
+++ b/baseconfig/CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2
@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2 is not set
--- a/baseconfig/x86/i686/CONFIG_DRM_PANEL_SHARP_LQ101R1SX01
+++ b/baseconfig/x86/i686/CONFIG_DRM_PANEL_SHARP_LQ101R1SX01
--- a/baseconfig/x86/i686/CONFIG_DRM_PANEL_SHARP_LS043T1LE01
+++ b/baseconfig/x86/i686/CONFIG_DRM_PANEL_SHARP_LS043T1LE01
--- a/baseconfig/CONFIG_DRM_PANEL_SITRONIX_ST7789V
+++ b/baseconfig/CONFIG_DRM_PANEL_SITRONIX_ST7789V
@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set
--- a/baseconfig/CONFIG_DRM_RCAR_DW_HDMI
+++ b/baseconfig/CONFIG_DRM_RCAR_DW_HDMI
@ -0,0 +1 @@
+# CONFIG_DRM_RCAR_DW_HDMI is not set
--- a/baseconfig/CONFIG_EARLY_PRINTK_USB_XDBC
+++ b/baseconfig/CONFIG_EARLY_PRINTK_USB_XDBC
@ -0,0 +1 @@
+CONFIG_EARLY_PRINTK_USB_XDBC=y
--- a/baseconfig/CONFIG_EDAC_GHES
+++ b/baseconfig/CONFIG_EDAC_GHES
@ -0,0 +1 @@
+CONFIG_EDAC_GHES=y
--- a/baseconfig/CONFIG_EDAC_MM_EDAC
+++ b/baseconfig/CONFIG_EDAC_MM_EDAC
@ -1 +0,0 @@
-CONFIG_EDAC_MM_EDAC=m
--- a/baseconfig/CONFIG_GPIO_FTGPIO010
+++ b/baseconfig/CONFIG_GPIO_FTGPIO010
@ -0,0 +1 @@
+# CONFIG_GPIO_FTGPIO010 is not set
--- a/baseconfig/CONFIG_HD44780
+++ b/baseconfig/CONFIG_HD44780
@ -0,0 +1 @@
+CONFIG_HD44780=m
--- a/baseconfig/CONFIG_HID_ACCUTOUCH
+++ b/baseconfig/CONFIG_HID_ACCUTOUCH
@ -0,0 +1 @@
+CONFIG_HID_ACCUTOUCH=m
--- a/baseconfig/CONFIG_HID_NTI
+++ b/baseconfig/CONFIG_HID_NTI
@ -0,0 +1 @@
+CONFIG_HID_NTI=m
--- a/baseconfig/CONFIG_HID_SENSOR_HUMIDITY
+++ b/baseconfig/CONFIG_HID_SENSOR_HUMIDITY
@ -0,0 +1 @@
+CONFIG_HID_SENSOR_HUMIDITY=m
--- a/baseconfig/CONFIG_HID_SENSOR_TEMP
+++ b/baseconfig/CONFIG_HID_SENSOR_TEMP
@ -0,0 +1 @@
+CONFIG_HID_SENSOR_TEMP=m
--- a/baseconfig/CONFIG_I2C_MUX_LTC4306
+++ b/baseconfig/CONFIG_I2C_MUX_LTC4306
@ -0,0 +1 @@
+CONFIG_I2C_MUX_LTC4306=m
--- a/baseconfig/CONFIG_IEEE802154_CA8210
+++ b/baseconfig/CONFIG_IEEE802154_CA8210
@ -0,0 +1 @@
+CONFIG_IEEE802154_CA8210=m
--- a/baseconfig/CONFIG_IEEE802154_CA8210_DEBUGFS
+++ b/baseconfig/CONFIG_IEEE802154_CA8210_DEBUGFS
@ -0,0 +1 @@
+# CONFIG_IEEE802154_CA8210_DEBUGFS is not set
--- a/baseconfig/CONFIG_IIO_CROS_EC_SENSORS_COR
+++ b/baseconfig/CONFIG_IIO_CROS_EC_SENSORS_COR
@ -1 +0,0 @@
-CONFIG_IIO_CROS_EC_SENSORS_COR=m
--- a/baseconfig/CONFIG_INPUT_MMA8450
+++ b/baseconfig/CONFIG_INPUT_MMA8450
@ -1 +1 @@
-CONFIG_INPUT_MMA8450=m
+# CONFIG_INPUT_MMA8450 is not set
--- a/baseconfig/CONFIG_INPUT_MPU3050
+++ b/baseconfig/CONFIG_INPUT_MPU3050
@ -1 +0,0 @@
-CONFIG_INPUT_MPU3050=m
--- a/baseconfig/CONFIG_IOSCHED_BFQ
+++ b/baseconfig/CONFIG_IOSCHED_BFQ
@ -0,0 +1 @@
+CONFIG_IOSCHED_BFQ=m
--- a/baseconfig/CONFIG_IR_SIR
+++ b/baseconfig/CONFIG_IR_SIR
@ -0,0 +1 @@
+CONFIG_IR_SIR=m
--- a/baseconfig/CONFIG_JOYSTICK_PSXPAD_SPI
+++ b/baseconfig/CONFIG_JOYSTICK_PSXPAD_SPI
@ -0,0 +1 @@
+CONFIG_JOYSTICK_PSXPAD_SPI=m
--- a/baseconfig/CONFIG_JOYSTICK_PSXPAD_SPI_FF
+++ b/baseconfig/CONFIG_JOYSTICK_PSXPAD_SPI_FF
@ -0,0 +1 @@
+CONFIG_JOYSTICK_PSXPAD_SPI_FF=y
--- a/baseconfig/CONFIG_KEYBOARD_QT1070
+++ b/baseconfig/CONFIG_KEYBOARD_QT1070
@ -1 +1 @@
-# CONFIG_KEYBOARD_QT1070 is not set
+CONFIG_KEYBOARD_QT1070=m
--- a/baseconfig/CONFIG_LEDS_DELL_NETBOOKS
+++ b/baseconfig/CONFIG_LEDS_DELL_NETBOOKS
@ -1 +0,0 @@
-CONFIG_LEDS_DELL_NETBOOKS=m
--- a/baseconfig/CONFIG_LIRC_SASEM
+++ b/baseconfig/CONFIG_LIRC_SASEM
@ -1 +0,0 @@
-CONFIG_LIRC_SASEM=m
--- a/baseconfig/CONFIG_LOAD_UEFI_KEYS
+++ b/baseconfig/CONFIG_LOAD_UEFI_KEYS
@ -0,0 +1 @@
+# CONFIG_LOAD_UEFI_KEYS is not set
--- a/baseconfig/CONFIG_LTC2497
+++ b/baseconfig/CONFIG_LTC2497
@ -0,0 +1 @@
+# CONFIG_LTC2497 is not set
--- a/baseconfig/CONFIG_LTC2632
+++ b/baseconfig/CONFIG_LTC2632
@ -0,0 +1 @@
+# CONFIG_LTC2632 is not set
--- a/baseconfig/CONFIG_MAX1118
+++ b/baseconfig/CONFIG_MAX1118
@ -0,0 +1 @@
+# CONFIG_MAX1118 is not set
--- a/baseconfig/CONFIG_MAX1363
+++ b/baseconfig/CONFIG_MAX1363
@ -1 +1 @@
-# CONFIG_MAX1363 is not set
+CONFIG_MAX1363=m
--- a/baseconfig/CONFIG_MAX30102
+++ b/baseconfig/CONFIG_MAX30102
@ -0,0 +1 @@
+# CONFIG_MAX30102 is not set
--- a/baseconfig/CONFIG_MAX9611
+++ b/baseconfig/CONFIG_MAX9611
@ -0,0 +1 @@
+# CONFIG_MAX9611 is not set
--- a/baseconfig/CONFIG_MEDIA_CEC_RC
+++ b/baseconfig/CONFIG_MEDIA_CEC_RC
@ -0,0 +1 @@
+CONFIG_MEDIA_CEC_RC=y
--- a/baseconfig/CONFIG_MFD_CPCAP
+++ b/baseconfig/CONFIG_MFD_CPCAP
@ -1 +1 @@
-CONFIG_MFD_CPCAP=m
+# CONFIG_MFD_CPCAP is not set
--- a/baseconfig/CONFIG_MFD_EXYNOS_LPASS
+++ b/baseconfig/CONFIG_MFD_EXYNOS_LPASS
@ -1 +0,0 @@
-# CONFIG_MFD_EXYNOS_LPASS is not set
--- a/baseconfig/CONFIG_MFD_TI_LMU
+++ b/baseconfig/CONFIG_MFD_TI_LMU
@ -0,0 +1 @@
+# CONFIG_MFD_TI_LMU is not set
--- a/baseconfig/CONFIG_MLX5_CORE_IPOIB
+++ b/baseconfig/CONFIG_MLX5_CORE_IPOIB
@ -0,0 +1 @@
+CONFIG_MLX5_CORE_IPOIB=y
--- a/baseconfig/CONFIG_MMC_SDHCI_XENON
+++ b/baseconfig/CONFIG_MMC_SDHCI_XENON
@ -0,0 +1 @@
+CONFIG_MMC_SDHCI_XENON=m
--- a/baseconfig/CONFIG_MODULE_SIG_UEFI
+++ b/baseconfig/CONFIG_MODULE_SIG_UEFI
@ -1 +0,0 @@
-# CONFIG_MODULE_SIG_UEFI is not set
--- a/baseconfig/CONFIG_MPU3050_I2C
+++ b/baseconfig/CONFIG_MPU3050_I2C
@ -1 +1 @@
-# CONFIG_MPU3050_I2C is not set
+CONFIG_MPU3050_I2C=m
--- a/baseconfig/CONFIG_MQ_IOSCHED_KYBER
+++ b/baseconfig/CONFIG_MQ_IOSCHED_KYBER
@ -0,0 +1 @@
+CONFIG_MQ_IOSCHED_KYBER=m
--- a/baseconfig/CONFIG_NET_9P_XEN
+++ b/baseconfig/CONFIG_NET_9P_XEN
@ -0,0 +1 @@
+CONFIG_NET_9P_XEN=m
--- a/baseconfig/CONFIG_NET_DSA_LOOP
+++ b/baseconfig/CONFIG_NET_DSA_LOOP
@ -0,0 +1 @@
+CONFIG_NET_DSA_LOOP=m
--- a/baseconfig/CONFIG_NET_DSA_MT7530
+++ b/baseconfig/CONFIG_NET_DSA_MT7530
@ -0,0 +1 @@
+CONFIG_NET_DSA_MT7530=m
--- a/baseconfig/CONFIG_NET_DSA_SMSC_LAN9303_I2C
+++ b/baseconfig/CONFIG_NET_DSA_SMSC_LAN9303_I2C
@ -0,0 +1 @@
+CONFIG_NET_DSA_SMSC_LAN9303_I2C=m
--- a/baseconfig/CONFIG_NET_DSA_SMSC_LAN9303_MDIO
+++ b/baseconfig/CONFIG_NET_DSA_SMSC_LAN9303_MDIO
@ -0,0 +1 @@
+CONFIG_NET_DSA_SMSC_LAN9303_MDIO=m
--- a/baseconfig/CONFIG_NET_SCH_DEFAULT
+++ b/baseconfig/CONFIG_NET_SCH_DEFAULT
@ -0,0 +1 @@
+# CONFIG_NET_SCH_DEFAULT is not set
--- a/baseconfig/powerpc/CONFIG_NR_DEV_DAX
+++ b/baseconfig/powerpc/CONFIG_NR_DEV_DAX
--- a/baseconfig/CONFIG_PCI_ENDPOINT
+++ b/baseconfig/CONFIG_PCI_ENDPOINT
@ -0,0 +1 @@
+# CONFIG_PCI_ENDPOINT is not set
--- a/baseconfig/CONFIG_PCI_ENDPOINT_TEST
+++ b/baseconfig/CONFIG_PCI_ENDPOINT_TEST
@ -0,0 +1 @@
+# CONFIG_PCI_ENDPOINT_TEST is not set
--- a/baseconfig/CONFIG_PCI_MSI_IRQ_DOMAIN
+++ b/baseconfig/CONFIG_PCI_MSI_IRQ_DOMAIN
@ -0,0 +1 @@
+CONFIG_PCI_MSI_IRQ_DOMAIN=y
--- a/baseconfig/CONFIG_PCI_SW_SWITCHTEC
+++ b/baseconfig/CONFIG_PCI_SW_SWITCHTEC
@ -0,0 +1 @@
+CONFIG_PCI_SW_SWITCHTEC=m
--- a/baseconfig/CONFIG_PINCTRL_MSM8994
+++ b/baseconfig/CONFIG_PINCTRL_MSM8994
@ -1 +1 @@
-CONFIG_PINCTRL_MSM8994=m
+# CONFIG_PINCTRL_MSM8994 is not set
--- a/baseconfig/CONFIG_PINCTRL_TI_IODELAY
+++ b/baseconfig/CONFIG_PINCTRL_TI_IODELAY
@ -1 +0,0 @@
-# CONFIG_PINCTRL_TI_IODELAY is not set
--- a/baseconfig/CONFIG_RAS_CEC
+++ b/baseconfig/CONFIG_RAS_CEC
@ -0,0 +1 @@
+CONFIG_RAS_CEC=y
--- a/baseconfig/CONFIG_REGULATOR_CPCAP
+++ b/baseconfig/CONFIG_REGULATOR_CPCAP
@ -1 +0,0 @@
-CONFIG_REGULATOR_CPCAP=m
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set`
				`@ -0,0 +1 @@`
				`# CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2 is not set`
				`@ -0,0 +1 @@`
				`# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set`
				`@ -0,0 +1 @@`
				`# CONFIG_IEEE802154_CA8210_DEBUGFS is not set`